There have been countless articles written about air tags over the last year, ranging from how they have helped to find lost pets and baggage to the more sinister aspect of them being used as an aide to stalking.
This is intended to address the pros v cons of the Apple devices and to draw attention to how you can protect yourself from the threats associated with their misuse.
How do AirTags work?
AirTags do not work on regular GPS, instead, they use a mixture of Bluetooth and ultra-wideband (UWB) technology, which operates via Apple’s Find My network.
The devices send out a Bluetooth signal which is conveyed to iCloud by any other Apple devices using the network in its vicinity. If you lose an AirTag in the middle of the countryside you are unlikely to find it, as it does not have an apple phone or laptop nearly to relay its location. In a town centre, or office building they can be extremely accurate.
What are the pros?
Frankly, they look good, they even feel good. They are a smart shiny, sleek little device slightly larger than a 50p coin. They are quick to set up and easy to place in suitcases, on precious items or on pet’s collars. They can be placed in specially made wallets or keyrings and as I found out by accident when sewn inside children’s coats or trainers they can even survive a spin cycle. So far when used legitimately, they are as secure as any other Apple product and are described as fully encrypted.
The most appealing thing to me as an investigator is that they have an amazing battery life, up to a year and they do not require the purchase of any data to operate.
However, wearing the hat of a security professional who frequently provides advice to lone female travellers, they are a very efficient way of tracking your movements and discovering quickly where you are or where you live. My team tested one recently during a training exercise in Central London and were able to track our target for over an hour without any of Apple’s safety mechanisms activating. This included walking through Hyde Park where people are much more spread out than on a high street.
Other methods of criminality include cases of them being taped under high-end vehicles to assist thieves to later steal them. They have also been mailed to protected addresses and PO Boxes in order to discover confidential locations.
What can we do to protect ourselves from Air tag stalking?
The good news is that Apple has started to increase their countermeasures, a recent Apple firmware update has made a warning tone louder which should emit from the AirTag when it becomes separated from its owner’s phone, making it easier to detect. If an AirTag is following you, you should also receive an alert on your phone (as long as it is an Apple phone), this however is not a fail-safe, as notifications rely on the right settings being selected and the warning sound can take several hours to activate. AirTags have also been discovered with their speakers deactivated.
The following steps will help to prevent you from being a victim of AirTag stalking.
1. Run your updates. You should regularly run updates on all of your devices. This is how vulnerabilities are patched and improvements are implemented. Allow your devices to auto-update so you do not miss important updates.
2. Scan for Bluetooth devices. There are several Bluetooth scanning Apps which can be installed onto Android devices which will detect a rogue AirTag such as AirGuard or Tracker Detect.
3. Listen for the warning. If you notice an unusual chirping noise which seems to move with you, check for an AirTag.
4. Enable safety settings. To receive alerts that you are co-located with a separated AirTag, you need to enable your Bluetooth and location settings, enable significant locations in system settings, turn on the Find My app and enable tracing notifications. It should be noted that enabling Bluetooth to be constantly on can increase your chances of various other hacking techniques.
5. Maintain Security Awareness. As already discussed, it is not always possible to quickly identify that an AirTag is following you. Check your bags, pockets and vehicles regularly, don’t leave your items unattended. If you are someone with a known threat against you and you have the financial resources, consider regular bug sweeps of your home, workplace, and vehicle.
6. Deactivate. If you find an unfamiliar AirTag, you can deactivate it by pressing and turning the back to release the battery. There will be a serial number under the back part which may make the tag traceable depending on the resources of the originator. If you receive an alert on your phone saying that you are being followed by an AirTag, screenshot the warning and location map, as you may later need this as evidence.
Sloan Risk Group are amongst the top echelon of UK and World Professional Investigators. They offer Counter Espionage, Surveillance Detection, Investigations, Executive Protection, Physical Penetration Testing, Bespoke Training and Consultancy.
For more information regarding their personal and corporate security awareness and counter-espionage services contact SRG using the details, noted, below.
0203 897 22 72