Apple AirTag anti-stalking protection bypassed by researchers


When the Apple AirTag hit the market in 2021, it immediately attracted the attention of hackers and reverse engineers.

RELATED POSTS

Could AirTags be jailbroken? Could AirTags be simulated? Could the AirTag ecosystem be used for purposes beyond Apple’s own imagination (or at least beyond its intentions)?

We soon found ourselves writing up the answer to the “jailbreak” question, given that a researcher with the intriguing handle of LimitedResults figured out a way to subvert the chip used in the AirTag (an nRF52832 microcontroller, if you want to look it up) into booting up with debugging enabled:

Using this trick, another researcher going by ghidraninja was able not only to dump the AirTag firmware, but also to modify and reupload the firmware data, thus creating an unofficially modified but otherwise functional AirTag.

To prove the point, @ghidraninja altered just one text string inside an AirTag, modifying the URL found.apple.com so it pointed not at Apple’s lost device reporting portal, but at a YouTube video (you know what’s coming) of Rick Astley singing Never Gonna Give You Up.

Anyone finding hid ghidraninja’s AirTag and trying to report it lost

… Would get rickrolled instead.