Amazingly, the device was hacked within a couple of weeks after its release. Researcher Stacksmashing applied a Fault Injection attack to get access to the firmware. After making a change and reloading the firmware, he demonstrated that the modified AirTag would now refer the reader to an arbitrary website rather than to the Apple network.
While this demo is widely recognized as a fantastic stunt, some commented that this is a low-impact hack since a complex hardware attack is needed to manipulate the device. I believe these comments are naïve and fail to recognize the deeper security implications. Below, I explain why this hack is symptomatic of a severe problem coming our way.
First, Stacksmashing is a real wizard. He managed to execute this attack in just a few days, where many less proficient technicians would have failed or spent at least weeks. However, he did not find a new vulnerability; he just exploited a previously disclosed hardware vulnerability in the chip controlling the device. While responsible disclosure is a well-established practice for software vulnerabilities, this is lacking for hardware issues. Typically, it is impossible to patch a hardware problem for existing products. As the vulnerability was publicly known for more than a year, it may explain why the issue could be easily exploited. This also means that many other products may be under threat.
Second, Stacksmashing was kind enough only to showcase that he achieved run-time privilege. He did not demonstrate how bad this could become. The on-chip flash memory is big enough to carry the equivalent of 25 KLOC, while the external flash memory can represent another 200 KLOC. From code reviews, we know that immature code typically has 1 vulnerability / KLOC. Сhances are that this product has multiple software vulnerabilities waiting to be discovered and exploited. This hardware attack, resulting in a code dump, allows full reverse engineering and discovery of software vulnerabilities. This way, a somewhat complex hardware attack may be leveraged into a pure software attack. Considering the fact that the AirTag can communicate with other devices, there is a theoretical possibility of viral spreading of malware and transforming the AirTag network into a giant spying network.
Fortunately, there is still a possibility to mitigate this attack for other devices with the same chip, and even a possibility to reduce the risk for the AirTag. It is possible to increase fault injection robustness using defensive coding, applying patterns that majorly complicate the attack. Therefore, we recommend the IoT vendors to increase their awareness of fault injection risks and verify the robustness of their products after hardening their code.
Contributed by Marc Witteman, CEO, Riscure. If you have any questions, contact us at firstname.lastname@example.org.