With a custom-made AirTag clone, a security researcher claims to have defeated the tracking protection mechanisms embedded into Apple’s Find My app and AirTag tracking devices. The researcher said he successfully monitored an iPhone user for five days (with their knowledge) without generating a single tracking warning, despite growing worries that AirTags are ripe for misuse by stalkers and other wrongdoers.
AirTags, released in April 2021, work with Apple’s Find My service to assist customers in keeping track of personal belongings like keys, wallets, and bags. However, there have been multiple cases of malevolent usage, ranging from devices put to facilitate car theft to those hidden in victims’ coat pockets.
Apple released a slew of new safety warnings earlier this month in response to concerns about intrusive tracking. Fabian Bräunlein, the co-founder of Positive Security, a Berlin-based infosec firm, claimed he swiftly generated some “pretty apparent bypass ideas for every present and prospective security mechanism” before developing an OpenHaystack-based AirTag clone to test his hypothesis.
By configuring the clone “to continuously broadcast new, never-seen-before public keys,” the most systematic approach for identifying unauthorized AirTags was easily evaded. The clone was also invisible by beeping notifications because it didn’t have a speaker. In the face of changed or cloned AirTags, Bräunlein believes Apple’s subsequent privacy enhancements will be similarly impotent.
A new ‘Precision Finding’ tool, improvements to the unwanted-tracking alarm logic, and the usage of stronger audio notifications are among them. While Apple’s asset-tracking applications for iOS and Android – Find My and Tracker Detect, respectively – missed the clone, a third-party alternative discovered it.
The clone was detected in ‘manual scan’ mode by AirGuard, which was built by the Secure Mobile Networking Lab (SEEMOO) at the Technical University of Darmstadt’s computer science department. Despite its victory over Bräunlein’s AirTag clone, AirGuard was created to identify off-the-shelf devices like the Chipolo One Spot and modified, speaker-free AirTags, which Heinrich claims are fueling stalking.
According to Heinrich, SEEMOO is currently working on a follow-up project. “The main issue is that a lost iPhone or a closed MacBook send exactly the same signals as such a tracker,” he said. “We want to develop [the] next version that utilizes as much information as possible to reduce possible false alarms and reliably detect malicious and modified devices.”
