The device can give out confidential information about the surrounding smartphones iPhone
Security researcher Lukasz Krol has discovered a potentially dangerous way to use Apple AirTag devices. Small beacons allow you to track the location of people and find out when a house, apartment or office is empty.
AirTag is a coin-sized beacon that tracks the location of all things using Bluetooth. With its help, you can find keys, a wallet, determine where the suitcase is, and even find an escaped pet. AirTag informs its iPhone owner when it is nearby and notifies its location.
In a statement to Fast Company, Apple noted that it will alert people when they arrive at home or another location that they frequently visit, like an office or gym.
Apple has built some protections into this system. If you are an iPhone user, for instance, and someone has placed an AirTag on your person, your phone will eventually alert you that an AirTag that isn’t yours has been found “moving with you.” Apple didn’t clarify how quickly or often this alert will arrive, but it did share that it will occur when you arrive at your home (the address stored in your Apple “Me” card) or at certain other locations that your phone has learned you frequent over time. Apple declined to disclose further specifics, citing the interest of public safety.
Since iPhones often travel with their owners almost everywhere, the absence of the iPhone anywhere can mean that there are no people around, and also indicate how long they have been away.
AirTag works by leveraging the Apple Find My network and regularly sends signals that iPhone and other Apple devices can pick up. Whenever AirTag approaches one of the devices, its location should be automatically updated on the Find My network and displayed in the iOS app.
This way, if someone leaves the AirTag near the living area, the AirTag owner can figure out when no one is home. Krol left the AirTag at a friend’s house, which is far enough away from other homes that AirTag won’t track other iPhones. When his friend was at home, AirTag reported his whereabouts. When no one was home, AirTag did not send any signals at all.
“Stationary beacons, if properly positioned, can give out a lot of data about the movement of iPhone owners,” the expert explained.
According to Krol, Apple has several simple ways to mitigate the risks of exploiting the problem. The company can turn off the display of the exact time when AirTag updated its position, or replace the phrase “last updated” with “last move”, or hide the time of the last move altogether.