A new Apple AirTag clone created by a security researcher points to the possibility of bypassing the device and tracking protection features already available via Apple Find My network. The new finding provides another layer of concern for the seemingly revolutionary Apple AirTag that has now become a tool for stalking and criminality.
Apple has had to grapple with rising concerns about how the AirTag was being used to intrude on the privacy and safety of persons. Multiple reports had surfaced about the use of AirTags as tools for criminality and stalking. Although Apple came up recently with an updated user guide and advisory on how to prevent stalking, the problem seems to persist. In addition, Apple had introduced a raft of changes on the Find My network aimed at addressing some of the issues emanating from the misuse of the AirTags.
The new research that indicates a cloned AirTag could bypass the current architecture in the Find My network was published by security researcher Fabian Braunlein of Positive Security firm. Several of the bypassing strategies, according to the security researcher, could be put into practice effectively. The report indicates that a cloned AirTag was able to track an iPhone for 5 days without triggering any tracking notifications. Several measures were aimed to thwart current and possibly subsequent modifications from Apple with grave security implications.
With the absence of a serial number and functional speaker, the clone provides a serious challenge to Apple’s plans of ensuring user security while using the AirTags. We note that some AirTags were advertised on Etsy and eBay recently with demobilized speakers. The AirTag clone’s system is based on OpenHaystack and has some pretty strong algorithmic possibilities that may thwart tracking by law enforcement.
In all, Braunlein feels that there are opportunities for Apple to shore up its security architecture to remove all the stated threats. He says Apple needs to take into account the threats from custom-made potentially malicious devices that implement the Find My app protocol or modified AirTags hardware. It remains to be seen how Apple responds to the clear points raised by the security researcher, amidst growing criticism of the AirTags’ functionality.
RELATED:
- Apple iPhones are recording Siri interactions despite users opting out
- iPhone SE 3 and iPad Air 5 may have Gone into Mass Production, iPhone SE will Not Support MagSafe
- Apple announces Tap to Pay feature for iPhones, debuts this spring on Stripe
- Apple working on realityOS for its upcoming AR/VR headset
(via)
