AirTags are Apple’s version of Tile trackers — they’re small circular gadgets with Find My Network support. When a user enables Lost Mode on an AirTag, it generates a unique URL that directs whoever finds and scans it to https://found.apple.com to view the owner’s contact details. However, a recently discovered security flaw makes scanning random AirTags potentially dangerous.
A report on KrebsOnSecurity details (via MacRumors) that Lost Mode doesn’t prevent users from injecting arbitrary code into the contact details field. In theory, people can exploit this vulnerability and set up AirTags to redirect unsuspecting users to phishing or other malicious websites. Due to this, an average user trying to do the right thing by attempting to reach the owner of a lost AirTag can fall victim to the scam.
This vulnerability was first discovered by Bobby Rauch, a Boston-based Security Consultant. Rauch reported it to Apple back in June, and the investigation lasted for three months. Last Thur…
Written By: Mahmoud Itani
Original Article: https://www.xda-developers.com/apple-airtags-lost-mode-vulnerability/