AirTag

14 Articles

Google FindMy Tools Run On An ESP32

February 11, 2025 by 26 Comments

As of about a day ago, Google’s reasonably new Find My network just got more useful. [Leon Böttger] released his re-implementation of the Android tracker network: GoogleFindMyTools. Most interestingly for us, there is example code to turn an ESP32 into a trackable object. Let the games begin!

Everything is in its first stages here, and not everything has been implemented yet, but you are able to query devices for their keys, and use this to decrypt their latest location beacons, which is the main use case.

The ESP32 code appears not to support MAC address randomization just yet, so it’s possibly more trackable than it should be, but if you’re just experimenting with the system, this shouldn’t be too much of a problem. The README also notes that you might need to re-register after three days of use. We haven’t gotten to play with it just yet. Have you?

If you’re worried about the privacy implications of yet another ubiquitous tracking system out there, you’re not alone. Indeed, [Leon] was one of the people working on the Air Guard project, which let iPhone users detect trackers of all sorts around them. Anyone know if there’s something like that for Android?

Thanks [Lars] for the hot tip!

 

desk with circuit schema and AirTag

Stealth AirTag Broadcasts When Moved: An Experiment

January 18, 2025 by 43 Comments

A simple yet intriguing idea is worth sharing, even if it wasn’t a flawless success: it can inspire others. [Richard]’s experiment with a motion-powered AirTag fits this bill. Starting with our call for simple projects, [Richard] came up with a circuit that selectively powers an AirTag based on movement. His concept was to use an inertial measurement unit (IMU) and a microcontroller to switch the AirTag on only when it’s on the move, creating a stealthy and battery-efficient tracker.

The setup is minimal: an ESP32 microcontroller, an MPU-6050 IMU, a transistor, and some breadboard magic. [Richard] demonstrates the concept using a clone AirTag due to concerns about soldering leads onto a genuine one. The breadboard-powered clone chirps to life when movement is detected, but that’s where challenges arise. For one, Apple AirTags are notoriously picky about batteries—a lesson learned when Duracell’s bitter coating blocks functionality. And while the prototype works initially, an unfortunate soldering mishap sadly sends the experiment off the rails.

Despite the setbacks, this project may spark a discussion on the possibilities of DIY digital camouflage for Bluetooth trackers. By powering up only when needed, such a device avoids constant broadcasting, making it harder to detect or block. Whether for tracking stolen vehicles or low-profile uses, it’s a concept rich with potential. We talked about this back in 2022, and there’s an interesting 38C3 talk that sheds quite some light on the broadcasting protocols and standards. Continue reading “Stealth AirTag Broadcasts When Moved: An Experiment”

Hackaday Links Column Banner

Hackaday Links: July 21, 2024

July 21, 2024 by 20 Comments

When monitors around the world display a “Blue Screen of Death” and you know it’s probably your fault, it’s got to be a terrible, horrible, no good, very bad day at work. That’s likely the situation inside CrowdStrike this weekend, as engineers at the cybersecurity provider struggle to recover from an update rollout that went very, very badly indeed. The rollout, which affected enterprise-level Windows 10 and 11 hosts running their flagship Falcon Sensor product, resulted in machines going into a boot loop or just dropping into restore mode, leaving hapless millions to stare at the dreaded BSOD screen on everything from POS terminals to transit ticketing systems.

Continue reading “Hackaday Links: July 21, 2024”

Hackaday Links Column Banner

Hackaday Links: June 9, 2024

June 9, 2024 by 32 Comments

We’ve been harping a lot lately about the effort by carmakers to kill off AM radio, ostensibly because making EVs that don’t emit enough electromagnetic interference to swamp broadcast signals is a practical impossibility. In the US, push-back from lawmakers — no doubt spurred by radio industry lobbyists — has put the brakes on the move a bit, on the understandable grounds that an entire emergency communication system largely centered around AM radio has been in place for the last seven decades or so. Not so in Japan, though, as thirteen of the nation’s 47 broadcasters have voluntarily shut down their AM transmitters in what’s billed as an “impact study” by the Ministry of Internal Affairs and Communications. The request for the study actually came from the broadcasters, with one being quoted in a hearing on the matter as “hop[ing] that AM broadcasting will be promptly discontinued.” So the writing is apparently on the wall for AM radio in Japan.

Continue reading “Hackaday Links: June 9, 2024”

apple airtag being opened to remove the sounder

Apple AirTag: Antitheft Or Antistalking?

February 24, 2024 by 37 Comments

Occasionally, the extra features added to a product can negate some of the reasons you wanted to buy the thing in the first place. Take, for example, Apple’s AirTag — billed as an affordable way to link your physical stuff to your phone. If some light-fingered ne’er-do-well wanders by and half-inches your gear, you get notified. The thing is, the AirTag also has an anti-stalking measure, which after a while, notifies nearby iPhones, should the tag move but not be near your iPhone!

In a recent video, [David Manning] explains that this feature is great for preventing the device from being used to track people. But it also means that if said thief happens to own an iPhone, they will be notified of the nearby tag, and can find it and disable it. So in the end, it’s a bit less useful as an anti-theft measure!

The solution is to pop the back off the tag and yank out the little sounder module from the rear plastic. You lose the ability to locate the tag audibly, but you gain a little more chance of returning your stolen goods. Apple could easily remove this feature with a firmware update, but it’s a matter of picking your poison: antistalking or antitheft?

Continue reading “Apple AirTag: Antitheft Or Antistalking?”

AirTags, Tiles, SmartTags And The Dilemmas Of Personal Tracking Devices

May 22, 2023 by 18 Comments

In an ideal world we would never lose our belongings, and not spend a single hour fruitlessly searching for some keys, a piece of luggage, a smartphone or one of the two dozen remote controls which are scattered around the average home these days. Since we do not live in this ideal world, we have had to come up with ways to keep track of our belongings, whether inside or outside our homes, which has led to today’s ubiquitous personal tracking devices.

Today’s popular Bluetooth-based trackers constantly announce their presence to devices set up to listen for them. Within a home, this range is generally enough to find the tracker and associated item using a smartphone, after which using special software the tracker can be made to sound its built-in speaker to ease localizing it by ear. Outside the home, these trackers can use mesh networks formed by smartphones and other devices to ‘phone home’ to paired devices.

This is great when it’s your purse. But this also gives anyone the ability to stick such a tracker device onto a victim’s belongings and track them without their consent, for whatever nefarious purpose. Yet it is this duality between useful and illegal that has people on edge when it comes to these trackers. How can we still use the benefits they offer, without giving stalkers and criminals free reign? A draft proposal by Apple and Google, submitted to the Internet Engineering Task Force (IETF), seeks to address these points but it remains complicated.

Continue reading “AirTags, Tiles, SmartTags And The Dilemmas Of Personal Tracking Devices”

This Week In Security: Oracle Opera, Passkeys, And AirTag RFC

May 5, 2023 by 10 Comments

There’s a problem with Opera. No, not that kind of opera. The Oracle kind. Oracle OPERA is a Property Management Solution (PMS) that is in use in a bunch of big-name hotels around the world. The PMS is the system that handles reservations and check-ins, talks to the phone system to put room extensions in the proper state, and generally runs the back-end of the property. It’s old code, and handles a bunch of tasks. And researchers at Assetnote found a serious vulnerability. CVE-2023-21932 is an arbitrary file upload issue, and rates at least a 7.2 CVSS.

It’s a tricky one, where the code does all the right things, but gets the steps out of order. Two parameters, jndiname and username are encrypted for transport, and the sanitization step happens before decryption. The username parameter receives no further sanitization, and is vulnerable to path traversal injection. There are two restrictions to exploitation. The string encryption has to be valid, and the request has to include a valid Java Naming and Directory Interface (JNDI) name. It looks like these are the issues leading Oracle to consider this flaw “difficult to exploit vulnerability allows high privileged attacker…”.

The only problem is that the encryption key is global and static. It was pretty straightforward to reverse engineer the encryption routine. And JDNI strings can be fetched anonymously from a trio of endpoints. This lead Assetnote to conclude that Oracle’s understanding of the flaw is faulty, and a much higher CVSS score is appropriate. Particularly with this Proof of Concept code, it is relatively straightforward to upload a web shell to an Opera system.

The one caveat there is that an attacker has to get network access to that install. These aren’t systems intended to be exposed to the internet, and my experience is that they are always on a dedicated network connection, not connected to the rest of the office network. Even the interconnect between the PMS and phone system is done via a serial connection, making this network flaw particularly hard to get to. Continue reading “This Week In Security: Oracle Opera, Passkeys, And AirTag RFC”