News

Apple faces serious problems with their brand new tracking devices AirTag

Apple has some serious problems with their brand new tracking devices – AirTag. These useful at the first glance devices can be made a spreading point for malicious malware. A security consultant and penetration tester based in Boston Bob Rauch already notified the company but said it doesn’t seem like they are quick in their response. According to him, the weakness presented in the AirTag tracking device allows inserting in the message field text of any context. And it can present a good opportunity for hackers basically making the Apple tracking device a physical trojan horse.

Is that thing hackable?

The principle of work of the Air Tag is quite simple, you can put it to anything that can often be lost and never fear to lose it. If you lost something, you can set the thing into “Lost Mode” and a unique URL address will be created at https://found.apple.com where the owner of the lost item can write a message to a potential finder adding also a phone number to contact them. And that’s where the problem lies.The message pops up without the finder to log in or provide any personal information. In such a way, someone who may find this tracking device can be redirected by the person who intentionally lost their AirTag to a website that either will try to install malware onto their device, or to the fishing page.

“I can’t remember another instance where these sort of small consumer-grade tracking devices at a low cost like this could be weaponized,” the same Bob Rauch shared in an interview with KrebsonSecurity.1

He contacted Apple on June 20th about the bug he`d found. He also asked when they are going to fix it and whether he will get any credit. The responses were only that the company is still investigating, ignoring his questions.This went on for about three months and this month he received an email saying that the company plans to fix the bug in an upcoming update and also would he be so kind as to stay quiet until then? Rauch, not receiving any answers for his questions, decided to make his findings public before notifying the company that he will do so within 90 days. He did even though Apple states in their Apple Security Bounty that in order to qualify for Apple’s “bug bounty” program those who report on the new findings should keep their silence until the bug is fixed.

Apple is particularly known for their not so nice manners in handling bugs reporting and many researchers complain that Apple doesn’t always pay or give the researchers public recognition, they are slow with fixing reported bugs and respond in a short words or doesn’t respond at all. Many cyber security specialists point out that such negligence leads to researchers simply publishing their reports on the darknet where they can get much more money.

  1. About AirTag vulnerability.
Andrew Nail

Cybersecurity journalist from Montreal, Canada. Studied communication sciences at Universite de Montreal. I was not sure if a journalist job is what I want to do in my life, but in conjunction with technical sciences, it is exactly what I like to do. My job is to catch the most current trends in the cybersecurity world and help people to deal with malware they have on their PCs.

Recent Posts

Remove News-bpudepi.today Pop-up Ads

About News-bpudepi.today News-bpudepi.today pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove Doguhtam.xyz Pop-up Ads

About Doguhtam.xyz Doguhtam.xyz pop-ups can not expose out of nowhere. If you have clicked some…

1 day ago

Remove News-xlixoti.com Pop-up Ads

About News-xlixoti.com News-xlixoti.com pop-ups can not introduce out of nowhere. If you have actually clicked…

1 day ago

Remove Ducesousightion.com Pop-up Ads

About Ducesousightion.com Ducesousightion.com pop-ups can not introduce out of the blue. If you have actually…

1 day ago

Remove News-xlabica.live Pop-up Ads

About News-xlabica.live News-xlabica.live pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove Mergechain.co.in Pop-up Ads

About Mergechain.co.in Mergechain.co.in pop-ups can not expose out of the blue. If you have clicked…

1 day ago