Jailbreaking Apple AirTags: How I Hacked and Modified the Firmware

TLDRLearn how I successfully jailbroke and modified the firmware of Apple AirTags, enabling me to customize their functionality and even rickroll unsuspecting users.

Key insights

🔓Successfully jailbroke Apple AirTags by glitching the CPU core voltage and re-enabling the debugging hardware.

💻Used a Raspberry Pi Pico and voltage-based fault injection to perform the glitching attack.

📝Modified the firmware to change the URL sent when the AirTag is NFC scanned, effectively rickrolling users.

💡Discovered the potential for using the AirTag's accelerometer as a makeshift microphone for research purposes.

🌟Explored the possibilities of further experimentation and customization with jailbroken AirTags.

Q&A

How did you jailbreak the AirTags?

I jailbroke the AirTags by glitching the CPU core voltage using a Raspberry Pi Pico and voltage-based fault injection.

What modifications did you make to the firmware?

I modified the firmware to change the URL sent when the AirTag is NFC scanned, allowing me to rickroll unsuspecting users.

Can I replicate your jailbreaking process?

Yes, you can try to replicate the jailbreaking process by following the steps I outlined in the video.

Are there any other potential modifications you can make to the AirTags?

Yes, there are various possibilities for further customization and experimentation with jailbroken AirTags, such as utilizing the accelerometer as a makeshift microphone for research purposes.

What are the potential implications of jailbreaking AirTags?

Jailbreaking AirTags allows for greater control and customization of the devices, opening up possibilities for research, experimentation, and creative modifications.

Timestamped Summary

00:00In this video, I demonstrate how I successfully jailbroke and modified the firmware of Apple AirTags.

02:56Using a Raspberry Pi Pico and voltage-based fault injection, I was able to glitch the CPU core voltage and re-enable the debugging hardware on the AirTags.

06:31With the firmware successfully jailbroken, I modified the URL sent when the AirTag is NFC scanned, resulting in a rickroll for unsuspecting users.

08:24Additionally, I discovered that the accelerometer of the AirTag could potentially be used as a makeshift microphone for research purposes.

08:39Overall, jailbreaking AirTags opens up possibilities for further experimentation and customization of the devices.

Browse more