AirTags might not be ideal for tracking your kids, but they’ll likely help you fish your keys out of their latest hiding spot. But while they might help keep your things safe from being lost, but are they safe? Are Apple’s trackers one bad hack away from stealing your personal information?
AirTags can be hacked, but don’t worry about yours
These tiny, buttonless, display-less devices are perfectly capable of being weaponised against your privacy and security, thank you very much. But it isn’t your AirTags you should be worried about — at least not at this time. As we’ve recently learned, hackers can add their own malicious code to an AirTag that can allow them to change the website that appears in Lost Mode, with the goal of stealing the information of someone trying to return that lost tracker.
It’s quite sad, actually, because Lost Mode is supposed to be what AirTags are all about. When you misplace an AirTag or a device with an attached AirTag, you can place it in Lost Mode. If someone comes across that missing AirTag, they can scan it with their iPhone or Android device to get your contact info, as well as a https://found.apple.com link to help get the AirTag back.
When hackers get involved, however, they disrupt the entire process. Instead of showing you relevant, limited information that will help return your AirTag, they can choose to send the good samaritan to a malicious website, perhaps one posing as an official Apple login site. If the person who found the AirTag doesn’t know how the process works, they might think they need to sign in with their Apple credentials, giving these hackers their private Apple information. And that’s obviously no good.
Security consultant Bobby Rauch was the one to identify this issue. He quietly submitted it to Apple, giving them a 90-day window to fix the problem before he’d go public with it. Those 90 days came and went, and now we all now know about this AirTags vulnerability that you can see in action in the video here:
Apple says that a fix for this security flaw is on the way, but offered no timeline for it as of this writing. We’ll keep an eye out for any firmware updates that come down the line.
How can you keep yourself safe from AirTag hacking?
If you find a lost AirTag out and about, you don’t have to avoid it like the plague, you just need to know what to look out for. Remember, a legitimate AirTag in Lost Mode will offer contact information, as well as a link to https://found.apple.com. It will never ask you to log in, and it won’t ask for your personal information. If you see these types of requests on a lost AirTag, drop it and run.