Beware of AirTag

On April 20, 2021 Apple launched the AirTag tracking device.

Q: Apple recently launched AirTag, which has solved many problems such as lost objects by people with big rip-offs. However, security experts soon discovered that there are major vulnerabilities in the design of AirTag, and if someone changes the software or if someone deliberately uses the vulnerabilities in Apple’s Find My software, it will become a tracking tool. AirTag uses Apple’s own chip, so why can its software be modified to change AirTag into a tracker?

Li Jianjun: AirTag uses Apple’s own U1 chip, which is not new and has been used for the first time in the iPhone 11 series. But for phones, tablets and other complex devices, their operating systems have heavy security, and it is never easy for hackers to use phones or tablets to do tracking and monitoring. But AirTag only U1 chip, how can you expect a button battery-powered devices, will have a very complex security and operational systems. So it’s not surprising that a security expert could easily rewrite the internal software of the AirTag and turn it into malicious hardware. Even if Apple’s design is seamless, but with the current level of hackers, it is very easy to break the AirTag. The Find My software function is not a big problem on cell phones, tablets and even notebook computers, and may not even be a problem on watches, but it is likely to be a problem on ultra-small computers with only the most basic functions.

Q: If AirTag will become a tracking tool, what is there to watch out for?

Li Jianjun: First of all, don’t try to use AirTag before Apple solves the security problems of AirTag, and you should wait for better hardware and software security before you consider buying AirTag to protect your valuable assets at home or to prevent you from leaving your personal belongings in public places due to poor memory.

On the other hand, do not accept any AirTag from your friends. If you see an unsolicited AirTag in your mailbox, you should immediately discard it and not use it. If you see an unsolicited AirTag in your mailbox, you should immediately discard it and not use it. This is because these AirTags are always products that are spiked by people who want to track you easily. The same reasoning applies if you find electronic devices of unknown origin or AirTag objects under your car, you must immediately remove the devices and destroy them, so that the Chinese authorities can use them to track your every move. AirTag, to some extent, accidentally raises many privacy issues.

Q: If the principle of AirTag, small button battery-powered devices, will it be easy to be used by the authorities for tracking purposes, so that in fact the Chinese authorities no longer need to send a special person to follow the longitudinal. Then, in addition to refusing to accept friends, or uninvited AirTag, what else should I pay attention to?

Li Jianjun, the size of this device is very small, so you have to pay attention to, if suddenly appear some unsolicited, such as a key chain objects, then you have to be careful whether the device has been spiked. Be cautious about accepting gifts, because the Chinese authorities may hide chips and batteries in some souvenir devices for surveillance purposes. In order not to be exposed, there is a high chance that such devices are not equipped with a battery replacement function, leaving the battery to run out and another uninvited device to take over when surveillance is needed again. Therefore, it is important to maintain a vigilant attitude towards some unsolicited gifts so that you are not completely unaware that you are being tracked. Because AirTag technology reflects the Bluetooth-based location tracking, it has started to step into the mature stage.

Q: The principle of AirTag is basically based on low-energy Bluetooth technology, so what are the ways to detect some uninvited Bluetooth devices nearby?

Li Jianjun: No matter Android or iOS platform, there are some free programs to help you identify nearby Bluetooth devices, from devices that transmit advertising messages to general Bluetooth speakers. Only, if you live in a high-rise building, it is likely that there are hundreds of Bluetooth devices in one sweep, because the effective transmitting distance of Bluetooth signal can be as long as 10 meters, so almost all Bluetooth devices upstairs and downstairs of your building will be swept.

If you want to successfully find the suspicious device, you must have some technical knowledge. Because there are problematic devices that can disguise themselves as normal devices, such as claiming to be a speaker, you will have to further analyze the information scanned to know exactly whether you have found your neighbor’s speaker or a tracking device sent to you by the Chinese authorities, which is not an easy task, and you will most likely need the help of a friend familiar with Bluetooth technology to analyze the program information scanned back.