Your Apple AirTag Might Not be Safe

IoT security is big these days in the IT world, a topic of major discussion that is covered at most tech events and conferences, particularly those that involve 5G, Edge Computing, and other security-related material. In addition to that, most cybersecurity and privacy events will cover IoT-related security issues and future preparedness at least once. There are several reasons for this, not least of which is that IoT (Internet of Things) smart devices are going to be everywhere soon. Furthermore, it is estimated that by 2035 there will be at least 40 billion of these connected devices around the world, which is fantastic for daily life purposes, entertainment and on a broader level technological disruption, but poses an enormous challenge to data security and data privacy. Just think about trying to secure 40 billion devices and the opportunities there for cybercriminals.

To come back to IoT, we want to specifically mention one device which is extremely versatile and popular, but vulnerable. One of these highly sophisticated IoT devices is produced by tech colossus Apple, called the Apple AirTag. This tiny little device is chock full of technology and is a great idea, however, like all smart digital devices (meaning those that can connect to the internet or that use bluetooth wideband to ping networks) the AirTag has had its fair share of problems. Apple AirTag’s security can be compromised and it can be used to track you in many ways without you noticing at first.

A product coming from someone as reputable and sleek as Apple has no effect on how secure something is, because the bare bones of all digital devices mostly rely on the same principles and mechanisms, and are subject to the same, common attack method, no matter which company makes them. We will cover all of this in detail in the next sections so that you can secure your AirTag properly.

What is an Apple AirTag?

The Apple AirTag is a nifty little button-like digital beacon device that can be attached or put together with any object like a key finder. These objects can include; luggage, keys, pets, anything you can think of. The point of this device is that it can be tracked via the iPhone via the wideband Bluetooth network technology, wherever the device may be. It is also what is known as a key finder, because with the built-in speaker the AirTag can release a “ping” sound. In a way, it is like the remote key for a car that lets you find your car in a multi-level garage.

The AirTag, in essence, is a 1.26-inch personalizable, water-resistant chrome tracking disc with an Apple logo that can not only track items, but will track your movement as you move around the city, or across states. It is also important to note that the battery of the AirTag is known to last over a year. The technology inside the AirTag is wide-band technology that functions via high GHz frequencies. It can alert networks and other devices around it which will triangulate its location for someone looking for it.

On another note, AirTags are designed for Apple users, but can also be detected by Android smartphones with the help of some apps.

How Can an AirTag be Compromised?

Technology is something that is at the whim of user intent. This means that human error accounts for cyber risks relating to technology, most of the time. User error can mean several things such as; misconfiguration and lack of knowledge. Even though the terms “human error” or “user error” may seem a bit harsh, this only proves that we are responsible for the security of the tools we use, as is the case with devices like the AirTag.

First of all, an AirTag can be used by malicious persons to track people directly. Car thieves love AirTags. Secondly, the device itself can be compromised by cybercriminals. Since the first instance is quite obvious, let’s explain how an AirTag might not be as safe as you think.

An AirTag, like any other device, must have software inside it to run. For instance, the AirTag can be set to “lost mode.” This mode allows anyone who finds the AirTag to scan it with their smartphone and then discover the owner’s phone number. Secondly, this exact feature can be used to redirect users to a fraudulent iCloud page or malicious website. Essentially even an AirTag can be “weaponized” by cybercriminals.

Yet another example is that AirTag anti-stalking protection can be bypassed. This turns the AirTag into a “stealth” espionage weapon that will not trigger tracking notifications.

Finally, since AirTags rely on Bluetooth and network pinging, both of these technologies can potentially be cracked by a hacker. However, it is important to note that Apple has released several security updates, thanks to the careful eyes of security researchers that have spotted vulnerabilities.

Security Recommendations

As far as security recommendations go, AirTag owners should heed the following list;

  • Disable an unknown AirTag if you find that it is tracking you by tapping it against your iPhone and disabling it in the menus. If your phone is alerting you about an AirTag, make sure to select “Play Sound” so that you can find it first.
  • Make sure that your smartphone and your AirTag are updated to the latest software versions
  • Make sure that URLs you visit in your browser have a lock sign and verify the digital certificate
  • Never open any AirTag related emails in your inbox, report them to Apple
  • Change the password on your home WiFi router and use a VPN on all of your internet connections to push away cybercriminals looking to sniff your private transmissions or access your credentials

Finally, you must always understand that devices connecting to the internet or broadcasting signals are like blood in the ocean for sharks. Heed the recommendations above and make sure to scan for any unknown AirTags around you or in your car as often as you can.

Show More