Skip to main content

A Simple Bug Is Leaving AirTag Users Vulnerable to an Attack

posted onOctober 4, 2021
by l33tdawg
Flickr
Credit: Flickr

The hits keep coming to Apple's bug-bounty program, which security researchers say is slow and inconsistent to respond to its vulnerability reports. This time, the vuln du jour is due to failure to sanitize a user-input field—specifically, the phone number field AirTag owners use to identify their lost devices.

Security consultant and penetration tester Bobby Rauch discovered that Apple's AirTags—tiny devices which can be affixed to frequently lost items like laptops, phones, or car keys—don't sanitize user input. This oversight opens the door for AirTags to be used in a drop attack. Instead of seeding a target's parking lot with USB drives loaded with malware, an attacker can drop a maliciously prepared AirTag.

This kind of attack doesn't need much technological know-how—the attacker simply types valid XSS into the AirTag's phone number field, then puts the AirTag in Lost mode and drops it somewhere the target is likely to find it. In theory, scanning a lost AirTag is a safe action—it's only supposed to pop up a webpage at https://found.apple.com/. The problem is that found.apple.com then embeds the contents of the phone number field in the website as displayed on the victim's browser, unsanitized.

Source

Tags

Industry News Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th