Security News > 2022 > February > Airtag clones can sidestep Apple anti-stalker tech

An infosec startup says it has built an Apple Airtag clone that bypasses anti-stalking protection features while running on Apple's Find My protocol.

"In particular," said Bräunlein, "Apple needs to incorporate non-genuine AirTags into their threat model, thus implementing security and anti-stalking features into the Find My protocol and ecosystem instead of in the AirTag itself, which can run modified firmware or not be an AirTag at all."

Miscreants would drop Airtags into victims' bags or attach them to cars and then use the Find My app to view their precise locations.

Anti-stalking protections were hastily introduced by Apple recently; Airtags are supposed to sound an audible alarm and also send notifications to nearby iPhones announcing their presence.

In a 10 February statement Apple declared it was tightening up privacy protections in Airtags, adding "We condemn in the strongest possible terms any malicious use of our products."

It is unclear if Apple will look at the Find My protocol itself rather than tinkering around the edges with the proprietary devices it deploys to use that protocol.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/02/22/apple_airtags_protections_bypass/