Overview The purpose of this Directed Independent Study is to research and evaluate potential exploits related to Apple's AirTag. AirTags are small, disc-shaped tracking devices that can be attached to items and located using Apple's Find My network. While the technology is convenient for many users, there is a potential for abuse by malicious actors who may use AirTags for tracking purposes.
The objective of this study is to examine the current state of the art in exploiting AirTags, identify potential security weaknesses, and suggest potential solutions to these issues. The study will focus on reverse engineering the Find My protocol, evaluating the effectiveness of the item safety alerts introduced by Apple, and exploring possible mitigation techniques to prevent abuse of the technology.
The study will be conducted in three phases:
- Literature Review: Review of existing research and information on the topic of AirTag exploits.
- Hands-on Evaluation: Reverse engineering of the Find My protocol, evaluating the item safety alerts, and the creation of a custom device to participate in the Find My network.
- Analysis and Recommendations: Analysis of the results of the hands-on evaluation, and the formulation of recommendations for improving the security of AirTags.
- A comprehensive report on the current state of the art in exploiting AirTags.
- A technical report on the findings from the hands-on evaluation and reverse engineering of the Find My protocol.
- A set of recommendations for improving the security of AirTags.
If you have any questions or would like to learn more about this study, please contact the author at mcg1441@uncw.edu.