The AirTag can be weaponized to steal credentials without much effort, security researcher claims.
A bug in the Apple AirTag could be exploited by malicious users to inadvertently lure good samaritans into a phishing scheme. When put in the “Lost Mode”, the AirTag will spit a small personalized URL and message whenever it is scanned by the NFC-enabled Android or iPhone of whoever finds the lost tracker. Cybersecurity researchers however discovered that the Lost Mode doesn’t stop the users from injecting arbitrary code into its phone number field.
