One report about AirTag on Thursday show that more security researchers are exploring the device, and another says it is a “gift to stalkers.”
AirTag Stalkers
The first report is from Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project, and Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation.
In it, they write that although AirTag isn’t the first tracking device, it is the one with the biggest network. Apple’s Find My location network uses its billion-plus peer-to-peer network of devices to boost tracking.
Apple did create anti-stalking measures for the AirTag. It uses Bluetooth signal identifiers that frequently change, and iOS devices can detect an unknown AirTag in close proximity. Additionally, an AirTag separated from its owner for an extended period of time will play a sound when moved to draw attention to it.
But what if the victim has an Android smartphone? In that case, the AirTag can’t be detected, although the device will still produce a sound after 72 hours of being separated from its owner. It’s not a loud sound and abusers who live with their victims can just reset the countdown clock.
AirTag Security
If the abuser is also knowledgeable they could hack the AirTag to make it do things not approved by Apple, in the second report from Lorenzo-Franceschi-Bicchierai. One particular hack is theoretical, but hardware hacker Thomas Roth (Stacksmashing) believes the AirTag could be modified to use its accelerometer as a microphone, turning it into a bugging device.
Another researcher, Fabian Bräunlein, was able to broadcast data to nearby Apple devices using the Find My network, achieving this capability by “spoofing many AirTags and encoding data in which AirTag is active.”
Like it’s other products, Apple is sure to make improvements to AirTag in further versions. At the very least, Mr. Bräunlein said the AirTag is “cryptographically well designed.”
Apple needs to add Geofencing to the AirTag.
By Geofencing I mean an alert when an AirTag gets more than 10, 20, or 30 feet away from your side.
For example, say you’re entering an airport. The ability to enable an alert if your bag decides to wander off with a stranger would save a lost of lost bags.
Replace the words AirTag with “Bluetooth tracker”, and everything written above is still true. Putting the Apple logo on it changed nothing.
https://foundation.mozilla.org/en/privacynotincluded/tile-mate/
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
https://arxiv.org/pdf/2005.08208.pdf
After a few days of using my AirTags in a rural area, I have discovered the biggest drawback to the concept of AirTags to keep track of your devices. Apple seems to believe that everyone lives in a highly congested big city with thousands of iPhones walking by your AirTag on a frequent basis. In rural areas, with a lower population of iPhones and other devices, your AirTag is not going to be frequently located when out of Bluetooth range of the owner. I can easily find my AirTags when they and I are in my house. But outside on my 3 acres of land, the last known location can off by a hundred feet. So if you leave your camera someplace while visiting a park in a rural area or your bike is stolen, don’t expect to use an AirTag to immediately locate it. Also, I’m concerned about the audible alert that can sound to tell someone that an AirTag is nearby. If your AirTagged item in stolen and the alert sounds, the thief will be alerted and can just remove the battery to silence the alarm and disable the AirTag. Just some things to keep in mind as you begin to “trust” your AirTags.
“Apple seems to believe that everyone lives in a highly congested big city “
I am not being snarky, but most people do live in urban areas.
LIke @37 stated, most people do live in or near urban areas.