Apple’s AirTag anti-stalking checks have been bypassed by a specially created clone of the tracking gadget that utilises a modified firmware on Apple’s own networks, according to cybersecurity experts. Stealth AirTag was able to monitor an iPhone user for more than five days without alerting Apple’s Find My Network, which was designed to prevent AirTag from being used for stalking. This Apple AirTag clone is just a concern for Apple.
Positive Security, a Berlin-based IT security company, has released the device’s source code on Github and written an in-depth blog post about it. Apple’s anti-stalking safeguards were able to be bypassed by the security team’s AirTag clone, according to the company’s co-founder Fabian Bräunlein.
During that period, neither the tracked iPhone user nor their iPhone-using roommate was notified of any tracking warnings. An individual was tracked from February 16 to February 21 with the use of a covert AirTag clone. Despite being in the vicinity of many iPhones most of the time, the AirTag remained undetected for the duration of the six-day experiment.
For those who don’t know, AirTag is a little tracking gadget that Apple released last year. Uses for the product include keeping track of one’s personal property. Apple’s Find My network may be used to locate it, and it can be tied to, for example, luggage or a set of keys.
Complaints about AirTag immediately poured in from all around the world. After its release, it was discovered that Apple’s coin-shaped tracking technology may be exploited to monitor individuals just as it helps people locate their items. Inadvertently implanting the tracking chip in the cars or baggage of naïve victims might give criminals total control over their movements.
Apple’s Privacy Anti-Stalking features
In the months that followed, Apple devised a number of countermeasures. To address this issue, Apple has just issued an official statement that outlines a number of additional features that have been implemented in an effort to prohibit the use of AirTag for stalking.
AirTag has been upgraded so that it will start beeping if it is kept away from the paired iPhone for an extended period of time. This can alert everyone within range of an unclaimed AirTag of its existence. In addition, the gadgets were upgraded to send notifications to neighbouring iPhones about an unidentifiable AirTag that was surrounding them. For Android users, Apple has also released the Tracker Detect app.
Although these steps appear to be adequate, they are not sufficient to provide total protection. AirTag was not discovered by the active scan of the Tracker Detect software that searches for Find My Devices, according to Positive Security’s new blog. Bräunlein was able to “retrieve and decode” the iPhones near the AirTag since they were sending their position to Apple’s servers at all times.
AirTags can still be used for stalking if they are updated, and that was the point of the study. Anti-stalking improvements for the Find My iPhone ecosystem should take into account AirTag clones, according to a blog post by Positive Security. There is now “no mechanism to differentiate real AirTags from clones over Bluetooth,” which in and of itself demands for a solution at the ecosystem level and not within Apple’s own devices.