Ever since Apple launched its Bluetooth-based tracking device AirTag, reports about the device being used for stalking and other criminal activities have surfaced all around the world. Citing these occurrences, the company started taking the necessary measures to prevent such issues by helping users with relevant safety guides and adding privacy features for an AirTag. However, a security researcher has now built an AirTag clone that can bypass almost every anti-stalking feature that aims to prevent privacy issues.
AirTag Clone Bypasses Apple’s Anti-Stalking Features
While Apple’s AirTag is a nifty device to track and locate losable items like wallets, keys, and luggage, people have been using the device to stalk other people without their knowledge. Following these issues, Apple recently introduced new privacy features to its devices to prevent such activities. In fact, the company integrated a few of those features with its latest iOS 15.4 beta 4 update†
However, a security researcher from Berlin, Germany has now developed and built a ‘stealth’ AirTag clone that can bypass Apple’s current anti-stalking features† These clones don’t have a unique serial number as an original AirTag and aren’t paired with an Apple ID. In a recent blog postsecurity researcher Fabian Bräulein explained how he was able to develop the AirTag-clone and successfully track an iPhone user without their knowledge for five whole days as part of a real-world experiment.
Bräulein based the system (source code from GitHub) on OpenHaystack, which is a dedicated framework for tracking Bluetooth devices using the Find My network. Then, he used an ESP32 microcontroller with support for Bluetooth, a power bank, and a cable to build the AirTag clone†
How Does it Work?
In the blog post, Bräulein explained how each of Apple’s anti-stalking features could be bypassed in theory† For instance, if an AirTag separates from its owner, it currently plays a beeping sound to notify anyone near the device after three days. Although Apple has decreased the delay from 3 days to 8 to 24 hours, the AirTag clone bypasses it since it doesn’t have a functional speaker. It is revealed that various such clones have been found on eBay.
Other features like tracking alerts in notifications to a potential stalking victim were prevented by using over 2,000 pre-loaded public keys with the AirTag clone broadcasting one of them every 30 seconds† Moreover, the lack of a UWB chip inside prevented the victims from tracking the device using the Precision Finding feature in the Find My app.
Bräulein reported that he was able to successfully track and locate an iPhone user and an iPhone-bearing roommate for five days, without them getting any tracking alerts on their devices, using the AirTag clone and a custom macOS tool that was modified for the project. Following tests, it was also discovered that the AirTag clone could not be detected by the Android Tracker Detect app from Apple†
Bräulein reveals that this project does not aim to promote AirTag-based stalking. Instead, the detailed blog post and the AirTag clone aim to highlight the fact that even with Apple’s privacy measures in place, people with the right knowledge can find simple ways to bypass them and develop modified AirTags to continue their stalking. Hence, Apple should take these issues into account when integrating anti-stalking features for AirTags in the future.
Meanwhile, if you are worried about being tracked using an AirTag, you can read the official AirTags Safety Guide for more details. And if you ever find an unknown AirTag in your wallet, car, or purse, be sure to follow our guide on how to disable an AirTag found moving with you† Don’t forget to let us know your thoughts on this new discovery in the comments below!