AirTags… Beware!

Stalking is now a whole lot easier thanks to an inexpensive Apple device and a network of almost a billion trackers.

Apple’s AirTag, released in April 2021, was designed to help people find lost objects like keys, bags, computers, phones or even vehicles. It’s small — not much bigger than a $2 coin — costs US$29 (or about $50 here in New Zealand), and runs on a replaceable CR2032 battery that lasts about a year.

Tracking is enabled by tapping into Apple’s Find My network, originally conceived to help people find misplaced phones. Using the Bluetooth connections of iPhones, iPads and Macs all around the world — a network estimated to consist of nearly a billion devices — Find My signals are relayed back to the owner, and the item’s current or last known location is pinpointed on a map.

Which is great if you’ve lost your car keys or your laptop’s gone ‘walkabout’. It’s also great for car thieves:

“Since September 2021, officers have investigated five incidents where suspects have placed small tracking devices on high-end vehicles so they can later locate and steal them. [The AirTags] are placed in out-of-sight areas of the target vehicles when they are parked in public places like malls or parking lots. Thieves then track the targeted vehicles to the victim’s residence, where they are stolen …”

https://www.youtube.com/watch?v=WswKQxGOgWI

They’re also great for stalkers:

Apple’s AirTags used to follow 2 women in West Seneca

AirTags are scarily good at tracking items and…people. I know because I tried.

Apple’s AirTags Are a Gift to Stalkers
The tiny new tracking devices can be easily hidden in the cars and bags of victims. And exploiting them is dead simple.

Apple’s AirTag trackers made it frighteningly easy to ‘stalk’ me in a test
Apple knows its tiny new lost-item gadgets could empower domestic abuse but doesn’t do enough to stop it

Or as this woman posted on Twitter:

They’re great news for hackers too, as security researcher Brian Krebs reported recently:

The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website.

https://krebsonsecurity.com/2021/09/apple-airtag-bug-enables-good-samaritan-attack/

Safety features?

Two months after their release, in response to widespread safety concerns, Apple updated the devices so that AirTags now beep if they are away from their owner’s iPhone for a random period of time — between eight and twenty-four hours — which is intended to alert people nearby. Not particularly useful if it’s been attached to your car, or, apparently, is it particularly loud. One alertee described it as “just 15 seconds of light chirping”. It’s also possible to defeat the alarm by opening the AirTag and removing the speaker magnet, as this YouTube video shows.

Another criticism was that unknown-AirTag-in-your-location warnings were only issued to Apple devices. Android users couldn’t detect them. So in December 2021, Apple released an Android app called Tracker Detect to allow users to scan for nearby AirTags potentially being used for malicious purposes.

Initial reviews aren’t encouraging, not least because the app isn’t ‘always on’ like its Mac, iPad and iPhone equivalents which have the functionality built into their operating systems. When I checked, Tracker Detect rated just 1.6 out of a possible 5 with comments like:

  • “I should not have to choose when to scan. I should get an alert because this is a safety issue.”
  • “Needs to have automated scan options.”
  • “I just downloaded the Tracker Detect app, hoping to have an app that will alert me if an AirTag was placed on my vehicle or in my belongings. It’s extremely concerning that as a company Apple hasn’t figured out a solution to this problem. I should not have to choose when to scan. I should get an alert because this is a safety issue. The many stories I’ve read or heard in the news on this aren’t mistakes or mixups but intentional stalkings. Fix it.”

Will Apple fix it? It seems unlikely. As part of AirTags launch, Apple offered what they called “new third-party finding experiences” with their Made for iPhone (MFi) Program:

With this, third-party device makers will be able to take advantage of Ultra Wideband technology in U1-equipped Apple devices, creating a more precise, directionally aware experience when nearby.

https://www.apple.com/newsroom/2021/04/apples-find-my-network-now-offers-new-third-party-finding-experiences/

Early adopters include makers of e-bikes and some models of wireless earbuds, including Apple’s own.

In short, you can expect to find a lot more AirTags — and “unknown AirTag” alerts — around you soon.



Tweet or share this:

Leave a Reply

Your email address will not be published. Required fields are marked *