A group of researchers at Northeastern University have raised concerns about the potential misuse of Apple AirTags for stalking and harassment.
While AirTags were designed to help users locate personal belongings, they can also be discreetly placed in bags or vehicles, allowing individuals to be tracked without their knowledge, according to the researchers.
This has led to a class-action lawsuit against Apple, alleging that the devices have been weaponized by stalkers and abusers, a claim supported by 37 plaintiffs.
Apple AirTag Is a Double-Edged Sword
Narmeen Shafqat, a Ph.D. student at Northeastern University specializing in cybersecurity and a researcher on the project, emphasized that while AirTags have positive applications, they also pose significant risks.
She said: "You get all these good (stories) that people have found their luggage because they had an AirTag, but I believe the AirTag is a double-edged sword. For anyone who's trying to track someone, like their ex-girlfriend or partner, this can have very grave implications."
The researchers found that AirTags operate using Bluetooth technology, continuously transmitting signals that nearby phones pick up and relay to Apple servers. The AirTag allows the owner to precisely locate their device.
However, the team noted that the issue arises from the owners' full control over these devices, enabling them to be covertly placed in various locations, including cars or bags, for the purpose of tracking individuals.
Apple has implemented a safety measure where if an iPhone detects continuous signals from an unassociated AirTag, it sends a notification to the user, alerting them to the presence of an unfamiliar device. According to the team, the user can then locate and disable the AirTag.
However, the research claimed that notifications about unknown AirTags could take anywhere from 30 minutes to nine hours to be received, with quicker alerts occurring at night or in places frequented by the user, such as their home or workplace.
Moreover, the researchers identified that users can reconfigure AirTags to bypass these safety measures, enabling individuals to be close to an unknown AirTag for extended periods without triggering an alert.
Notifying Apple
The research team reported their findings to Apple, which responded after several months by collaborating with Google to devise methods for alerting users to the presence of unwanted tracking devices. The Northeastern researchers are offering their insights based on their study to contribute to these efforts.
While addressing this issue presents challenges, the researchers hoped that Apple and other developers would implement changes that would effectively enhance the security of tracking these devices.
Nicole Gerzon, a fifth-year cybersecurity student involved in the study, said: "If Apple's having these issues despite all their hard work, then there's clearly something going on on a baseline level... I think that if consumers are more aware (of this), we're able to keep big companies like Apple more accountable to make secure software."
The findings of the team were published in Proceedings on Privacy Enhancing Technologies.