You might have gone through some news where AirTags are exploited for nefarious purposes. How can such a small gadget cause so many problems? Let’s see.
AirTags are the small devices developed by Apple to help people keep an eye on their belongings by attaching AirTags to them. It is a digital device equipped with Bluetooth Low Energy (BLE) that enables them to connect with any nearby device.
Moreover, Apple said they kept every threat possibility in mind while developing this device so that no one faces any security issues. However, many people have recently highlighted it as a threat to their security because criminals use AirTags for mischievous work.
But Apple’s intention wasn’t to sacrifice the privacy of its user. They build it for a different purpose: to find lost items quickly. But what went wrong?
How AirTags Works?
Apple’s AirTag is already integrated into the company’s Find My ecosystem, and it will help you keep track of the important stuff in your life.
AirTags are a type of wireless device that functions by emitting an electromagnetic field with a Near Field Communication (NFC) chip (U1 chip). The AirTag’s unique identification number is transmitted to an NFC-enabled device when an AirTag comes into proximity with it. The AirTag may be used to find misplaced items in this way.
According to the company, the iPhone uses the “accelerometer, camera input, ARKit, and gyroscope” to provide feedback on where your item is positioned. It can lead you to the accurate position of the item you have lost.
How AirTags Are Used to Exploit Security
While privacy concerns abound in the digital world, ensuring that you are safe while utilizing AirTags is a significant concern for many consumers. And for some reason: AirTags are convenient gadgets, but some individuals may be concerned that they could be misused.
Moreover, there are many recent cases where AirTags have been pinned at the top by many security-concerned people. They say that AirTags are being used by criminals to stalk, hack devices, and even steal cars.
It can be possible because of the XSS vulnerability found inside the AirTags. A simple site redirect is one of the many XSS exploits that may be carried out. If you discover an AirTag and are asked to log in to iCloud to notify the owner, it’s a “weaponized” tag.
The XSS vulnerability in Apple AirTags was discovered by a security researcher. Due to this vulnerability, an attacker only needs to fill in the malicious code into the phone number field before setting the tag in lost mode. After that, criminals leave the tag somewhere for the victims.
When an individual discovers the AirTag and unknowingly scans it to identify it as detected, the code entered by scammers will lead the victim to a fraudulent iCloud page, capturing their credentials with a keylogger.
Moreover, XSS can be used by an attacker to transmit a dangerous code to their targets. The user’s browser has no way of knowing that the script should be disregarded, and it will execute the action as it believes the script came from a trusted source. The hazardous code can also access any cookies, session history, or other sensitive information saved by the browser and utilized on that domain.
How Can You Protect Yourself from Such Danger?
As you can see, AirTag’s usage isn’t as beneficial as many users may have thought. We all know that we need to be more careful and security conscious in the digital age, so here are some steps for us to take to protect ourselves from being victimized by criminals using AirTags.
To protect yourself from such attacks, the best strategy you can apply is to build a habit of not clicking on any link you feel is risky. It also includes the notifications that you may receive from an unknown AirTag. Whenever there is a lost AirTag in the surroundings, your iPhone will notify reporting that lost tag. But you need to restrain yourself at that point and avoid clicking on that link.
Moreover, don’t trust any website that appears when you click on a link. If you want, you can manually enter the website’s address and report the lost AirTags.
Also, you can use a private VPN to ensure that online entities cannot retrieve your location through your IP address. Some tools even come with protection against potentially malicious websites. Thus, if the site integrated into an AirTag is suspected of malicious activity, a robust VPN can have capabilities to block it. However, a VPN will greatly improve your digital lifestyle and prevent entities from capturing your data in transit.
Apple AirTags are splendid gadgets, but criminals can misuse them due to some technical flaws. We have discussed above how criminals use AirTags and what you need to protect yourself from such threats. By following the tips, you can keep your data security intact.