Researchers Demonstrate Vulnerability in Apple’s AirTag Location-Tracking System

Researchers have demonstrated that Apple’s AirTag location-tracking system can be manipulated by replaying Bluetooth Low Energy (BLE) signals to inject false location reports into the Find My network. The attack exploits the reliance of AirTags on BLE advertisements, which are broadcast to nearby Apple devices and relayed over the internet to falsify an AirTag’s reported position. This method allows attackers to deceive the system into displaying locations where the AirTag has never physically been present. The vulnerability affects the core functionality of AirTags, which are designed to help users track lost items via Apple’s device network. No specific patches, CVE IDs, or dates for mitigation were mentioned in the report.