Hackers know how to crack AirTag firmware and adjust NFC link

Hackers have managed to crack Apple’s AirTag firmware. As a result, small changes to the gadget are possible, for example the url to which the tag refers can be adjusted. The data points on the pcb have also been mapped.

The first hack of the AirTag was carried out this weekend by German security researcher Thomas Roth. He managed to access the AirTag’s microcontroller. That was not very easy; Roth first had to make a firmware dump in order to reprogram the microcontroller. The only function he has been able to achieve with it for the time being is that it is possible to reprogram the NFC controller. This made it possible to adjust the link to which an AirTag refers.

Normally an AirTag only connects to an iCloud URL, but Roth was able to adjust that. The hacker posted a short video on Twitter showing that the AirTag refers to his own website. It shows that the AirTag is connected to cables, but according to him that is only to provide the gadget with power.

A second hacker has also taken apart the AirTag . Colin O’Flynn then managed to map the various data points on the PCB of the AirTag. He put the data on GitHub . Thomas Roth says he took advantage of those maps to customize the NFC chip through the nRF52 development kit.

Earlier this month, iFixit also managed to disassemble the AirTag . It showed, among other things, that the motherboard was very full, but the tinkerers found three places where holes could be drilled for manually attaching a keychain ring.