Apple’s AirTag hacked, and its software reprogrammed in just 10 days of its launch

Apple‘s latest releases are subjected to strict security and privacy scrutiny to determine to what extent they can cause problems for users. One of the most analyzed devices in recent weeks is the Apple AirTag tracker, which many point out could become a powerful hacking tool.

This hypothesis could have been confirmed (or discarded) last weekend, as researchers at security firm Tile mention that the AirTag can in effect be rescheduled by a hacker. However, the results of this action could be disappointing for the cybercriminal community or governments looking to spy on an iPhone user.

Like any other smart device, the AirTag has a microcontroller in charge of its functions, either managing the battery or managing a Bluetooth connection. Researchers mention that this microcontroller is severely exposed to hacking, although again, this happens with virtually any electronic device.

Previously, Stack Smashing‘s experts had managed to hack an AirTag driver to modify its firmware and make the device do different things from the ones it was designed for.

This attack could allow hackers to redirect a user to some malicious website, although this process is not as simple as it sounds. Experts mention that the only way to modify the firmware is to have remote access to the affected devices, since at the moment it seems impossible to modify the firmware of the device remotely.

Moreover, although the malicious modification of the firmware of a smart device seems like a serious problem, experts believe that the attack could be much less worrying than it sounds, as a successful attack itself does not allow the deployment of subsequent attacks, not to mention that a method has not even been found to deliver a malicious firmware update and that this could be easily corrected by Apple.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.