Skip links

How to reprogram Apple AirTags, play custom sounds

At the Workshop on Offensive Technologies 2022 (WOOT) on Thursday, security researchers demonstrated how to meddle with AirTags, Apple’s coin-sized tracking devices.

Thomas Roth (Leveldown Security), Fabian Freyer (Independent), Matthias Hollick (TU Darmstadt, SEEMOO), and Jiska Classen (TU Darmstadt, SEEMOO) describe their exploration of Apple’s tracking tech in a paper [PDF] titled, “AirTag of the Clones: Shenanigans with Liberated Item Finders.”

The boffins discuss tools they’ve developed and released to advance the exploration of AirTag hardware and firmware, made possible by existing imperfections.

“AirTags have fundamental implementation issues, such as being vulnerable to firmware downgrades and using an nRF chip that is known to be vulnerable to voltage glitching attacks,” the computer scientists state in their paper. “These issues are rooted in the underlying hardware and general software architecture, meaning they cannot be patched without tremendous effort.”

These security holes aren’t particularly meaningful for AirTags users, but are relevant because they allow the technically inclined to alter a device’s firmware and change its behavior. Understanding the gaps in the security of AirTags makes it easier to guard against misuse of the technology and to develop more resilient systems.

Released just over a year ago, AirTags consist of a Nordic nRF52832 chip that communicates via Bluetooth Low Energy (BLE) and Near Field Communication (NFC). They also include Apple’s U1 chip for precisely locating things via Ultra-wideband (UWB) technology. The transceiver discs rely on Apple’s Find My network, which provides location services for Apple and authorized third-party hardware.

AirTags have proven popular for mundane tasks like keeping track of keys and luggage, but have also been used for stalking and for tracking vehicles for later theft. In February, Apple responded to reports of AirTag misuse by announcing various changes intended to make its tracking tokens more difficult to use surreptitiously.

Nonetheless, stalking – via AirTags, similar trackers, or other geo-aware hardware like Apple Watch – remains an ongoing concern. Earlier this week, the Oklahoma State University Police Department reportedly issued a warning after a few students had AirTags placed within their possessions or on their vehicles. That follows a more general advisory issued by the university in March.

NBC10 Boston on Wednesday identified multiple unwanted tracking incidents this year through a public records request.

“Apple did not publish a threat model for AirTags,” the researchers explain in their paper. “The AirTag hardware and firmware design and their integration into Apple’s ecosystem still allow us to deduce underlying security assumptions. Apple’s threat model likely underestimated some attacks, especially stalking, since they improved protections with subsequent updates.”

The researchers developed a tool called Air Glitcher for assisting with a voltage-fault injection attack on the AirTag’s nRF52832 chip. The technique requires a Raspberry Pi Pico, a level shifter, and a MOSFET. After about 3.5 minutes, they were able to read out the chip’s firmware and alter it. And yes, this required physical access.

Once done, they were able to change the URL produced by an NFC reader scanning an AirTag from to a YouTube video with the identifier dQw4w9WgXcQ. Veteran internet users should have no trouble guessing what this video might be.

The boffins examined AirTag anti-stalking features and how they might be bypassed. But they consider tracking prevention to be a broader problem because non-Apple GPS-tracking devices predated AirTags and never had any stalking protection.

They also created a set of scripts and resources for interacting with AirTags paired to a jailbroken iPhone, and a host system running FЯIDA, a reverse engineering and instrumentation toolkit, to downgrade AirTag firmware.

While the AirTag firmware currently has no publicly disclosed remote code execution flaws, were such a bug to become known, the researcher says, this sort of firmware downgrade could be used to run arbitrary code on AirTags.

Among the threat scenarios considered, one is particularly interesting. In theory, it may be possible to turn AirTags into microphones.

“Accelerometers can be used as microphones,” the researchers explain, citing a paper published in 2011. “The AirTag PCB contains an unlabeled accelerometer, likely the Bosch 3-axis Mems gyroscope BMA288.”

“Using firmware written from scratch and placing the AirTag in a metal can to improve sound conductance, we attempt using the integrated accelerometer as a microphone. We were not able to achieve enough fidelity to recover audio from the signal reliably, however, other modes of operating the accelerometer might lead to more success.”

The researchers tried to do so and failed. But that may not always be the case. Better to have the academics find out than the less-well-intentioned. ®