A vulnerability in Apple’s AirTags was discovered, which would make the tracker a real Trojan horse for cybercriminals. Cupertino working to solve the problem.
An AirTag vulnerability opens the door for cybercriminals
A recently discovered vulnerability in AirTags would open the door for potential attackers. These could redirect users to malicious websites when the device is set to Lost Mode. The news comes from appleinsider.com, which explains how the scam mechanism works.
When a device with AirTag is lost, the owner can set the Lost Mode – Lost mode. At that point, through the found.apple.com portal, the owner can create a message and enter their personal data. Anyone with an NFC-compatible device can scan the tracker, receiving message and data from the rightful owner. One clearly works to facilitate the return of lost items. However the researcher Bobby Rauch found that the feature could be used to carry out cyber attacks.
Rauch has in fact discovered that the found.apple port allows, within the message, the arbitrary insertion of links. In this way, unsuspecting good Samaritans who scan an AirTag, could be redirected to malicious websites.
In a post published today on Medium, Rauch explains that it would take very little to redirect victims to a phishing site, thus collecting sensitive information using a simple keylogger. Rauch also states that the potential for cybercriminals would be almost unlimited, as the flaw is very large.
Appleinsider.com reports that Cupertino has already announced the resolution of the problem for the next update. Rauch also stated that Apple would ask him not to talk about the bug publicly. Obviously, the very existence of this article shows that Rauch did not follow Cupertino’s instructions, and that he preferred to publicly denounce the problem and the lack of transparency of the brand.
Read also our review on AirTag devices.