Stealthy AirTags Pose Serious Concerns

AirTags are small, coin-shaped tracking devices developed by Apple Inc. These compact and lightweight gadgets are designed to help users keep track of their belongings. They work in conjunction with the Find My app, which allows users to locate items that have been paired with an AirTag. The AirTags utilize Bluetooth and the vast network of Apple devices to provide real-time location updates to the owner's Apple device. This can be particularly useful for keeping track of commonly misplaced items such as keys, wallets, bags, or even pets.

With the Find My app, users can see the last known location of their item on a map, and if they're in close proximity, they can activate a sound on the AirTag to help locate it. Additionally, the AirTag features a Lost Mode, which allows the user to input contact information so that if someone else finds the item, they can reach out to return it. These features make Apple AirTags a convenient tool for ensuring the safety of one's possessions and making the process of finding lost items more efficient.

However, the introduction of AirTags has raised concerns about potential misuse and privacy issues. There have been worries about the possibility of individuals using AirTags to track people without their knowledge, leading to concerns about stalking or other forms of harassment. These concerns are particularly relevant as AirTags are designed to be discreet and easily attachable to various objects, making them potentially inconspicuous tracking devices.

To address these safety concerns, Apple has implemented various safety features. For instance, AirTags are designed to play a sound when separated from their owner for an extended period, alerting individuals that an unknown AirTag may be in their vicinity. Additionally, Apple has also implemented safety features to ensure that the Find My app can alert users if an unknown AirTag is traveling with them, providing a safeguard against unauthorized tracking.

These safeguards certainly provide a sense of security, but is that warranted, or is it a false sense of security? That is the question a team of researchers at Northeastern University set out to answer. They recently completed a deep dive into the safety alert mechanisms provided by Apple to see just how effective they are, and if they can be bypassed.

After setting up a network of iPhones, the team ran a series of experiments to determine how quickly an alert will be delivered when an unknown AirTag remains in close proximity to a phone. They found that there are some significant delays, with alerts typically being received after a period of 30 minutes to 9 hours. Alerts came in the most quickly at night, or when the tracker was within about 13 feet of the phone. Being in a frequently-visited location, like one’s home or place of work, also served to speed up alert times.

While some of these delays seem excessive, they can also be understandable. After all, we do not want our phones to regularly alert us about suspicious trackers that are not actually of concern. That could lead to undue worry, and also cause people to ignore alerts that are actually of concern.

What is much more concerning is that the team found a way to circumvent the alerts, allowing malicious actors to track victims completely transparently. They did this by cloning an AirTag with an ESP32 microcontroller, then using this platform to broadcast the public key of a genuine AirTag. By using a genuine key, the device can be tracked with the Find My app. But this also gave them the flexibility to modify the status byte in the Bluetooth message such that the device would be recognized as an iPhone or Mac, rather than an AirTag. This simple change prevented alerts from being triggered. It was confirmed that the tracker could silently track an individual, using the massive network of Apple devices, for months in this way.

The team reached out to Apple with their findings, but no word of an official fix for this problem has been announced yet.