The party is ON! Join us at TNW Conference 2021 in Amsterdam for face-to-face business!

Your sardonic source for consumer tech stories

This article was published on May 10, 2021

Brain genius hacks an Apple AirTag… but don’t panic

Take a deep breath: everything's gonna be okay

Brain genius hacks an Apple AirTag… but don’t panic
Callum Booth
Story by

Callum Booth

Editor of Plugged by TNW

Callum is an Englishman in Amsterdam, but not in the way you're thinking. He's the Editor of Plugged, TNW's consumer tech vertical. He w Callum is an Englishman in Amsterdam, but not in the way you're thinking. He's the Editor of Plugged, TNW's consumer tech vertical. He writes about gear, gadgets, and apps — with a particular focus on Apple — and also makes the occasional odd video. Basically, he's halfway between an abrasive gadget nerd and thinky art boy.

When I hear something’s been hacked, it conjures images of Le Carré-style spies and national security leaks, but this isn’t always the case. Sometimes, it’s just a brain genius hacking an Apple AirTag.

Over the weekend, Twitter user Stacksmashing managed to break into Apple’s tracking device. They also managed to dump the firmware of Apple’s new device (although this hasn’t been made public).

Feast your eyes on this:

We can all agree on one thing: this is cool. Apple is renowned for the strong security of its devices, so actually hacking an AirTag is a fantastic achievement. But there’s a bigger question to answer…

Should we be worried that someone hacked an AirTag?

Let’s try and break this down logically. First, we need to find out exactly what Stacksmashing managed to achieve. From a user perspective, the most notable element is they managed to alter the NFC URL.

Effectively, when you tap an AirTag with your phone, it normally directs you to Apple’s Find My service. Stacksmashing managed to alter this so it opened a website of their choice. Like this:

Obviously this could be used to redirect someone towards a malicious website, but this hacked AirTag opens up another question: can it be used for even more nefarious purposes?

A point raised in the Twitter thread is whether or not this hacked or jailbroken AirTag could be used for tracking and recording. Effectively, someone could disable anti-stalking measures and follow you. It’s also broadly possible to use the accelerometer inside the hardware to record audio. In other words, an AirTag could become a spying device.

So… should you be worried?

Not really. At least not yet. In order to hack the AirTag, Stacksmashing had to take it apart, whip out the soldering iron, and power it externally. In other words, if someone’s going to do this with an AirTag you own, it’s gonna take a lot of time and access.

If someone really wants to spy on you, there are far easier ways to do than this. An AirTag being hacked isn’t going to impact you currently.

Really, we should be pleased that someone’s managed this feat. Apple is bound to take note of this and, hopefully, will take further steps to ensure that these devices can’t be easily used to erode someone’s privacy.

Still, massive respect to Stacksmashing. This is cool as fuck.

Did you know we have a newsletter all about consumer tech? It’s called Plugged In – and you can subscribe to it right here.

Also tagged with