How Stalkers Could Use AirTags to Track People

image credit: Apple

published by Chand Bellur
May 3, 2021 at 4:20 p.m.
  • Apple recently launched its Tile rival, AirTag, which uses the Find My network to locate lost items.
  • Each AirTag tracking device sends out an anonymous Bluetooth signal to nearby iPhones, identifying its location within the Find My network.
  • Apple created mechanisms offering some protection against using AirTag beacons to track people.
  • AirTag beacons can track individuals who don’t own iPhones for up to three days without notification.

What is an AirTag?

The AirTag is Apple’s new “stuff” tracking device. Eerily similar to Tile, users will soon affix AirTags to wallets, keys, purses, dogs, cats, and even human beings to keeps tabs on their whereabouts.

AirTags take advantage of the abundance of iPhones. Everyone with an iPhone capable of running the latest iOS version is part of the Find My network. This means if you leave your AirTag equipped wallet on the train, the minuscule device will anonymously ping every nearby iPhone, which uploads its location to iCloud.

Only the AirTag owner knows the location of his or her missing item. Although AirTags use others’ iPhones to communicate with the Find My network, no one else can see where your AirTag is. This basic security is an obvious necessity, ensuring both privacy and the protection of your cherished possessions.

Despite offering a modicum of security, AirTags also open up a whole can of security worms. It turns out, in many cases, one can use AirTags to track people without their knowledge or consent.

Possible Use of AirTags to Stalk People

Just like AirTags can be used to track the location of your beloved furry friend, the technology can monitor anyone. Apple addressed this issue by warning iOS users if an unauthorized AirTag is nearby. There are exceptions to this warning, for example, if you’re in a crowd with multiple iPhones and AirTags.

Interaction within the Find My network provides information determining whether foreign AirTags in proximity are legitimate or used to stalk an unwitting victim. If, for example, someone else’s AirTag is omnipresent within the range of another’s iPhone, iOS will warn the surveilled user.

What if the victim has an older iPhone or Android device? In these cases, the extraneous AirTag device will emit an audible beep after three days. The tone sounds after any AirTag separates from its parent iPhone for over 72 hours. The spying party only needs to approach the AirTag within three days to reset this timer, thwarting the alarm. A distance as large as 50 feet is enough for the AirTag to communicate with the spy’s iPhone over Bluetooth.

Furthermore, it may be possible to silence the alarm by modifying the unit. iFixit’s teardown shows that the AirTag’s entire body serves as a speaker. The connection to the speaker could be severed, muting any stalker warning. At $29, it’s one of the least expensive ways for creeps to track their victims.

As it stands, unscrupulous actors are already using technology to spy on unwitting victims. I personally know someone whose ex-husband bought her Apple products so he could track her location using the Find My app. I helped her disable this tracking, which is easy for me, but not for everyone. In this case, since she uses Apple products, he cannot use AirTags to track her. If he plants an AirTag on one of her possessions, iOS will eventually warn her.

Since most people use Android smartphones, AirTags can trace billions of people worldwide without their knowledge or consent. Just like it can locate a dog or wallet, it can track an Android user and even some iOS ones. Approximately 5% of iOS users haven’t upgraded to iOS 14, let alone iOS 14.5. These users, whose older devices are incompatible with the latest version of iOS, can also be tracked by AirTags without warning.

Apple Could Prevent AirTag Stalking

It’s important to acknowledge that Apple might fix this issue before the product officially launches. Right now, AirTags have been announced but are only in the hands of a few well-connected tech journalists and elites. Concerns over AirTags used for surveillance are mounting, but the product has yet to reach customers. We may see a rash of news stories concerning AirTags used to stalk and victimize.

One would assume Apple will address these issues, as the company pledges to protect customer privacy. Unfortunately, not everyone participates in the Apple ecosystem. The company can’t warn these people if an AirTag is stalking them. Google may need to step up and address AirTags as a security concern.

Android May Address AirTag Tracking

Aside from developing a few apps, Apple has no foothold or input into the Android ecosystem. If it created an app to protect Android users from unwarranted AirTag surveillance, we’d have to install it. Not everyone will do this.

Most likely, Google will approach AirTags as a security concern. The company is well-versed in finding security flaws. Its Project Zero organization is well-known for finding vulnerabilities, often in Apple products.

Future Android security updates will likely monitor the presence of AirTags or other tracking gadgets, notifying users when stalkers are following them. It’s unclear whether such software can provide the precise location of the tracking device, as only the latest iPhone models offer this Ultra Wideband based technology. Nonetheless, a heads up may suffice, as the tracking device, although small, is within immediate proximity.

How to Disable a Suspicious AirTag

If you ever find an unauthorized AirTag, first ensure that someone is using it to track you. If someone’s AirTagged wallet ends up in your backpack, it’s unlikely they’re following you. They probably just misplaced their wallet.

When you’re sure that a stalker placed the AirTag in your glove compartment (or wherever) to track you, disabling it is easy. With the silver side of the AirTag facing you, press your thumbs down on both sides of the silver casing while rotating it counterclockwise. Remove the lid when loose and remove the battery. The AirTag is now disabled.

The next step is to contact Apple to find out who planted the AirTag. Given their privacy stance, it may prove challenging to get an answer. Apple will likely disclose relevant information if juridical action moves forward. If someone is stalking you, chances are you know the culprit. For legal reasons, however, you may require proof.

Each AirTag has a serial number, and Apple can track who owns a specific device. Unfortunately, a stalker can easily avoid AirTag detection. Unless Apple and Google address the issue, an AirTag can easily track anyone outside of the Apple ecosystem for up to 72 hours. Given Apple’s commitment to privacy and Google’s to security, we may see AirTag stalking’s prevention.

2 comments

  1. buy them off ebay and other untracked methods, pop out the speaker, plant it on the victim, kidnap/kill them when the time is right.
    these are evil devices and should not exist, like corrupt politicians. But they do.

    1. Remember — you can only wage these nefarious attacks on Android users. I actually believe Google will approach AirTags as a security threat and neutralize any possible harm they can do to its ecosystem. They find iOS security bugs all the time!

      I think it’s the ubiquity of both Apple and its upcoming AirTags that will be the problem. Spouses will undoubtedly “forget” an AirTag in their partners’ belongings. Is she really going to the gym or is she going to see Jim?

      I briefly and regrettably dated a woman who had an overbearing ex. He used stock Apple apps to spy on her. It happens!

Leave a comment

Your email address will not be published.