You can do “Phishing” with an AirTag and Apple knows it

Since rumors started a couple of years ago that Apple was planning to launch a trackerMany of us thought it would be a toy that could be used for somewhat “dark” purposes, such as locating a person without their consent.

For now, Apple has solved it, with the warnings that iOS 15 issues on the victim’s iPhone in case that happens. I would not be surprised by a hair that in a while can be “jailbroken” to a AirTag, and modify your internal software to avoid these notices. If that happens one day, we will have a problem. Meanwhile, they have already invented them to be able to do «Phishing» with said locator….

A security researcher has shown that you can modify an AirTags by entering a programming code in the field of the phone number before putting it in Lost mode, so that you are redirected to a website of «Phishing»If you find said AirTag« malicious ». Apple has confirmed it.

That means when someone finds that “maliciously programmed” AirTag and scans it, they will be redirected to a website chosen by the attacker, which could include a fake iCloud login to report the search… Fraudulently obtaining the victim’s Apple ID and password.

The worrying thing about the case is that the discoverer of said security hole, Bobby rauch discovered the vulnerability in June, reported it to Apple, and advised it to give it 90 days before publicly disclosing the flaw. This 90-day period is a common practice in the security field, as it gives a company enough time to fix it by updating the device’s software.

It seems that Apple hasn’t fixed it, and after 90 days, he has published his discovery. Those of Cupertino are looking for a solution, but for now, this vulnerability remains active. If you find a lost AirTag, keep in mind that you don’t need to sign in with your Apple ID to report the loss.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *