One report about AirTag on Thursday show that more security researchers are exploring the device, and another says it is a “gift to stalkers.”

AirTag Stalkers

The first report is from Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project, and Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation.

In it, they write that although AirTag isn’t the first tracking device, it is the one with the biggest network. Apple’s Find My location network uses its billion-plus peer-to-peer network of devices to boost tracking.

Apple did create anti-stalking measures for the AirTag. It uses Bluetooth signal identifiers that frequently change, and iOS devices can detect an unknown AirTag in close proximity. Additionally, an AirTag separated from its owner for an extended period of time will play a sound when moved to draw attention to it.

But what if the victim has an Android smartphone? In that case, the AirTag can’t be detected, although the device will still produce a sound after 72 hours of being separated from its owner. It’s not a loud sound and abusers who live with their victims can just reset the countdown clock.

AirTag Security

If the abuser is also knowledgeable they could hack the AirTag to make it do things not approved by Apple, in the second report from Lorenzo-Franceschi-Bicchierai. One particular hack is theoretical, but hardware hacker Thomas Roth (Stacksmashing) believes the AirTag could be modified to use its accelerometer as a microphone, turning it into a bugging device.

Another researcher, Fabian Bräunlein, was able to broadcast data to nearby Apple devices using the Find My network, achieving this capability by “spoofing many AirTags and encoding data in which AirTag is active.”

Like it’s other products, Apple is sure to make improvements to AirTag in further versions. At the very least, Mr. Bräunlein said the AirTag is “cryptographically well designed.”

Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

5 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Designr

Apple needs to add Geofencing to the AirTag.

By Geofencing I mean an alert when an AirTag gets more than 10, 20, or 30 feet away from your side.

For example, say you’re entering an airport. The ability to enable an alert if your bag decides to wander off with a stranger would save a lost of lost bags.

Replace the words AirTag with “Bluetooth tracker”, and everything written above is still true. Putting the Apple logo on it changed nothing.

https://foundation.mozilla.org/en/privacynotincluded/tile-mate/

https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF

https://arxiv.org/pdf/2005.08208.pdf

Mike Weasner

After a few days of using my AirTags in a rural area, I have discovered the biggest drawback to the concept of AirTags to keep track of your devices. Apple seems to believe that everyone lives in a highly congested big city with thousands of iPhones walking by your AirTag on a frequent basis. In rural areas, with a lower population of iPhones and other devices, your AirTag is not going to be frequently located when out of Bluetooth range of the owner. I can easily find my AirTags when they and I are in my house. But outside on… Read more »

Lee Dronick

Apple seems to believe that everyone lives in a highly congested big city “

I am not being snarky, but most people do live in urban areas.

LIke @Lee Dronick stated, most people do live in or near urban areas.