We heard the newest Apple AirTag was hacked, and it appears like a safety researcher could have the ability to exploit Apple’s Locate My system.
Based on Security writer Fabian Bräunlein he’s managed to utilize Apple’s Locate My system to send messages.
With the latest launch of Apple’s AirTags, I had been interested in whether Locate My’s Offline Finding system might be (ab)used to upload random data to the world wide web, from devices that aren’t linked to WiFi or cellphone net. The data will be dispersed via Bluetooth Low Energy and picked up from local Apple devices, which, as soon as they are linked to the web, forward the information to Apple servers from which it may later be recovered. Small detectors can use this type of method in uncontrolled environments to get around the price and power consumption of cellular internet. It may also be interesting to exfiltrate information from Faraday-shielded websites, which iPhone users sometimes visit.
You can Learn More information at Fabian Bräunlein’s site in the link below. However, it’s not clear as yet if that.
Source Positive Security, MacRumors
