Further Thoughts on Stealth AirTags
In 2022, I spent a week working with a small team analyzing how Bluetooth item trackers (eg: Apple AirTags, Tile) can be covertly used for malicious purposes, and developing processes and tools to detect them, as a part of GeekWeek 7.5, the Canadian Centre for Cyber Security’s (CCCS) annual cybersecurity workshop. I wrote about my experience here: /exploring-bluetooth-trackers-at-geekweek-7-5/.
I’ve revisited this experience a few times - once, earlier this year, when one of my friends shared his brother’s experience with car theft. The victim attempted to locate the car using the AirTag he’d hidden in the spare tire compartment, but apparently the thieves had detected and removed the device. AirTag Tracker Ineffective for Locating Stolen Car
Tracking a stolen car seemed like an potentially interesting application for a clone ‘Stealth’ AirTag, which consists of small tweaks built on the work of SEEMOO Lab’s Open Haystack. The Stealth AirTag we built evaded detection by altering the AirTag clone’s keys and transmit power at random intervals. It could be further improved with the addition of an IMU (inertial measurement unit), such that it only broadcasts when it is on the move, making it incredibly tricky to find. For most people, a cloned AirTag is not very practical - the Open Haystack application required a Mac, and the setup required to connect it to the Apple Find My network wasn’t straightforward.
