The Apple Airtag security hole – why you need to be cautious if you find a lost Airtag.

I’m always getting clickbait about a security vulnerability with Apple, or a new virus or something. Pretty much all of them are irrelevant to the average user. But this one is something to be aware of, not because it’s particularly nasty, but becuase it’s so simple to do. This is the kind of hack your teenager next door neighbour will try to use on you to steal your Apple login details. It’s actually very easy to pull off.

When I was on work experience at the CSIRO in year 10 I was quite bored. We were given the lowest level access to their computer system and not much work to do. So I wrote a very simple program that tricked my supervisor into typing in his login details. This gave me the highest level access possible into the CSIRO computer.

Now I immediately told him what I did, it was after all just for a bit of a challenge. He didn’t believe me. I showed him how I did it, and, well, he was not impressed. So, believe me, this is the kind of thing a teenager does for fun. It’s the challenge of it.

1. How to protect myself.

If you find a missing Airtag, do not scan it. If you do, never enter your Apple login details.

2. What is the problem?

When you scan I missing a tag, Apple takes you to a site where it can tell you the owners details so that you can return it. It’s possible for a hacker with the right software to modify the Airtag so that instead of sending you to the official Apple website, it sends you to a ‘fake’ login where they can get your Apple login details.

3. How easy is it?

The instructions are here. It would require you to get some software called Burp Suite, use that to hack an Airtag, then leave that Airtag on your neighbours footpath or your work colleagues desk. You’d need to set up a fake Apple ID site, to grab their login details. Probably 1-2 hrs work for a tech savvy teenager trying it for the first time.

4. Would someone actually try this.

Absolutely they would. If for no other reason that n to see if it worked. Most hacks are way above the ability of most people. This one is doable. But requires a bit of tech so it’s also a challenge.

5. What could they do with my Apple ID?


They could order you a top of the like Apple Mac Pro for $55,000, courtesy of your Credit Card.

They could gain access to your email account, and from there reset passwords on your bank accounts…

Once someone has access to your email they can create quite a mess.

5. What to do about it.

Make sure you don’t become the enemy of any teenagers or computer geeks.

Don’t go scanning any Airtags that you find.

Posted

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.