Security researchers bypassed AirTag's anti-stalking protection


Non-genuine AirTag clones appear to be the latest addition to the list of concerns about possible misuses of Apple's tracking tool.

Even though Apple released the AirTag to help users locate lost items, the button-sized gadget appeared in several stalking cases.

To combat the misuse of AirTags, Apple introduced a series of updates meant to make it more difficult for threat actors to stalk victims.

ADVERTISEMENT

However, Fabian Bräulein, security researcher and Co-Founder of Positive Security, claims he has found an area where Apple did not focus at all – AirTag clones.

He claims to have managed to build a stealth AirTag and successfully tracked an iPhone user for five days without triggering a tracking notification.

"Apple needs to incorporate non-genuine AirTags into their threat model, thus implementing security and anti-stalking features into the Find My protocol and ecosystem instead of in the AirTag itself, "Bräulein writes in a blog post.

The research shows that the Bräulein managed to spoof Apple's Find My protocol by having a non-genuine device broadcast 2,000 preloaded public keys.

By doing so, he bypassed anti-stalking protection with a non-genuine clone of AirTag.

"Since Apple in the current Find My design can't limit its usage to only genuine AirTag [...], they need to take into account the threats of custom-made, potentially malicious beacons that implement the Find My protocol, "Bräulein wrote.

He claims that with the present AirTag system design, it's almost impossible to distinguish whether the device is genuine or not.

ADVERTISEMENT

This month, Apple acknowledged that the gadget was used to track people or strangers' property.

"We have successfully partnered with them [law enforcement] on cases where information we provided has been used to trace an AirTag back to the perpetrator, who was then apprehended and charged," the company said.