João Freitas

The following article is all about AirTag and how they communicate with Apple devices.

https://adamcatley.com/AirTag.html


Apple AirTag Reverse Engineering

This page serves as a central resource for technical details of the AirTag: hacks, security research, modifications, teardowns and more. It is a combination of my work and publicly available information. It will be updated as more is discovered. What is an AirTag?

Key Facts and Findings

Background

I started this investigation to learn about Apple’s approach to electronics design and security in their latest products, especially at such a low price point ($29). I was particularly interested due to the similarities to my Masters thesis project in which I designed a small BLE device where battery life was also important.

The aspects that I wanted to investigate are:

FindMy Service Overview

Apple document the privacy features of the FindMy network, including end to end encryption in detail here and here.

https://support.apple.com/en-gb/guide/security/sece994d0126/web

https://support.apple.com/en-gb/guide/security/sece994d0126/web

Supported devices

Support for the AirTag was introduced in iOS 14.5. Apple lists which iPhone, iPod Touch and iPad devices are supported here.

Software

Operating States

I will try to make this into a state flow diagram soon. For now, these are the main states the AirTag can be in:

Hardware

https://twitter.com/adamcatley/status/1388196843184697346

https://twitter.com/adamcatley/status/1388196843184697346

Teardown

There are several documented teardowns, listed in chronological order:

Note: Removing the PCB is likely to cause damage due to the thin PCB and being soldered to the plastic tray.

There are also teardowns of alternative tracking devices with similar hardware, such as the Samsung SmartTag and SmartTag+.

Revisions

The various teardowns reveal variations in the PCB markings in the top copper layer. This will be useful if it is determined that early production runs didn’t enable all security features to lock down the units.

The bottom right numbers look like a manufacturing data code (eg. “2920 17” could be the 29th week of 2020, batch 17). From the available samples:

There is also a letter to the left of the 3 big pads on the left. This could relate to the U1 chip underneath. This is either A and a 3 digit number (Europe) or C (rest of world).

A constant value 820-01736-A is on the silkscreen layer and looks like Apple’s internal part number and revision (A) for the PCB.

PCB Overview

🟠 Nordic nRF52832 SoC with BLE and NFC, plus 32MHz and 32.768kHz crystals
⚪ Apple U1 UWB Transceiver
🔴 GigaDevice GD25LE32D 32Mbit NOR flash
🟢 Bosch BMA280 accelerometer
🔵 Maxim MAX98357AEWL audio amplifier
🟡 TI TPS62746 DC-DC buck converter
🟣 TI TLV9001IDPWR opamp
⚫ 100uF Electrolytic Capacitors (5x)
🟤 Unknown. Unable to decode markings

Test points

https://github.com/colinoflynn/airtag-re/blob/master/images/frontside-tpnames.jpg

https://github.com/colinoflynn/airtag-re/blob/master/images/frontside-tpnames.jpg

Colin O’Flynn has helpfully documented the test points on the top side of the PCB.

TP#TypeDescription
1SpeakerOne end of the voice coil
5PowerVCC2 in (3V)
6PowerVCC1 in (3V)
7PowerGND
19FlashData in
20FlashData out
21FlashVCC (1.8V) supply for Flash
22FlashSCLK
23FlashCS
29PowerGND (Apple Logo)
30nRFnRST
31DebugSWO
35DebugSWCLK
36DebugSWDIO
38SpeakerThe other end of the voice coil

Antennas

There are three antennas inside the AirTag:

  1. Bluetooth Low Energy (left) - 2.4GHz
  2. NFC (middle) - 13.56MHz
  3. Ultra-Wideband (right) - 6.5-8GHz

They are all etched onto a single piece of plastic using Laser Direct Structuring (LDS) and then soldered to the PCB around the edge. The NFC antenna also has a short trace on the other side of the plastic (connected with a via at each end) to return the inside end of the coil to the PCB.

Speaker

The voice coil is glued to the outer plastic shell which acts as a diaphragm. Due to the fixed magnet, it moves back and forth when the coil is energised, producing sound to act as the speaker.

The AirTag operates the same whether the voice coil is connected or not.

After 3 days of being away from its owner’s device, the speaker will make a loud beep if motion is detected, for a maximum of 20 seconds of motion. It will then stay silent for the next 6 hours until waiting for motion again.

Playing sound uses >3000x more power than being asleep, around 8mA, even without a voice coil attached. This is perhaps because the nRF has to rapidly update the DAC with audio samples. Here current (yellow) is plotted in sync with the corresponding sound wave (blue) while playing the lost AirTag noise:

Flash storage

The SPI flash can be accessed by following this guide.

Power

There are 2 positive battery terminals. Both need 3V applied to boot the AirTag.

However, only the left side battery terminal powers the electronics. The voltage on the right-side terminal is sensed but consumes only ~50nA in all modes.

There are 5 100uF capacitors around the edge of the top side of the PCB. They keep the device powered up for several seconds with the battery removed. This likely helps with the reset procedure of removing the battery 5 times in short succession.

The AirTag does not retain the current time after a power cycle until it reconnects to its owner device.

Bluetooth LE

The nRF52832 supports BLE 5.2 and has a single 2.4GHz antenna. A Nordic SoftDevice is used to implement the BLE stack, likely S112.

Advertising data

This section describes the Bluetooth activity when the AirTag is registered to the FindMy network.

Byte #ValueDescription
00x1EAdvertising data length: 31 (the maximum allowed)
10xFFAdvertising data type: Manufacturer Specific Data
2-30x004CApple’s company identifier
40x12Apple payload type to indicate a FindMy network broadcast
50x19Apple payload length (31 - 6 = 25 = 0x19)
60x10Status byte
7-29VariesEC P-224 public key used by FindMy network. Changes daily
300-3Upper 2 bits of first byte of ECC public key
31VariesCrypto counter value? Changes every 15 minutes to a random value

According to Apple’s documentation, the BLE advertising data contains a NIST EC P-224 public key. This key would be at least 28+1 bytes long but only 23+1 bytes in the advertising data ever change. The other 6 bytes are cleverly used as the device’s Bluetooth address. This is how Apple fits a public key in a single BLE packet. As demonstrated here.

There also seems to be a way to predict part of the future Bluetooth address, but this needs more investigation.

Apple presumably uses authentication to stop non-Apple devices connecting to the AirTag, as connections are terminated by the AirTag shortly after connecting.

Unregistered behaviour

When the AirTag is not registered to the FindMy network, it has similar behaviour but advertises using its default device address at 33ms intervals, and with a different Apple payload.

Byte #ValueDescription
00x1EAdvertising data length: 31 (the maximum allowed)
10xFFAdvertising data type: Manufacturer Specific Data
2-30x004CApple’s company identifier
40x07Apple payload type to indicate a FindMy device?
50x19Apple payload length (31 - 6 = 25 = 0x19)
6-31VariesNot investigated yet

UWB

Precision Finding uses Ultra-Wideband communication with Apple’s U1 and a single antenna. Very little is known about this custom chip designed by Apple.

It likely contains a processor as the flash chip contains 64-bit ARM instructions that the nRF52832 does not support.

The U1 is inside a module marked USI (AirTag module marking is visible here). The package in the AirTag looks different to what is seen in other Apple devices such as the iPhone 11.

Left is inside the USI module of the iPhone 11. Right is inside the smaller module of the AirTag, which lacks a front end and the antenna balun (which is now on the PCB). The U1 can be seen as the black square chip in both modules with several lines of markings The U1 die photo for both show the same marking TMKA75.

From the FCC test report:

Testing the Precision Finding feature gives the impression that UWB is only used to measure distance to the AirTag, not direction. The AirTag simply transmits pulses every ~60ms from its single antenna. Multiple antennas are needed on either the receiver or transmitter in order to measure direction from phase distances. BLE 5 supports this with AoA and AoD.

NFC

The AirTag uses the NFC-A peripheral of the nRF52832 to implement an NXP MIFARE Plus (Type 4) tag in read-only mode. The NFC antenna is located behind the white cover, as shown above.

NFC is used to allow anyone who finds an AirTag to potentially identify the owner, even if they have an Android device. Apple describes the process here.

The tag can only be read when the AirTag is powered by a battery. It simply contains a URL to uniquely identify the AirTag, depending on its current state.

Unregistered

When the AirTag is brand new, has been reset, or has been removed from the FindMy network, the URL stored on the tag is fixed and the values do not change. It follows the following format:

https://found.apple.com/airtag?pid=5500&b=00&pt=004c&fv=00100e10&dg=00&z=00&bt=A0B1C2D3E4F5&sr=ABCDEF123456&bp=0015
ParameterValueDescription
pid5500Product ID for AirTag?
b00Battery related?
pt004cUWB Precision tracking/Finding version?
fv00100e10Firmware version?
dg00Diagnostic code?
z00Unknown
btXXXXXXXXXXXXDefault Bluetooth address (hexadecimal)
srXXXXXXXXXXXXSerial number of tag (alphanumeric)
bp0015Bluetooth protcol version?

While this data uniquely identifies the AirTag, it uses identifiers you would have access to if you were near enough to read NFC (<10cm) before the device is registered:

Apple’s servers accept any combination of values and parameter names. The only one used is sr and it can be empty. See here.

https://found.apple.com/airtag?sr=

I don’t yet have another AirTag to compare the values across different devices. For a single unit, the values are persistent across power cycles, long runtime, resets and modes.

Registered

When the AirTag has been registered to the FindMy network with an iOS device, the tag URL changes slightly to the following format:

https://found.apple.com/airtag?pid=5500&b=00&pt=004c&fv=00100e10&dg=00&z=00&pi=793f8d9fccaa91c3c177f32acf47160656873168d72f070cd925ce97
ParameterValueDescription
pid5500Product ID for AirTag?
b00Battery related?
pt004cUWB Precision tracking/Finding version?
fv00100e10Firmware version?
dg00Diagnostic code?
z00Unknown
piVariesPublic identity (224 bits long)

In summary, the parameters bt, sr and bp have been removed and replaced with a single anonymous identifier, pi (not to be confused with pid).

pi is the only parameter that changes. It is updated at least every 15 minutes when the Bluetooth address and/or the advertising data changes. It is likely the current P-224 public key, or a SHA-224 hash of the key. It does not match the BLE advertising data which should contain the public key.

Again, most parameters are optional. The only requirement is that pi is valid.

Apple servers can somehow connect this to a specific device as the page shows the corresponding serial number (maybe even before the AirTag has been registered) as well as the owner’s lost message and phone number if available. Apple claims to not store any information about the AirTags and only the owner’s phone and the AirTag can generate their rotating public keys.

The firmware function that generates this URL has been identified by @ghidraninja. Further reverse engineering could reveal the meaning of the unknown URL parameters set by that function.

https://twitter.com/ghidraninja/status/1390639514134237186

https://twitter.com/ghidraninja/status/1390639514134237186

Privacy Concerns

While it is possible to use other products similar to AirTag to track people, they cannot benefit from the unmatched global coverage of the FindMy network. This makes the AirTag a more appealing device to people with malicious intent and so privacy features are important.

Let’s look at how reality compares to the claims Apple makes about the AirTag privacy features when the known security issues are considered.

  1. Sound alerts are infrequent and unlikely

    “When moved, any AirTag separated for a period of time from the person who registered it will make a sound to alert those nearby” - Source

    Reality: Sound alerts don’t start until three days after separation. Even then, they only happen once motion is detected, for a maximum of 20 seconds of detected motion. The AirTag is then silent for 6 hours at a time between waiting for motion to make a sound for a maximum of 20 seconds.

    Impact: An AirTag unknowingly placed in someone’s possessions can be used to track them for at least 3 days, enough to identify their routine. After that, it is likely to make noise for a maximum of 40 seconds a day during a normal commuting schedule (2 motion triggers >=6 hours apart). Movement is likely to coincide with a noisy environment while travelling or muffled by objects touching the white casing.

    Solution: More frequent/randomised checks for sound events that last longer, or wait for motion to stop to increase the chance of it being heard. Apple has suggested this period can be adjusted.

  2. Speaker can be disabled

    “An AirTag that isn’t with the person who registered it for an extended period of time will also play a sound” - Source

    Reality: The coil can be disconnected without disassembly. The AirTag operates as normal without the voice coil connected. I have observed all sound related events still occur, just silently. Further, the magnet can be removed instead, if the AirTag is updated to check for an open circuit.

    Impact: An attacker can easily modify an AirTag and be unknowingly placed in someone’s possessions to track a target’s location without them being audibly notified of its presence.

    Solution: Use the accelerometer to measure the vibration that should be caused by the loud sound, or add a microphone.

  3. Location can be tracked for the whole day

    “Bluetooth signal identifiers transmitted by AirTag rotate frequently to prevent unwanted location tracking” - Source

    “Identifiers rotate several times per day” - Source

    Reality: The Airtag changes the identity it broadcasts once per day, at 04:00AM local, when it is separated from its owner’s device. Alternatively, it changes once every 24 hours after a power cycle occurs. Apple requires Bluetooth accessories to change their identity every 15 minutes, including other FindMy devices. However, AirTag only updates the last byte of its BLE advertisement data. The BLE device address, and public key, remain static until the next day. Note: AirTag only starts broadcasting when it is away from its owner’s device, with a new identity generated upon disconnection.

    Impact: An AirTag user can be uniquely identified and tracked, by anybody within Bluetooth range, for the remainder of the day. This is likely to include going to their home.

    Solution: Update the public key more frequently than every 24 hours, but less often than every 15 minutes so that the “AirTag Found Moving With You” alert is still possible.

  4. Location can be spoofed

    “If AirTag is separated from its owner and out of Bluetooth range, the Find My network can help track it down.” - Source

    Reality: AirTags are identified only by their public key which is broadcast over BLE advertising packets. There is no authentication with this identifier. Any nearby BLE device can capture these identities and replay them to appear like the genuine AirTag.

    Impact: An attacker could steal a personal item containing an AirTag and record the current public identity before removing the battery. This identity can be relayed to any BLE device in a decoy location to give the owner a false search area to recover their property.

    Solution: The FindMy app on the owner’s phone could filter out fast moving, unrealistic location reports, or that use expired identities. Apple’s backend cannot do this as the location reports are end to end encrypted. Appending an authentication tag to the BLE packet is difficult due to the already limited payload size.

  5. “AirTag Found Moving With You” alert can be avoided

    “Find My will notify you if an unknown AirTag is seen moving with you over time.” - Source

    Reality: This is a good feature, for those with iOS devices. However, it is difficult to make reliable without false positives from being near other AirTag owners. To help avoid this, Apple checks for remaining unknown AirTags when the iOS device reaches known locations such as home.

    Impact: An AirTag could be reprogrammed to change its identity faster than the time window that triggers this alert, instead of the default 24 hours. Alternatively, several valid identities could be recorded and a custom BLE device programmed to cycle through them fast enough to appear as several different AirTags and avoid triggering the alert.

    Solution: This is difficult to solve, but it would help to let the user choose the time window that triggers the alert to a value that works best for their travel habits.

    1. Location history could be decrypted

    “The Find My network is end-to-end encrypted so that only the owner of a device has access to its location data” - Source

    Reality: Apple explains the private key pair used to generate new identities is synced across devices. This means the AirTag needs to store secrets without a suitable secure memory. Note: Apple may have modified the FindMy encryption mechanism to be more appropriate for the AirTag’s insecure hardware by only storing the public key, as suggested here.

    Impact: A lost AirTag could be analysed to extract the private key from memory. From this the public key(s) can be calculated to download the owner’s location records and decrypt with the now known private key(s).

    Solution: Only store public keys, or limit secret keys to volatile memory. I have seen behaviour that indicates the AirTag may do this to a limited extent, at least until it is separated from its owner for 3 days and then retains its identity between power cycles.

Security Issues

There is a surprising lack of basic security controls in the AirTag. The result is that non of the data in the device seems to be protected from tampering or information disclosure. Apple is surely aware of this, so they must believe this is not a threat.

nRF52832

Unprotected internal memory

The nRF52832 has Access Port Protection (APPROTECT). This disables access to the Debug Port through SWD and prevents reading out the internal flash. AirTags are confirmed to have this security feature enabled.

However, it is known that this protection is vulnerable to side-channel attacks and can be bypassed on all nRF52 devices through voltage glitching as described here. On the AirTag, the pin that is glitched is easily available on the top side of the PCB next to the test pads.

We can assume Apple are aware of this exploit as it was disclosed in Q2 2020. This would have been towards the end of the development cycle for the AirTag so it is unclear if/how Apple addressed this risk.

The privacy mechanism used by FindMy devices uses well-documented cryptography and so is not dependant on the confidentiality of the firmware. However, it would be possible to disable other privacy features that Apple advertises, extract Bluetooth pairing keys to connect to the owner’s phone, or run completely custom firmware.

(Lack of) Secure Boot

Modifying the firmware does not result in a boot failure. This indicates the signature of the firmware is not checked against a trusted Apple certificate.

Over the air updates

It is unclear whether there are any signature checks on OTA update images via DFU. If not, this could raise many severe possibilities, such as remotely disabling privacy features, extracting private keys, or even malicious firmware spreading itself to any nearby AirTag as a worm.

Insecure storage

Other Research

Several people have looked into the security of Apple’s AirTag and the FindMy network and reported similar findings:

Mods

Shrinking the AirTag to add tracking to other devices

Is it possible to make the AirTag even smaller to put it inside other devices?

The host device’s battery could be used for power, with the device casing acting as a diaphragm for the speaker by attaching the voice coil. The smallest possible dimensions while retaining all functionality is:

VersionDiameterHeight
Stock32mm8.0mm
Disassembled26mm3.3mm

Remote control

I demonstrated this idea is possible by adding an AirTag to a commonly misplaced item: a remote control. All functionality remains, as shown here.

Credit card

Andrew Ngai repurposed a disassembled AirTag, into the form factor of a credit card, to be able to track his wallet.

Use custom sounds

Can the sounds the AirTag makes during startup and when lost be changed?

Need to investigate if raw audio files are used (and where they’re stored) or generated live programmatically.

The startup sound (example) is made of a few frequencies around 3kHz. Spectrum:

Add support for Android devices

The firmware could be modified to allow connections from Android devices. An Apple ID would still be needed to make use of the FindMy network to authenticate downloading encrypted location records.

Battery Life

The AirTag is supplied with a CR2032 Lithium coin cell from Panasonic. This has a nominal capacity and voltage of 225mAh and 3V.

I measure a 2.3µA load on the battery while the AirTag is idle. The datasheet shows the expected capacity with such a small load to be almost the whole 225mAh. The AirTag will power up from a supply of at least 2V, which works well with the cell’s cut off voltage of 2.0V.

This gives a maximum battery life of at least 11 years if the device never came out of sleep.

Achieving a sleep current of 2.3µA is impressive given the nRF52832 alone uses 1.9µA (at 1.8V) while asleep with RTC running, according to its datasheet. This means the rest of the circuitry is designed to be very efficient, minimise leakage and actively shut down or remove power from unused components such as the U1 and flash.

Power traces

The current consumption for many of the AirTag’s wake up events have been captured and more will be added here soon.

Note: some traces have a recognisable capacitor charge/discharge curve due to bulk capacitors not being removed from the PCB during the test.

Bluetooth advertisement

0.4mA wake up and prepare. BLE TX at 6-7mA on the 3 advertising channels (37,38,39). ~4ms total event length. Occurs every 2000ms

1ms/div (horizontal). 1mA/div (vertical).

Precision finding

5ms wide spikes at ~25mA then 50ms of base current at ~4mA. BLE connection events every 30ms.

50ms/div (horizontal). 5mA/div (vertical). Precision finding active at 0s, disabled at 0.4s.

#reads #adam catley #airtag #apple #reverse engineering #security