Security researchers just discovered a simple way to confuse the Apple AirTag system into displaying false locations on a map. By recording and repeating the standard Bluetooth signals that an AirTag naturally sends out, someone can make the tracking device appear miles away from where it actually is right now.
This new security flaw reveals that anyone can easily manipulate the vast device-finding network.
Capturing the signal lets someone fake the exact device location
The tracking system relies on constant Bluetooth Low Energy signals to pinpoint missing items. Every AirTag broadcasts a small ping, and any nearby Apple product picks up that signal to send an encrypted location report to the owner.
Researchers proved that anyone can record this ping using a basic Android phone or a small computer. Once they record the data, they can travel to a completely different spot and replay the same signal.
Any nearby Apple device will treat that replayed signal as the real thing. It then automatically reports the false location to the main network. Researchers even sent the copied signal over the internet to show the item in a different country entirely.
Fake location data can last for days before the network updates
The official tracking app gets confused when it sees both the real tag and the fake signal at the same time. The map marker will often jump back and forth between the true location and the injected false position.
To stop old signals from working forever, Apple makes sure its tags rotate their encryption keys roughly every 24 hours. Once the key changes, any older recorded pings become useless to the system.
However, researchers figured out a trick to bypass this limit. If someone takes the battery out of the original tag, the encryption key stops rotating. This simple step allows the copied signal to keep generating fake location reports for up to seven days before the network finally rejects it.
