Apple AirTag is the perfect spy bug

Man

Professional
Messages
2,950
Reaction score
475
Points
83
uss_0rod82ntptbw1zh2wqvumda.jpeg


Stalkerware is a mobile software for stalking, that is, obsessive surveillance of a person. This is a growing class of software that allows a hacker to obtain the geolocation of a smartphone, view text messages, photos, calls, and Internet searches. Such software is used by amateurs (spying on spouses) and professionals, in the work of state intelligence and law enforcement agencies, for surveillance of independent journalists and activists.

Some security experts believe that Apple AirTags radio tags are an excellent addition to the stalkerware toolkit. Apparently, malicious use of Apple technology falls under several articles of the Criminal Code.
Apple AirTags are Bluetooth beacons that communicate their location to their owner via the Find My global network of millions of strangers with iPhones that act as constant scanners.

An AirTag can be easily hidden in a victim’s bag or car, giving an attacker an easy way to track their location. It’s not much different from tracking with other trackers, such as Tile, but on a much larger scale.

1e_cv8jwwzaxdtyp0cgtbdn5z5g.jpeg

Tile Mate, Galaxy SmartTag, Apple AirTag, and a quarter for comparison

6xmn99bbew6lc8lofimeozjg1d0.jpeg

Beacons being illuminated in an X-ray system. Photo: Creative Electron (except the last one)

Tile beacons also form a distributed P2P network with each other, but Apple’s network is much larger. Tile has tens of thousands of users. Apple has over a billion, and Apple has connected almost all iOS devices to the global tracking network by default.

8ur9xisbt-dwza1cxxy9dlmnvgw.jpeg


Android users are potential victims​


For iPhone users themselves, software notifications are provided to find out about potential stalking. If such suspicions arise, you can look at the list of unfamiliar AirTag beacons around. But if the victim has an Android device, he is out of luck. After 72 hours, AirTag will give a sound signal - 15 seconds of light chirping at a volume of 60 dB (this is the volume of a normal conversation). The signal will only work if the attacker has not reset the timer within three days, that is, has not driven near the beacon. In any case, 60 dB is also not always audible.

It turns out that now protection from Apple products only works for Apple users, which is not very fair.

Researchers point out that Android users are currently not protected from surveillance in any way. Apple is obliged to at least develop an Android application for scanning surrounding beacons.

On the other hand, AirTag poses a potential threat to iOS users. The thing is that the microcontroller firmware can be put into debug mode using PocketGlitcher, then modified and even broadcast arbitrary data to surrounding devices in the Find My network. This bug can be used to collect data from IoT sensors in areas without mobile coverage, as well as to transmit data from isolated computers where there is no network connection, but strangers with smartphones enter the room (airgapped systems, shielded rooms).

Spying on iOS Users' Homes​


Security specialist Lukasz Krol described another creative way of tracking with AirTag. The originality is that here the useful information is not the presence of the AirTag signal, but its absence .

We know that the beacon reports its location via an iPhone device that is nearby. It looks like this.

nqjnn8skdzh4vzw7seykrbcl54y.png


The AirTag owner can determine when their AirTag was last near their iPhone. Since the iPhone almost always moves with its owner, the absence of the iPhone in a given location indicates how long the person has been away from the house.

In other words, if an intruder leaves an AirTag near a relatively isolated house, they will be notified when no one is inside and for how long. This information can be useful to burglars.

In this case, the vulnerable category is iOS users, because such an attack will not work against Android users.

To sum it up, personal AirTag mobile beacons are effective for tracking Android users, while stationary ones are effective for iOS users. The latter also have the advantage of being difficult to prove from the outside: the attacker can say that he accidentally forgot/lost the AirTag near the victim's house, in her apartment, in a neighboring apartment, or in another interesting place - and he himself will check for the victim's appearance using these coordinates.

Source
 
Top