Computer security researchers have created a clone of the Apple AirTag tracker to spy on other people, bypassing the software protection of the Find My service. At the same time, the day before, Apple released a patch that was supposed to close the “hole” in the gadget’s vulnerability – but this did not prevent the spy device from performing its main function.
The AirTag clone has been upgraded so that it can track the owner of the iPhone for more than five days. At the same time, no notifications were displayed on the smartphone, and the gadget itself did not emit sound signals. Despite Apple’s statement about checking the AirTag serial number, the spy tracker was not even tied to an Apple ID account, but it was successfully integrated into the service.
The creators of the gadget said that they managed to bypass Apple’s protection with the help of more than two thousand pre-loaded into the memory of a homemade public key tracker. By broadcasting them every 30 seconds, the fake AirTag imitated different devices “passing by”. A complete enumeration of values took about 17 hours, after which it was repeated cyclically.
The gadget is based on a microcontroller with an ESP32 Bluetooth module. The main vulnerability of FindMy, the researchers called not the Apple beacons themselves, but the imperfection of the software. Representatives of the brand did not comment on the publication about the vulnerability of the service.