AirTag Successfully Hacked to Show Custom URL in Lost Mode - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

AirTag Successfully Hacked to Show Custom URL in Lost Mode

by

The inevitable race to hack Apple's AirTag item tracker has reportedly been won by a German security researcher, who managed to break into the device's microcontroller and successfully modify its firmware.


Thomas Roth, aka Stack Smashing, shared his achievement in a tweet and explained that re-flashing the device's microcontroller had enabled him to change the URL for Lost Mode, so that it opens his personal website on a nearby iPhone or other NFC-enabled device instead of directly linking to an official Find My web address.

Managing to break into the microcontroller is a crucial hurdle to overcome to if the aim is to further manipulate the device's hardware. As The 8-Bit notes:

A microcontroller is an integrated circuit (IC) used for controlling devices usually via a microprocessing unit, memory, and other peripherals. According to AllAboutCircuits, "these devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analog, or electromechanical components."

Roth also shared a video comparing a normal ‌AirTag‌ to his modified device.


How the hack might be exploited in the wild is unclear at this time, but the fact that it can be done may open up avenues for the jailbreaking community to customize the device in ways Apple didn't intend. On a darker note, it could also present opportunities for bad actors to modify the ‌AirTag‌ software for the purposes of phishing and more.

That's assuming Apple isn't able to remotely block such a modified ‌AirTag‌ from communicating with the ‌Find My‌ network. Alternately, Apple might be able to lock down the firmware in a future ‌AirTag‌ software update. Watch this space.

Related Roundup: AirTag
Buyer's Guide: AirTag (Buy Now)

Popular Stories

Second Generation AirTag Feature Purple

Apple Reportedly Working on All-New AirTag-Sized Wearable With iPhone Integration

Thursday May 7, 2026 12:16 pm PDT by
Apple continues to work on a "pendant with cameras" for release as early as next year, according to the latest word from Bloomberg's Mark Gurman. In a report today, Gurman said development of the all-new wearable accessory trails AirPods with cameras, which have apparently reached an advanced testing stage. Apple also continues to work on smart glasses, according to his report. Given...
Read Full Article29 comments
Second Generation AirTag Feature Purple

Apple's AirTag-Sized AI Pendant: Five Features Rumored So Far

Friday May 8, 2026 4:14 pm PDT by
Apple is developing a wearable AI device that's been described as a pin or pendant, and that could compete with a similar AI product coming from OpenAI's Jony Ive. It wasn't clear if the wearable would actually make it to launch because Apple sometimes cancels projects, but it is still in the works and could come as soon as next year. 1. It'll Look Like an AirTag Apple's design plans could...
Read Full Article117 comments
Second Generation AirTag Feature

Apple Releases New Firmware for AirTag 2

Tuesday May 26, 2026 3:46 pm PDT by
Apple today released new firmware for its second-generation AirTag item trackers. The firmware has a 3.0.49 version number, up from 3.0.45, and it is the second firmware update that Apple has provided for the AirTag 2. There is no word yet on what's included in the firmware, but AirTag firmware updates most often address bugs and make other under-the-hood improvements. Apple's prior firmware ...
Read Full Article15 comments

Top Rated Comments

K
krewger
66 months ago
So…. It’s been hacked to be a customizable nfc tag. Looks like a lot of trouble to go through. I could also just put new nfc tags inside the AirTag’s case and accomplish the same thing. Security on your personal device is already in place - the link is displayed on the phone asking if you want to open it first before visiting the URL. https://electronics.howstuffworks.com/nfc-tag.htm
Score: 21 Votes (Like | Disagree)
P
Puonti
66 months ago

The AirTag does not carry other data than its own position.
I don't believe this is accurate. As I understand it:

An AirTag does not know where it is. All it does for location tracking is transmit radio waves. Devices that do know where they are can detect the AirTag, and then tell the FindMy network "I am at this location, and hey there's an AirTag here".
Score: 18 Votes (Like | Disagree)
J
Jumpinbeans
66 months ago
Basically if you find an airtag and don't know why its there or who it belongs to and its not worth scanning as it may be compromised - smash it :)
Score: 17 Votes (Like | Disagree)
szw-mapple fan Avatar
szw-mapple fan
66 months ago

So if you lose your AirTag and then find it after one day for example, you cannot trust it anymore? Or if you find someones AirTag should you be also wary of placing it near your own phone? This gets interesting.
This won't apply to the vast vast majority of users. It's a security exercise that's just to prove it's possible. People who needs to be worried about this type of exploits won't be using any trackers of this type anyways.
Score: 14 Votes (Like | Disagree)
U
Unregistered 4U
66 months ago
Next up from security researchers
“SWALLOWING AIRTAGS COULD COMPROMISE YOUR DIGESTIVE SYSTEM… WHAT YOU NEED TO KNOW”
or
“if you glue your house key to your airtag and then lose it, AIRTAGS COULD ALLOW SOMEONE ENTRY INTO YOUR HOUSE!”
Score: 11 Votes (Like | Disagree)
centauratlas Avatar
centauratlas
66 months ago

This won't apply to the vast vast majority of users. It's a security exercise that's just to prove it's possible. People who needs to be worried about this type of exploits won't be using any trackers of this type anyways.
The scenario is: modify your airtag to have a URL to a compromised site (phishing or a drive by site like the ones patched in the last update). Anyone who then scans it can be compromise. Drop it at a company's corporate headquarters by the security office or by the CEO's (BoD's, executives, maintenance, food, coffee provider etc) car (or any other office) and then eventually someone will scan it. They then enter the office, join wifi etc with a compromised device which can scan for unprotected devices, monitor network traffic etc. Likewise, their credentials will be then compromised making further intrusions easier.

It is like any machine, with physical access most things can be compromised. This just increases the attack vectors for people who pick them up.
Score: 9 Votes (Like | Disagree)
Read All Comments