Hacking the AirTag tracking system: spoof an AirTag’s location by recording BLE broadcasts. 👨🏻💻🧳🌐📱😰
Security researchers Gabriel K. Gegenhuber, Leonid Liadveikin, Florian Holzbauer, and Sebastian Strobl shared their security research on Apple’s AirTag tracking system and Find My network. The authors found a way to inject false data into the network and spoof an AirTag’s location.
The key finding is that an AirTag’s Bluetooth (BLE) broadcast can be relayed or recorded and later re-sent from a different location, near a device that will report it to the Find My network. It allows an attacker to move the AirTag’s location shown in the Find My app to any place on the map.
The authors do not share the blueprint of their setup or the code they used, so it may take some time to reproduce the attack. However, the vulnerability seems more like a design issue, which is likely to remain for some time.
Enjoy the read, and please don’t use this finding for cruel pranks on people during their vacations. Stay safe!
More details:
A Relay a Day Keeps the AirTag Away: Practical Relay Attacks on Apple’s AirTags [PDF]: https://arxiv.org/abs/2604.10138
