Skip to main content

How Lost Apple AirTags Can Become Phishing Tools

Technology is supposed to help us in our daily lives, but it might also jeopardize it if misused. We greet each innovation with enthusiasm and eagerness. However, some technologies can do more harm than good despite their promising purpose.

Times change but keeping personal belongings in their place remains one of the tasks we struggle with daily. Undoubtedly, AirTag is a must-have for anyone finding themselves in a repetitive pickle over lost objects. Sadly, even such a tiny gadget faces the current debacle: its security can never be bulletproof.

Recently, researchers have reported AirTag vulnerabilities that could allow attackers to guide unwitting users into dangerous websites. Such sites can be after your credentials, financial information, or hackers could even design them to complete drive-by downloads. The latter means that you barely need to interact with the website for it to install something on your device. Who knew that such a small gadget as AirTag could bring so much trouble?

What is the Apple Platform Security scam?

AirTags are small tags that can be attached to your valuable belongings like a laptop, phone, or wallet. What makes them interesting is that they can connect with your (Apple) devices via Bluetooth Low Energy.

The main purpose of AirTags is to help you find lost items by sending signals to your device without any hassle. If you happen to misplace any belongings that have AirTag attached to it, you only need to access the AirTags app on your device, select the “Lost Mode” option, and choose the missing item. The iPhone then displays directions that help you locate your missing item.

Moreover, AirTags work by using a Near Field Communication (NFC) chip to emit an electromagnetic field. When an AirTag comes into proximity to an NFC-enabled device, the tag’s unique identification number is transmitted to the device. This way, the user can find the lost items using an AirTag.

Besides being incredibly useful to people struggling to keep track of their belongings, AirTags have caused some stir in the media. People have reported finding random AirTags on their belongings. Thus, victims believe that perpetrators are using these gadgets to stalk their victims. Such concerns have also pushed Apple to add several anti-stalking updates. However, the issue persists, and users should be vigilant about any unknown gadgets being placed on their things.

How Does the AirTag Vulnerability Work?

AirTag has many other features for pairing and unpairing, along with custom notifications. But what has brought this technology to the limelight is the XSS vulnerability (Stored cross-site scripting) that can lead to unauthorized access to AirTag’s functions.

Moreover, the AirTag, when placed in the “Lost Mode,” generates a URL and allows the owner to supply their contact information or email address. Then, once somebody finds the AirTag, they can scan it to receive its owner’s contact details. No registration or login is required to view such information. The XSS vulnerability allows attackers to compromise the link users are led into after scanning an AirTag.

Another problem is that iOS devices do not have any built-in protection against cross-site scripting attacks. Moreover, NFC services in iOS are always enabled by default, which means there are no security warnings when an app accesses them. All these issues combined make AirTags a perfect target for phishers. Apple seems to be working on a fix. So, for now, it is best to be cautious about scanning AirTags.

AirTags Help Scam People

Let’s now look at how scammers are using AirTags to scam people.

For example, mostly all mobile users have applications of their respective banks installed. Hackers expect this to be true. So, many scams attempt to take advantage of this. They can use XXS vulnerability on AirTags’ app for sending out fake messages and making people visit their phishing sites. Imagine receiving an urgent message from your bank, saying that somebody has stolen funds out of your account. The chances are that you will click on the provided link without much hesitation.

If an authenticated AirTag’s phone number is used to send a message or link, anyone who has an NFC-enabled device will be able to scan the AirTag. It makes it possible for attackers to not only impersonate users but also fool them into visiting malicious URLs by spamming them over NFC tags. These texts typically appear more legitimate than text links in emails or social media posts.

Another way scammers are using AirTags is by selling the lost ones online to trick the victims into buying them. This way, they can steal any data from a device and even install a keylogger in devices through the link that records every detail.

How Can You Protect Yourself?

Now that you know about the vulnerability of Apple Airtags and how scammers use them to scam people, let’s look at how you can protect yourself from such scams.

The best way to protect yourself is not to click on any links or notifications received via AirTags. Do not visit any websites that prompt you with messages like “you have just been signed out” or “your account is in danger.”

Do not trust any website that asks for your personal information or login credentials without validating it properly. If you need, you can contact Apple support and ask them about the legitimacy of the website.

Also, follow tips for private and secure browsing. After all, you might encounter a scam every time you go online. Thus, avoid visiting unknown websites or supplying information via them. Moreover, install a Virtual Private Network to prevent hackers from capturing your credentials in transit. It would be great to avoid public Wi-Fi as well, especially if you plan to check your bank account or another private site. If you must do this via a public hotspot, connect to a VPN server beforehand. It ensures a secure and encrypted connection.


AirTags are a clever way to keep track of your belongings and avoid losing them, but at the same time, they come with certain risks that you need to be aware of. So, make sure that you take all the necessary precautions and enjoy the benefits of AirTags without any worries.


Was this article helpful? Please, rate this.

There are no comments yet.
Authentication required

You must log in to post a comment.

Log in