If you drop off an AirTag the person who get it can use their iPhone to get at a website where they can obtain contact information from the possessor such as electronic mail computer address or telephone phone number .
The view finder can then report that they have find out the lost tag – a process that does n’t need them to provide their own personal information . The Finder just need to visit Apple ’s found.apple.com websiteherewhere they can register the discovery entirely anonymously .
AirTag found: What to do?
However , asKrebsOnSecurityreports , AirTags ( look back here)can be keep in line in such a way that they can deceive unsuspicious finders and tempt them to a bogus website where they are then asked to enter their iCloud data and thus give it over to criminals . Forwarding to malicious websites is also possible with handling in the phone number field .
Security researcher Bobby Raunch , who discovered the gap , explain to KrebsOnSecurity the peril of the gap : “ I ca n’t retrieve any other case in which such small , inexpensive consumer trailing devices could be used as weapon system ” . Also read : AirTag already hack and reprogrammed .
Apple reacts hesitantly – once again
Apple has been informed since mid - June and has investigate the gap since then . However , a promised update to shut the gap has still not been exhaust .
This call back the case of the gaps discovered by security expert Denis Tokarev and reported to Apple that the companionship has still not closed . According toVice , Apple apologise to Tokarev in an e-mail and justify the longsighted silence by saying the crack are still being investigated for find the best potential protection for users .
The gap discovered by Tokarev are not highly decisive , to exploit them if you would need an app that was not detected as malware during the admission check . Since Apple has been aware of the gap since spring , such a scenario is at least improbable – but Tokarev would have deserved the reward offered under Apple ’s bounty political platform .
In terms of lost and possibly manipulate AirTags , the common warning apply : Never unwrap personal information – your contact with the owner of the trackers should be completely anonymous .
Read : What can AirTags be used for .
This article originally appeared onMacwelt . Translation by Karen Haslam .
