A vulnerability has been discovered in Apple’s tracker Airtag that could put users at risk. A security researcher has found a way to transmit data to Airtag by mimicking the interaction between the device and the ‘Find My’ Network. If this discovery becomes widespread, users ‘ safety could be compromised and Airtag’s name permanently tarnished.
A vulnerability has been found in AirTag devices released by Apple last month that would allow sending messages. A security researcher has discovered that some data, including a message, can be sent thanks to the vulnerability in the ‘Find My’ Network the device uses. The researcher’s blog post on the subject has unsettled airtag owners.
Security researcher Fabian Bräunlein discovered that data can be exchanged with devices without an internet connection thanks to the ‘Find My’ Network, which AirTag devices use for location detection. Apparently, this situation, which Apple has not yet been able to Prevent, could lead to the free distribution of malware if it becomes widespread.
Interaction between ‘Find My’ and device can be emulated
Fabian Bräunlein of Positive Security published a blog post about the vulnerability found in Airtags. According to the article, the process of providing location information can be simulated by connecting AirTag devices to the ‘Find My’ Network. In this way, messages or other encrypted data can be sent to devices (IoT) capable of making connections without the internet.
It can be used for malicious purposes in the future
No regulations have yet been introduced to cover this gap. This vulnerability, which is currently a fun discovery, can be used for malicious purposes in the future. Apple can bring updates to cover the gap, or take advantage of this discovery to develop brand new features. We don’t know if this vulnerability is enough to keep you from getting AirTag.