What security experts want you to know about Apple Air Tags | #ios | #apple | #iossecurity


Technology

“Just like any other technology, it can be exploited by people who have bad intentions or want to invade your privacy.”

The $29 Apple AirTag is small enough to clip onto keys – or covertly slip into someone’s handbag. Melina Mara/Washington Post

Attaching a small device to your wallet or keys and never losing them again sounds like a good deal. After all, everyone could save some time and stress not frantically searching for their belongings.

But security experts are warning that those same small devices can be used for ill intent.

The device in question is Apple’s AirTag — a small disc that can be attached to virtually anything and can be located using a paired iPhone. 

“AirTags are a very convenient device that were invented to help people with a perennial problem of sort of losing things,” cybersecurity expert and former Boston police commissioner Edward Davis told Boston.com. “I have friends that have them on their wallet or on their keys — it’s just a very handy way to find something that you frequently put down and can’t locate.”

But since their launch almost a year ago, AirTags have also been used for more nefarious intentions — namely tracking people without their knowledge.

Kevin Powers, the director of the Master’s in Cybersecurity Policy and Governance program at Boston College, told Boston.com it is alarming how simple it would be to plant an AirTag on someone. 

“For every good, there’s a bad,” he said. “With this, what is really disconcerting is how easy it is for me, if I was a bad actor, [to track you]. If I have an AirTag and I see you on the T … I bump into you, and I just put it in your bag or put it somewhere on your person and then you have no idea about that. And I’m able to track you and see where you go, where you work, where you live, where you frequent, and I could do something bad.”

AirTags are a part of Apple’s Find My network, which allows customers to track their devices and share their location with friends. 

According to Apple’s website, AirTags send out a secure Bluetooth signal that can be detected by any nearby devices on the Find My network. Those devices then send the AirTag’s location to iCloud and the tag is then visible on the Find My app. 

“The whole process is anonymous and encrypted to protect your privacy,” Apple’s website reads. “And itʼs efficient, so thereʼs no need to worry about battery life or data usage.”

There are also speakers on AirTags to play a locating sound. The battery is designed to last about a year before it needs to be replaced, and consumers can replace the battery themselves. 

Davis, founder of the Boston-based security consulting firm Edward Davis Company, said the technology is “fairly new” and it does help people.

“But just like any other technology, it can be exploited by people who have bad intentions or want to invade your privacy by tracking your motions and things like that,” he said. “And that’s where the problem comes up.”

Unfortunately, the cybersecurity experts said, all the helpful features can be turned on unsuspecting people by those with bad motives. Because AirTags use the entire network of Find My devices, not just the one it is paired with, an AirTag can be tracked from far away. 

“The problem is one of improving technology for convenience, but also bad actors that might exploit that technology and use it against you,” Davis said. 

How to avoid being tracked

There are security elements built into the product, according to Apple.

Powers said if you are looking to keep track of your keys or another item, know that the data is stored as securely as Apple data usually is. AirTags are linked to one specific Apple ID, and the devices use end-to-end encryption to keep the data secure, according to Apple.

On the other side of the AirTag security discussion is how to keep yourself safe from any bad actors.

If you have an iPhone and an AirTag that is not paired with your device is nearby, your phone — for somewhere between eight and 24 hours — will alert you that an AirTag is nearby, according to The Verge. This feature can be turned on in settings, according to Apple.

AirTag detection alerts are only triggered when the device is separated from its owner, according to Apple, so no need to worry about alerts from family and friends’ devices while you are with them. 

Where things become “tough” is that not everyone has an iPhone, Powers said.

“So if it’s not synced up with your iPhone, if you don’t have one, well, then you’re not going to get that alert,” he said. “Or say you don’t have an iPhone, you don’t have a mobile phone, you’re a 5-year-old and you’re down the playground … and then they put [an AirTag] in there too. Now they’re tracking you, and no one has any idea about that until something bad has happened.”

In a statement on Feb. 10, Apple said it is aware of instances when AirTags are misused for malicious intent and the company is working to address the issue.

“Unwanted tracking has long been a societal problem, and we took this concern seriously in the design of AirTag,” the statement reads. “It’s why the Find My network is built with privacy in mind, uses end-to-end encryption, and why we innovated with the first-ever proactive system to alert you of unwanted tracking.”

For those without iPhones, Apple released an app called Tracker Detect. The app, which is available on Google Play, looks for item trackers that are separated from their owner, including AirTags. Users can prompt the app to scan for nearby devices.  

“[Apple is] on notice that there’re people using this in a nefarious way and tracking people and people aren’t safe,” Powers said. “If they don’t do anything about it they could be found liable because they’re on notice. It’s not something like, ‘Oh, this is not reasonably foreseeable that someone would take our AirTag and put it on someone and track them at their home and God forbid do something really bad to that person.’”

Apple has previewed some advances it hopes to make with regards to security of AirTags, including refining tracking alerts, introducing precision finding, and including a sound with the alerts. 

“I’m not saying they should rip it off the market right now,” Powers said. “I don’t think that’s going to happen. But I think they have to put protections in place for the consumers who aren’t buying the AirTags, who don’t have an iPhone.”

What to do if you think you are being tracked

If you get an alert warning of a detected AirTag and there isn’t a logical explanation for it, Powers said to contact law enforcement. 

According to Apple, the company has collaborated with law enforcement and since each device has a unique serial number, devices can be traced back to paired accounts in some circumstances. 

“We have been actively working with law enforcement on all AirTag-related requests we’ve received,” Apple wrote. “Based on our knowledge and on discussions with law enforcement, incidents of AirTag misuse are rare; however, each instance is one too many.”

Even if you have no evidence that an AirTag was placed on your person, Davis recommended checking your belongings every so often to make sure. 

“It’s also a good idea to do things like dump your pocketbook out every once in a while,” Davis said. “I know that sounds a little paranoid, but it’s actually a pretty good practice, especially if you have a concern that someone may know of your whereabouts.”

If you have received threats or strange messages that indicate someone may know your whereabouts, it’s a good idea to be more vigilant, Davis said. He recommended checking your car and other belongings to make sure there are no devices you don’t know about. 

“I think the key thing is this: if there’s anything that you receive information on, a note from a friend, a threat online, a text message that concerns you — where somebody indicates that ‘I know you’re at this particular location’ — that’s the time for red flags to go off, for you to really take a close look at everything you’re doing and everything you have on you to make sure that no one is is exploiting or making inroads into the privacy that you deserve,” Davis said. 





Original Source link

Leave a Reply

Your email address will not be published.

twenty eight − = 23