The GopherAirTags are charged up & ready to fly to @socallinuxexpo tomorrow morning!
#tinygo #golang #scale22x #airtag #openhaystack

Gerade mit #OpenHaystack rumgespielt und das funktioniert tatsächlich, jedenfalls mit #ESP32. Nun juckt es in den Fingern, um ein paar nRF51822 (lassen sich mit und einen ST-Link v2-Clone zu ordern. Hat jemand in der werten Mitleserschaft aus München auch Interesse daran?

Check Your Mailbox Using The AirTag Infrastructure https://hackaday.com/2022/05/30/check-your-mailbox-using-the-airtag-infrastructure/ #bluetoothlowenergy #wirelesshacks #openhaystack #appleairtag #bluetooth #machacks #nrf51822 #tracker #airtag #findmy #apple #nrf51

Check Your Mailbox Using The AirTag Infrastructure

When a company creates an infrastructure of devices, we sometimes subvert this infrastructure and use it to solve tricky problems. For example, here's a question that many a hacker has pondered - how do you detect when someone puts mail into your mailbox? Depending on the availability of power and wireless/wired connectivity options, this problem can range from "very easy" to "impractical to solve". [dakhnod] just made this problem trivial for the vast majority of hackers, with the FakeTag project - piggybacking off the Apple's AirTag infrastructure.

This project uses a cheap generic CR2032-powered NRF51822 board, sending the mailbox status over the FindMy system Apple has built for the AirTag devices. For the incoming mail detection, he uses a simple vibration sensor, glued to the flap lid - we imagine that, for flap-less mailboxes, an optical sensor or a different kind of mechanical sensor could be used instead. Every time someone with a FindMy-friendly iPhone passes by [dakhnod]'s mailbox, he gets an update on its status, with a counter of times the sensor has been triggered. [dakhnod] estimates that the device could run for up to a year on a single battery.

The specific NRF51822 board shown in the title picture seems to be sold for about $7 online, but there are many different NRF51822 boards available, and you should be able to use any one of them. As an example, [dakhnod] sends us a photo of a different sensor he designed, held in a 3D printed case and connecting to a CR2032 battery using copper tape. By now, it's not unlikely that a friendly hackerspace has a few suitable boards in a drawer somewhere!

This project builds on top of the OpenHaystack project, a research effort that we've previously told you about. We've even seen the ESP32 microcontrollers being used for building clones before, but the NRF51822 low-power features are unbeatable for practical applications.

#machacks #wirelesshacks #airtag #apple #appleairtag #bluetooth #bluetoothlowenergy #findmy #nrf51 #nrf51822 #openhaystack #tracker

No Privacy: Cloning the AirTag

You've probably heard of the infamous rule 34, but we'd like to propose a new rule -- call it rule 35: Anything that can be used for nefarious purposes will be, even if you can't think of how at the moment. Case in point: apparently there has been an uptick in people using AirTags to do bad things. People have used them to stalk people or to tag cars so they can be found later and stolen. According to [Fabian Bräunlein], Apple's responses to this don't consider cases where clones or modified AirTags are in play. To prove the point, he built a clone that bypasses the current protection features and used it to track a willing experimental subject for 5 days with no notifications.

According to the post, Apple says that AirTags have serial numbers and beep when they have not been around their host Apple device for a certain period. [Fabian] points out that clone tags don't have serial numbers and may also not have speakers. There is apparently a thriving market, too, for genuine tags that have been modified to remove their speakers. [Fabian's] clone uses an ESP32 with no speaker and no serial number.

The other protection, according to Apple, is that if they note an AirTag moving with you over some period of time without the owner, you get a notification. In other words, if your iPhone sees your own tag repeatedly, that's fine. It also doesn't mind seeing someone else's tags if they are near you. But if your phone sees a tag many times and the owner isn't around, you get a notification. That way, you can help identify random tags, but you'll know if someone is trying to track you. [Fabian] gets around that by cycling between 2,000 pre-loaded public keys so that the tracked person's device doesn't realize that it is seeing the same tag over and over. Even Apple's Android app that scans for trackers is vulnerable to this strategy.

Even for folks who aren't particularly privacy minded, it's pretty clear a worldwide network of mass-market devices that allow almost anyone to be tracked is a problem. But what's the solution? Even the better strategies employed by AirGuard won't catch everything, as [Fabian] explains.

This isn't the first time we've had a look at privacy concerns around AirTags. Of course, it is always possible to build a tracker. But it is hard to get the worldwide network of Bluetooth listeners that Apple has.

#securityhacks #airtag #apple #bluetooth #bluetoothlowenergy #esp32 #openhaystack #privacy