Security researchers, YouTubers, and DIY enthusiasts seem to be having a great time with Apple AirTag. Recently a YouTuber showed how AirTag can be turned into a thin wallet that fits into your pocket. Meanwhile, a security researcher hacked AirTag and successfully modified its NFC URL. This time around, security researchers have used AirTag’s Find My network to send messages without Apple’s knowledge.
The security start by clarifying that this is not malware or an exploit. All they have done is taken advantage of the Find My network to send messages across devices. In other words, the Find My Network can be used to send short encoded messages between devices.
Positive Security, an IT security firm, says “it’s possible to upload arbitrary data from non-internet-connected devices” with the help of Find My broadcasts. Any Apple device in the vicinity can pick up the message and bounce it off to the recipient. It is very similar to how one can track items using AirTag.
Typically the location data obtained from Find My broadcast can only be decrypted with a private key in the paired Owner device. Positive Security’s blogpost reveals how one could “upload sensor readings or any data from IoT devices without a broadband modem, SIM card, data plan or WiFi connectivity.”
A properly configured device can broadcast Bluetooth LE signals similar to AirTag. Whenever an Apple device is nearby, it will accept and relay the signal. The post highlights how Amazon uses a similar network called “Sidewalk.” In this setup, the sensors can send data without the need for connectivity. Furthermore, the system can be used to “exfiltrate data from certain airgapped systems or Faraday caged rooms.”
The security researchers claim that there is no “technical reason” as to why users can have a limited number of AirTag. Apple claims that each Apple ID can support a maximum of 16 AirTags. However, it seems like Apple is currently not imposing the restrictions.
[via Positive Security]