AirTag hacked and reprogrammed by security researcher

24

Comments

  • Reply 21 of 63
    ppietrappietra Posts: 288member
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    gregoriusmwatto_cobra
  • Reply 22 of 63
    Another new product and another genius show us how stupid the inventors are, Apple in this case, for allowing their product to be hacked. 
  • Reply 23 of 63
    XedXed Posts: 2,519member
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    Soliwatto_cobra
  • Reply 24 of 63

    Maybe we all have too much time on our hands (agonising over the relative merits of different trackers)

    Since I can’t remember having lost anything of any significance over the last 40 years, maybe a tracker does not need to be so important and a bit of organisation works better. 

    My wife would probably disagree, although most of her lost items end up being in the house.

    Mind you I can’t remember where I was last Tuesday! and I have photographs of thing I don’t remember possessing.

    Maybe I need a TAG.

    dewmewatto_cobra
  • Reply 25 of 63
    ppietrappietra Posts: 288member
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    fastasleepurahara
  • Reply 26 of 63
    XedXed Posts: 2,519member
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

    Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.
    edited May 2021 Soli
  • Reply 27 of 63
    ppietrappietra Posts: 288member
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

    Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.
    OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
    "In no comment did I say that it pairs with another device":
    In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.
    fastasleepurahara
  • Reply 28 of 63
    XedXed Posts: 2,519member
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

    Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.
    OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
    "In no comment did I say that it pairs with another device":
    In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.
    In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device. The 'C' in NFC stands for communication.
    edited May 2021 Soli
  • Reply 29 of 63
    lkrupplkrupp Posts: 10,557member
    Loving all the pontificating from anonymous posters claiming to know what they are talking about. It’s hilarious to read this shit from paranoids who are scared of their shadows.
    hammeroftruthpscooter63ericthehalfbeeshamino
  • Reply 30 of 63
    ppietrappietra Posts: 288member
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

    Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.
    OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
    "In no comment did I say that it pairs with another device":
    In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.
    In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device.
    Seriously!????????????? Are you trolling me?
    To communicate with each other both need to communicate with each other... seems a very simple concept to grasp! And there are protocols that need to be followed to establish a bluetooth connection. Broadcasting a string is not a bluetooth connection!
    Besides the fact that the NFC has nothing to do with Find My network, the NFC chip scanning does not establish any kind of network connection in any way similar with how you pair an headphone
    fastasleep
  • Reply 31 of 63
    XedXed Posts: 2,519member
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

    Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.
    OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
    "In no comment did I say that it pairs with another device":
    In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.
    In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device.
    Seriously!????????????? Are you trolling me?
    To communicate with each other both need to communicate with each other... seems a very simple concept to grasp! And there are protocols that need to be followed to establish a bluetooth connection. Broadcasting a string is not a bluetooth connection!
    Besides the fact that the NFC has nothing to do with Find My network, the NFC chip scanning does not establish any kind of network connection in any way similar with how you pair an headphone
    Are you trolling me?

    One last time JIC you're really not getting it. Scenario: Someone with aniPhone X finds a lost AirTag. They try to use it to determine who lost it. Will they be able to have the AirTag connect to their device so the AirTag can communicate the URL to their iPhone? No, because it doesn't have the NFC HW, but iPhone 11's and newer can, as well as countless other devices made by other vendors.
    edited May 2021 Soli
  • Reply 32 of 63
    ppietrappietra Posts: 288member
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

    Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.
    OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
    "In no comment did I say that it pairs with another device":
    In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.
    In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device.
    Seriously!????????????? Are you trolling me?
    To communicate with each other both need to communicate with each other... seems a very simple concept to grasp! And there are protocols that need to be followed to establish a bluetooth connection. Broadcasting a string is not a bluetooth connection!
    Besides the fact that the NFC has nothing to do with Find My network, the NFC chip scanning does not establish any kind of network connection in any way similar with how you pair an headphone
    Are you trolling me?

    One last time JIC you're really not getting it. Scenario: Someone with aniPhone X finds a lost AirTag. They try to use it to determine who lost it. Will they be able to have the AirTag connect to their device so the AirTag can communicate the URL to their iPhone? No, because it doesn't have the NFC HW, but iPhone 11's and newer can, as well as countless other devices made by other vendors.
    you should study what NFC scanning entices and what is a network connection! But hey, at least you already forgot all about bluetooth and connecting to the internet.
    uraharafastasleep
  • Reply 33 of 63
    nicholfdnicholfd Posts: 824member
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

    Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.
    OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
    "In no comment did I say that it pairs with another device":
    In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.
    In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device.
    Seriously!????????????? Are you trolling me?
    To communicate with each other both need to communicate with each other... seems a very simple concept to grasp! And there are protocols that need to be followed to establish a bluetooth connection. Broadcasting a string is not a bluetooth connection!
    Besides the fact that the NFC has nothing to do with Find My network, the NFC chip scanning does not establish any kind of network connection in any way similar with how you pair an headphone
    Are you trolling me?

    One last time JIC you're really not getting it. Scenario: Someone with aniPhone X finds a lost AirTag. They try to use it to determine who lost it. Will they be able to have the AirTag connect to their device so the AirTag can communicate the URL to their iPhone? No, because it doesn't have the NFC HW, but iPhone 11's and newer can, as well as countless other devices made by other vendors.
    No one is trolling @Xed ;.  They are just informing you that you are ignorant of how this technology works.

    The AirTag broadcasts an encrypted ID via BLE, which is one way (in this case, the definition of broadcast).  If an iPhone with bluetooth (not NFC) is within range, the iPhone will send the encrypted AirTag ID, and the iPhone's location to Apple.  Apple will decrypt the AirTag ID, and notify the device the AirTag is paired with (and other devices using the same Apple ID), with the iPhone's location.

    And again, showing your ignorance, iPhones since iPhone 6 & 6Plus have NFC (for Apple Pay).  However, only the iPhone 7 & 7Plus & newer have NFC readers that can read an AirTag, all have NFC (not UWB which isn't required).  Again, the NFC URL is read by the NFC reader - one way communication.  Even non-Apple (Android) devices can read the URL via NFC.

    The AirTag cannot communicate two way with anything - only broadcast it's ID, encrypted.
    edited May 2021 pscooter63fastasleep
  • Reply 34 of 63
    hammeroftruthhammeroftruth Posts: 1,303member
    lkrupp said:
    Loving all the pontificating from anonymous posters claiming to know what they are talking about. It’s hilarious to read this shit from paranoids who are scared of their shadows.
    Pass the popcorn. It’s about to get funnier. 
    pscooter63fastasleepwatto_cobra
  • Reply 35 of 63
    SoliSoli Posts: 10,035member
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

    Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.
    OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
    "In no comment did I say that it pairs with another device":
    In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.
    In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device.
    Seriously!????????????? Are you trolling me?
    To communicate with each other both need to communicate with each other... seems a very simple concept to grasp! And there are protocols that need to be followed to establish a bluetooth connection. Broadcasting a string is not a bluetooth connection!
    Besides the fact that the NFC has nothing to do with Find My network, the NFC chip scanning does not establish any kind of network connection in any way similar with how you pair an headphone
    Are you trolling me?

    One last time JIC you're really not getting it. Scenario: Someone with aniPhone X finds a lost AirTag. They try to use it to determine who lost it. Will they be able to have the AirTag connect to their device so the AirTag can communicate the URL to their iPhone? No, because it doesn't have the NFC HW, but iPhone 11's and newer can, as well as countless other devices made by other vendors.
    you should study what NFC scanning entices and what is a network connection! But hey, at least you already forgot all about bluetooth and connecting to the internet.
    Networking may be complex in execution but the foundations are universal. Nodes must always connect to other nodes before information and resources can be shared. Networks follow protocols, which define how communications are sent and received. It is impossible to communicate if you're not speaking the same language, which in networking means using compatible protocols and with wireless also requires compatible frequency ranges.

    Take for example the GPS in a plane or car that connects with various satellites without the satellites having any indication of the devices that are connecting to them. There's no handshake involved but the devices are still connecting and then retrieving location and timing information from the satellites. Without the connection to the sats there is no way to triangulate.
    Xedfastasleepwatto_cobra
  • Reply 36 of 63
    SoliSoli Posts: 10,035member
    nicholfd said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

    Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.
    OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
    "In no comment did I say that it pairs with another device":
    In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.
    In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device.
    Seriously!????????????? Are you trolling me?
    To communicate with each other both need to communicate with each other... seems a very simple concept to grasp! And there are protocols that need to be followed to establish a bluetooth connection. Broadcasting a string is not a bluetooth connection!
    Besides the fact that the NFC has nothing to do with Find My network, the NFC chip scanning does not establish any kind of network connection in any way similar with how you pair an headphone
    Are you trolling me?

    One last time JIC you're really not getting it. Scenario: Someone with aniPhone X finds a lost AirTag. They try to use it to determine who lost it. Will they be able to have the AirTag connect to their device so the AirTag can communicate the URL to their iPhone? No, because it doesn't have the NFC HW, but iPhone 11's and newer can, as well as countless other devices made by other vendors.
    No one is trolling @Xed ;.  They are just informing you that you are ignorant of how this technology works.

    The AirTag broadcasts an encrypted ID via BLE, which is one way (in this case, the definition of broadcast).  If an iPhone with bluetooth (not NFC) is within range, the iPhone will send the encrypted AirTag ID, and the iPhone's location to Apple.  Apple will decrypt the AirTag ID, and notify the device the AirTag is paired with (and other devices using the same Apple ID), with the iPhone's location.

    And again, showing your ignorance, iPhones since iPhone 6 & 6Plus have NFC (for Apple Pay).  However, only the iPhone 7 & 7Plus & newer have NFC readers that can read an AirTag, all have NFC (not UWB which isn't required).  Again, the NFC URL is read by the NFC reader - one way communication.  Even non-Apple (Android) devices can read the URL via NFC.

    The AirTag cannot communicate two way with anything - only broadcast it's ID, encrypted.
    How do you suppose that broadcast is retrieved and passed on if there are no devices using the same protocols and frequencies that can hear it and know what to do with it?

    Historically when a node (like your computer) wants to obtain an IP address it would send out a message on whatever network it is using. Any and all devices connected on the network will ignore this broadcast except for either the DHCP server which will send back an IP address for that MAC address to use (or it will be forwarded to another network where a DHCP server will eventually send back this information by routers configured to do so).

    Broadcasts are still a communication even if they aren't one-to-one communication between nodes so they still need other linked nodes to allow them to pass on this data.
    edited May 2021 Xedwatto_cobra
  • Reply 37 of 63
    ppietrappietra Posts: 288member
    Soli said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

    Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.
    OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
    "In no comment did I say that it pairs with another device":
    In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.
    In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device.
    Seriously!????????????? Are you trolling me?
    To communicate with each other both need to communicate with each other... seems a very simple concept to grasp! And there are protocols that need to be followed to establish a bluetooth connection. Broadcasting a string is not a bluetooth connection!
    Besides the fact that the NFC has nothing to do with Find My network, the NFC chip scanning does not establish any kind of network connection in any way similar with how you pair an headphone
    Are you trolling me?

    One last time JIC you're really not getting it. Scenario: Someone with aniPhone X finds a lost AirTag. They try to use it to determine who lost it. Will they be able to have the AirTag connect to their device so the AirTag can communicate the URL to their iPhone? No, because it doesn't have the NFC HW, but iPhone 11's and newer can, as well as countless other devices made by other vendors.
    you should study what NFC scanning entices and what is a network connection! But hey, at least you already forgot all about bluetooth and connecting to the internet.
    Networking may be complex in execution but the foundations are universal. Nodes must always connect to other nodes before information and resources can be shared. Networks follow protocols, which define how communications are sent and received. It is impossible to communicate if you're not speaking the same language, which in networking means using compatible protocols and with wireless also requires compatible frequency ranges.

    Take for example the GPS in a plane or car that connects with various satellites without the satellites having any indication of the devices that are connecting to them. There's no handshake involved but the devices are still connecting and then retrieving location and timing information from the satellites. Without the connection to the sats there is no way to triangulate.
    You don’t connect to GPS satellites, you only collect data that is broadcasted by different satellites... It is the device that then calculates its own location based on the data that was broadcasted. Why are people confusing non-network broadcasting with connection?
    uraharafastasleepwatto_cobra
  • Reply 38 of 63
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    Every device that 'talks' across any network CAN BE HACKED. Any computing device by the nature of it being a human built & programmed device CAN BE HACKED. It is a matter of what you can do with it, how easy it is and really does anyone care anymore? It's all hackable. New device on market- hackable. Old device - hackable. 

  • Reply 39 of 63
    SoliSoli Posts: 10,035member
    ppietra said:
    Soli said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

    Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.
    OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
    "In no comment did I say that it pairs with another device":
    In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.
    In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device.
    Seriously!????????????? Are you trolling me?
    To communicate with each other both need to communicate with each other... seems a very simple concept to grasp! And there are protocols that need to be followed to establish a bluetooth connection. Broadcasting a string is not a bluetooth connection!
    Besides the fact that the NFC has nothing to do with Find My network, the NFC chip scanning does not establish any kind of network connection in any way similar with how you pair an headphone
    Are you trolling me?

    One last time JIC you're really not getting it. Scenario: Someone with aniPhone X finds a lost AirTag. They try to use it to determine who lost it. Will they be able to have the AirTag connect to their device so the AirTag can communicate the URL to their iPhone? No, because it doesn't have the NFC HW, but iPhone 11's and newer can, as well as countless other devices made by other vendors.
    you should study what NFC scanning entices and what is a network connection! But hey, at least you already forgot all about bluetooth and connecting to the internet.
    Networking may be complex in execution but the foundations are universal. Nodes must always connect to other nodes before information and resources can be shared. Networks follow protocols, which define how communications are sent and received. It is impossible to communicate if you're not speaking the same language, which in networking means using compatible protocols and with wireless also requires compatible frequency ranges.

    Take for example the GPS in a plane or car that connects with various satellites without the satellites having any indication of the devices that are connecting to them. There's no handshake involved but the devices are still connecting and then retrieving location and timing information from the satellites. Without the connection to the sats there is no way to triangulate.
    You don’t connect to GPS satellites, you only collect data that is broadcasted by different satellites... It is the device that then calculates its own location based on the data that was broadcasted. Why are people confusing non-network broadcasting with connection?
    It's all networking and it's still a connection that has to be established to allow data to be passed. If you tune in the correct FM frequency to a local radio station you are connecting to that radio station and will then be able to receive their Tx..

    Ask yourself this question. If a computer is not connected to a network how will they obtain an IP address from a DHCP server? Who is there to listen and respond to their request if they aren't connected to that work? Hopefully that makes sense. Now ask yourself the same thing for trackers. If a tracker is broadcasting and there are no nodes that can understand what they are saying how will there message be relayed? Don't iPhones have to be using the same protocols and frequencies to be able to read the IDs and pass them along? That's the connection, just as basic as a packet using UDP and a particular port number to get a message to a server. It's not sexy, but it works most of time.
    edited May 2021 Xed
  • Reply 40 of 63
    nicholfdnicholfd Posts: 824member
    Soli said:
    nicholfd said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    ppietra said:
    Xed said:
    nicholfd said:
    Xed said:
    rob53 said:
    So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 
    As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

    This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

    We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

    While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
    The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

    The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
    You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

    To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
    That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
    AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
    Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.
    Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

    They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.
    No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
    The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
    AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.
    Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

    Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.
    OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
    "In no comment did I say that it pairs with another device":
    In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.
    In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device.
    Seriously!????????????? Are you trolling me?
    To communicate with each other both need to communicate with each other... seems a very simple concept to grasp! And there are protocols that need to be followed to establish a bluetooth connection. Broadcasting a string is not a bluetooth connection!
    Besides the fact that the NFC has nothing to do with Find My network, the NFC chip scanning does not establish any kind of network connection in any way similar with how you pair an headphone
    Are you trolling me?

    One last time JIC you're really not getting it. Scenario: Someone with aniPhone X finds a lost AirTag. They try to use it to determine who lost it. Will they be able to have the AirTag connect to their device so the AirTag can communicate the URL to their iPhone? No, because it doesn't have the NFC HW, but iPhone 11's and newer can, as well as countless other devices made by other vendors.
    No one is trolling @Xed ;.  They are just informing you that you are ignorant of how this technology works.

    The AirTag broadcasts an encrypted ID via BLE, which is one way (in this case, the definition of broadcast).  If an iPhone with bluetooth (not NFC) is within range, the iPhone will send the encrypted AirTag ID, and the iPhone's location to Apple.  Apple will decrypt the AirTag ID, and notify the device the AirTag is paired with (and other devices using the same Apple ID), with the iPhone's location.

    And again, showing your ignorance, iPhones since iPhone 6 & 6Plus have NFC (for Apple Pay).  However, only the iPhone 7 & 7Plus & newer have NFC readers that can read an AirTag, all have NFC (not UWB which isn't required).  Again, the NFC URL is read by the NFC reader - one way communication.  Even non-Apple (Android) devices can read the URL via NFC.

    The AirTag cannot communicate two way with anything - only broadcast it's ID, encrypted.
    How do you suppose that broadcast is retrieved and passed on if there are no devices using the same protocols and frequencies that can hear it and know what to do with it?

    Historically when a node (like your computer) wants to obtain an IP address it would send out a message on whatever network it is using. Any and all devices connected on the network will ignore this broadcast except for either the DHCP server which will send back an IP address for that MAC address to use (or it will be forwarded to another network where a DHCP server will eventually send back this information by routers configured to do so).

    Broadcasts are still a communication even if they aren't one-to-one communication between nodes so they still need other linked nodes to allow them to pass on this data.
    It's called BT LE (BlueTooth LE) & NFC - these are standards.  They are Broadcast & Read Only (generally).  They are one way (in this scenario).

    There is not TCP/IP, network, DHCP, IP address, etc.  It's simply read the NFC, or listen fo the BT LE broadcast.  One way.  No app listening, no communications.


    fastasleep
Sign In or Register to comment.