Apple’s US $30 AirTag tracking device has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode. However, KrebsonSecurity reports that this same feature can be abused to redirect the “Good Samaritan” to an iCloud phishing page — or to any other malicious website.
The vulnerability was discovered and reported to Apple by Bobby Rauch, a security consultant and penetration tester based in Boston. Rauch told KrebsOnSecurity the AirTag weakness makes the devices cheap and possibly very effective physical trojan horses.
Rauch said he realizes the AirTag bug he found probably isn’t the most pressing security or privacy issue Apple is grappling with at the moment. However, he said neither is it difficult to fix this particular flaw, which requires additional restrictions on data that AirTag users can enter into the Lost Mode’s phone number settings.
“It’s a pretty easy thing to fix,” he said. “Having said that, I imagine they probably want to also figure out how this was missed in the first place.”
KrebsOnSecurity says Apple hasn’t responded to requests for a comment.
Dr. Sumbul Desai, vice president of Health at Apple, has been named to TIME magazine’s…
The Apple Watch atrial fibrillation (AFib) history feature has been qualified by the FDA under…
Google’s Alphabet paid Apple US$20 billion in 2022 to be Safari’s default search engine according…
If your AirPods Pro aren’t as comfortable as you’d like, check out the HyperFoam ear…
Educators have searched for user-friendly Learning Management Systems (LMS) to improve teaching and learning.
PDF Extra for Windows is an all-in-one solution featuring a streamlined workflow and a familiar…