Apple AirTag Spills Its Secrets

The Apple AirTag is a $29 Bluetooth beacon that sticks onto your stuff and helps you locate it when lost. It’s more than just a beeper though, the idea is that it can be silently spotted by any iDevice — almost like a crowd-sourced mesh network — and its owner alerted of its position wherever they are in the world.

There are so many questions about its privacy implications despite Apple’s reassurances, so naturally it has been of great interest to those who research such things. First among those working on it to gain control of its nRF52832 microcontroller is [Stacksmashing], who used a glitching technique whereby the chip’s internal power supply is interrupted with precise timing, to bypass the internally enabled protection of its debug port. The firmware has been dumped, and of course a tag has been repurposed for the far more worthwhile application of Rickrolling Bluetooth snoopers.

The idea of a global network of every iDevice helping reunite owners with their lost possessions is on the face of it a very interesting one, and Apple are at great pains on the AirTag product page to reassure customers about the system’s security. On one hand this work opens up the AirTag as a slightly expensive way to get an nRF microcontroller for other applications, but the real value will come as the firmware is analysed to see how at the tag itself works.

[Stacksmashing] has appeared on these pages many times before, often in the context of Nintendo hardware. Just one piece of work is the guide to opening up a Nintendo Game and Watch.

17 thoughts on “Apple AirTag Spills Its Secrets

  1. One thing: These Tile ripoffs don’t “stick onto your stuff”. They require a keychain or other accessory to do that, which will cost you anywhere from $13 to $449, in the Apple store. Convenient!

      1. Yes! Yes I would! And I’d also add that the Model T was a rip-off of the traditional horse and buggy! What’s next, cars that go fast enough to create vacuums under the driver’s arms? We’ll have to have arms made of some strong but lightweight metal now to protect us. Rip off, I say!

  2. Apple reassures you than you will get notified if sameone tries to hide one on your person to track you.

    However that only works if you have an iPhone or if whoever wanted to track you refrained from pulling it apart and removing the beeper.

    1. Better an attempt than nothing (I don’t think Tile does anything to prevent this). I’d be interested to see what the nRF protocol it used was like, and the mere presence of an airtag (not necessarily the actual identifiers) could be detected on other devices.

      1. As I understand it, it broadcasts an asymmetrically encrypted payload via Bluetooth LE, that other iPhones receive, augment with their own location, then upload to Apple.
        Only the owner who has the corresponding private key can decrypt the payload.
        Also see OpenHaystack, which is a reimplementation of the protocol.

    2. Yeah, this was my worry also.
      A global tracking network piggybacking off Apple devices.
      If a tag just happens to find it’s way inside something you own or for example inside the bumper of your car, how would you notice?
      And the battery life is 10years so it can be essentially abandoned in place.
      The genius part is making the iDevices the backbone of the tracking network.
      No embedded GPS needed! Let the device do that.

    1. I was thinking about that, and I’m not sure.

      But really, this isn’t as much of a ripoff as I expected. It definitely would have been if there was no replaceable battery, but for some reason Apple gave us that. $30… ehhh… It’s not great, but it’s hella convienient.

  3. There is probably a very expensive version of this tech that is significantly smaller that we will note in some future data dump by a disgruntled government employee long after it has been deployed in the field for many years…

  4. I suspect that there were air dropped mesh network devices in the 2nd, if not the 1st, Gulf War. I even remember speculation about just this way back then.

    Also when I was in college we already knew fiber optic computer networks were coming and most likely we’d all be connected to it as sort of a utility like electricity or natural gas. We talked about RISC chips and this was back in the early 80’s among English and Nursing majors when I was in college. I think we forget we saw the outlines of the internet coming together way before the world wide web existed. Yes, Al Gore really did have a huge role in it all happening.

  5. Hey editors, read the very first sentence of the article. Read it again. One more time. Come on, man!

    > The Apple AirTag is a $29 Bluetooth beacon that sticks onto your stuff and helps you find locate it when lost.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.