Security News > 2022 > February > Apple AirTag anti-stalking protection bypassed by researchers
A few days after the rickroll business, we were writing up another AirTag hack that documented how to create Bluetooth messages that could hitch a ride on Apple's AirTag network.
Every two seconds, regular AirTags broadcast an identifier via a low-energy Bluetooth; any passing iPhones in the vicinity that are AirTag enabled and happen to pick up these broadcast messages co-operatively relay them back to Apple's AirTag backend, where they're saved for later lookup.
To protect your privacy, the pseudorandom sequence is keyed, or "Seeded", using a shared secret that is known only to the AirTag and the owner who originally paired an Apple device with it, and the identifier that's broadcast isn't the actual data generated in the sequence, but a hash of it.
The identifier used by any AirTag is updated every 15 minutes, following a pseudorandom sequence that only the AirTag and its owner can construct, so that the AirTags can't be matched up in Apple's database, albeit anonymously, simply by looking for repeated broadcast codes.
Well, Bräunlein is back in the AirTag news with a similar sort of "Bogus but apparently innocent AirTag message" trick, this time designed not to sneak data back via Apple's network, but to prevent Apple's network from generating timely privacy warnings.
The AirGuard app is only available for Android, so if you're using Apple AirTags with Apple phones and laptops, this won't work for you.