AirTag Vulnerability Can Allow Hackers To Steal iCloud Data

Image Credit:

A security researcher has raised the alarm about an AirTag vulnerability that might allow a hacker to trick customers into visiting an iCloud phishing website.

The issue originates from AirTag’s Lost Mode. It allows someone who finds a stranded AirTag to track it down and return it to the owner. The feature can display a phone number or address on a dedicated webpage when the user enables Lost Mode. According to Bobby Rauch (via Krebs on Security), Apple’s Lost Mode “doesn’t yet prevent users from putting arbitrary computer code into its phone number field,” which may direct an unwitting AirTag retriever to a phishing site.

The most typical danger is to include code that redirects visitors to a phishing site that looks exactly like Apple’s iCloud login page. And thereby tricking them into entering their username and password.

Also Read: Samsung Galaxy S22 Ultra To Feature Built-in S Pen Stylus?

Here is what the researcher who found the AirTag vulnerability said.

“There are infinite ways an attacker may victimize an end-user who discovers a misplaced AirTag,” adds Rauch. Raunch found the problem in June. He alleges that he contacted Apple months ago. However, the company’s researchers finally assured him last week that the vulnerability will be resolved in a future update.

Apple’s AirTag is a Bluetooth tracking gadget that can attach to another device. It uses ultra-wideband technology to track non-Apple devices and locate items with pinpoint accuracy in the Find My app.

Apple’s “lack of contact” pushed Rauch to go public with his discoveries, according to Krebs on Security. He further claims that Apple requested him not to disclose the information. Apple was recently chastised by another security researcher for patching a zero-day iOS issue without recognizing him. In its Security Bounty Program, Apple pays up to a million dollars to find flaws and vulnerabilities.

Also Read: AMD Older GPUs To Get Raytracing Support Thanks To RADV.


Leave a Reply

Your comments will appear once it is approved by a moderator.


Intel Meteor Lake

Intel Meteor Lake CPUs Might Feature Neural Engine Acceleration

OnePlus 6 and 6T

OxygenOS for the OnePlus 6/6T comes with a September security patch and more