Apple tweaks AirTags to be less useful for stalkers, thieves
'Privacy is built in' was more an aspiration until now
Apple on Thursday said it is modifying its AirTag tracking devices to prevent them from being used for the wrong sort of tracking.
AirTags ‒ Bluetooth-enabled discs that report their location – were announced last April to help people find lost keys, baggage, and other possessions capable of containing, or being tethered to, the $29 tracking tokens. If you put one in your wallet, and it goes missing, you can attempt to locate it via Apple's iCloud. The tag automatically talks to nearby devices wirelessly to report its whereabouts, allowing its location to be determined. Thus, your wallet can, hopefully, be recovered from wherever the tag reports it is.
"Your AirTag sends out a secure Bluetooth signal that can be detected by nearby devices in the Find My network," Apple explains on its website. "These devices send the location of your AirTag to iCloud — then you can go to the Find My app and see it on a map. The whole process is anonymous and encrypted to protect your privacy."
Process aside, the product can be used to violate your privacy. AirTags enable the stalking of people and of desirable cars that someone might want to steal at a more convenient time. Place the tag on a victim, and follow them around the map.
Despite Apple's assertion that AirTags protect privacy, researchers found a way last year to fingerprint Bluetooth Low-Energy chipsets, which makes tracking easier.
Privacy advocates like Eva Galperin, director of cybersecurity for the Electronic Frontier Foundation, have been warning about the potential for misuse. So too do AirTags themselves – they transmit alert notifications to let nearby iPhone users know someone else's active AirTag is, unbeknownst to them, reporting its location.
Apple in December responded to privacy concerns by releasing an Android app called Tracker Detect to defend mobile customers in the Google ecosystem against its technology. But miscreants have remained a step ahead. Only a week ago, AirTags with silenced speakers – to prevent audible warnings that might alert those being stalked – were selling on Etsy and eBay.
We have seen reports of bad actors attempting to misuse AirTag for malicious or criminal purposes
Apple, in an announcement about AirTag changes this week, condemned the misuse of its products, describing unwanted tracking as "a societal problem" that it considered seriously before unleashing its tracking device upon the world.
"We’ve become aware that individuals can receive unwanted tracking alerts for benign reasons, such as when borrowing someone’s keys with an AirTag attached, or when traveling in a car with a family member’s AirPods left inside," Apple said. "We also have seen reports of bad actors attempting to misuse AirTag for malicious or criminal purposes."
Apple said it has been working with safety groups and law enforcement agencies, and has identified several ways it can make AirTags less weaponizable. The iGiant insists misuse is rare, though it did not respond to a request by The Register to provide data on the number of misuse reports it has received.
The tech titan warns, however, that just because AirTags "protect privacy" that doesn't mean Apple will protect your privacy if you're violating the law. AirTags each have a unique serial number and the iBiz says it will not hesitate to provide that identifier to authorities if presented with a valid legal demand. Keep in mind, this is the company that has been considering how to run scanning algorithms on customer devices to detect child abuse images destined for its iCloud storage service.
Apple plans technical enhancements to underscore its open communication channels with authorities. A future software update will contain an AirTag setup warning notification telling users "that AirTag is meant to track their own belongings, that using AirTag to track people without consent is a crime in many regions around the world, that AirTag is designed to be detected by victims, and that law enforcement can request identifying information about the owner of the AirTag."
- How your phone, laptop, or watch can be tracked by their Bluetooth transmissions
- Unpatched flaw 'weaponises' Apple AirTags to turn them into the phisherman's friend
- We seem to have materialized in a universe in which Barney the Purple Dinosaur is designing iPhones for Apple
Apple is also modifying how AirPods show up in its Find My app. Previously its distinctive earphones had presented an “Unknown Accessory Detected” warning to those using the app. The corporation will soon describe them as "AirPods," so those keeping an eye out for unwanted tracking won't mistake the ambiguous labeling as a tracking warning. And Apple's documentation will be refreshed too, to better explain unwanted tracking alerts and to provide resources for those who feel their safety is at risk.
Later this year, there will be more changes. Precision Finding will make it easier to locate the precise location of a concealed AirTag. And those with recent model iPhones (11+) will be able to see both the direction and distance of an unknown AirTag when in range.
"As an iPhone user moves, Precision Finding fuses input from the camera, ARKit, accelerometer, and gyroscope to guide them to the AirTag through a combination of sound, haptics, and visual feedback," Apple explained.
Apple also intends to address maliciously silenced AirTag speakers by surfacing an alert in its iDevices that's accompanied by a sound.
"This will help in cases where the AirTag may be in a location where it is hard to hear, or if the AirTag speaker has been tampered with," Apple said, without noting whether users of its Android app will gain the same capability.
In addition, the company says it will improve its unwanted tracking alert logic, though how this will be accomplished is not explained. Finally, it plans to adjust the tones its AirTags emit to make them easier to find.
For those who discover an unexpected AirTag in a coat pocket, purse, or taped to a car, Apple advises removing the battery to stop it from transmitting. ®