Reverse Engineering : Apple’s AirTag
- prabhu p
- 2 days ago
- 4 min read
Imagine losing your keys in a coffee shop. Hours later, you're staring at your iPhone, which pinpoints their last known location on a map—thanks to a tiny AirTag and an anonymous stranger’s iPhone.
But here’s the catch: Neither Apple, nor that stranger, nor even the AirTag itself knows your keys were found.
At least, that’s what the marketing says.
For our graduate project in Network Security , I dissected the Apple AirTag’s cryptographic design. We explored public research, analyzed firmware-related vulnerabilities, and reconstructed the cryptographic protocol.
The result? A functioning model of the AirTag’s privacy system—and a more nuanced view of the “end-to-end encrypted” myth.
Reverse Engineering & Academic Research
components found are:
Bluetooth Low Energy (BLE) – Broadcasts rotating public keys every 15 minutes for anonymous tracking.
Near Field Communication (NFC) – Enables tap-to-reveal contact info in Lost Mode.
Ultra-Wideband (UWB) – Supports precise directional tracking with compatible iPhones.
Cryptographic Chip / Secure Enclave – Performs ECC key generation, ECDH, and AES encryption.
Speaker – Emits sound to help locate the AirTag or alert nearby users.
Battery (CR2032) – Powers the device for up to a year without charging.
Network security
BLE: Broadcasts rotating ECC public keys so no one can track you over time.
Cryptographic chip: Handles key generation, ECDH exchanges, and AES encryption behind the scenes.
UWB: Lets your iPhone point you right to the AirTag with super accurate direction.
NFC: Lets someone tap the AirTag to see your contact info—only if you allowed it.
iCloud & HTTPS: Stores encrypted location data, but you have to trust Apple not to peek.
Lets crack down with what i found in airtag.
Basic Architecture on idea - how it works
Lets see the Network security process.
Ephemeral Key Rotation – A Ghost Every 15 Minutes
AirTag generates a new ECC key pair every 15 minutes, derived deterministically from a unique seed and timestamp. The private key is ephemeral and never stored; only the public key is broadcast via BLE.
from cryptography.hazmat.primitives.asymmetric
import ec from cryptography.hazmat.backends
import default_backend
private_key = ec.generate_private_key(ec.SECP256R1(), default_backend()) public_key = private_key.public_key()Algorithm: SECP256R1
Why: ECC offers RSA-grade security with smaller key sizes (256-bit ECC ≈ 3072-bit RSA)
Security benefits: Unlinkability, forward secrecy
Even if an attacker captures a key, past (and future) broadcasts can’t be linked.
Nearby iPhones Encrypt the Location—Without Ever Knowing It - ECDH Shared Secret Derivation
If a stranger’s iPhone detects your AirTag, it participates as a helper device. Here’s what it does:
Generates its own ECC key pair
Performs an Elliptic Curve Diffie-Hellman (ECDH) exchange with the AirTag’s public key
Derives a shared secret
Uses HKDF to derive a symmetric AES key
Encrypts its own GPS location using AES-CTR
Uploads the encrypted blob to Apple’s iCloud
# ECDH key exchange
shared_secret = phone_private_key.exchange(ec.ECDH(), airtag_public_key)
# AES key derivation with HKDF
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives import hashes
aes_key = HKDF(
algorithm=hashes.SHA256(),
length=16,
salt=None,
info=b"airtag-encryption",
backend=default_backend()
).derive(shared_secret) # Encrypt GPS data
import os
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
iv = os.urandom(16)
location_data = b'{"lat": 39.7392, "lon": -104.9903}'
cipher = Cipher(algorithms.AES(aes_key), modes.CTR(iv), backend=default_backend())
encryptor = cipher.encryptor()
ciphertext = encryptor.update(location_data) + encryptor.finalize() 
•AES (Advanced Encryption Standard): A block cipher used for encrypting fixed-size blocks.
•Encrypting GPS coordinates using AES in CTR mode (secure and lightweight for IoT).
•Only someone with the same AES key and IV can decrypt it correctly.The helper never knows what it encrypted. Apple stores it, but can’t read it either (at least, not directly).
Performs ECDH - own ephemeral private key and the AirTag’s ephemeral public key
Airtag : shared_secret = sk_airtag.exchange(ECDH(), pk_helper)
Helper Iphone : shared_secret = sk_helper.exchange(ECDH(), pk_airtag)
ECDH ensures sk_A pk_B = sk_B pk_A on the curve.
Owner Decrypts the Location—With the Same Key
The owner’s iPhone reconstructs the same ephemeral private key, performs ECDH, derives the AES key via HKDF, and decrypts the blob from iCloud.
# Decrypt on owner’s iPhone
decipher = Cipher(algorithms.AES(aes_key), modes.CTR(iv), backend=default_backend())
decryptor = decipher.decryptor()
decrypted_data = decryptor.update(ciphertext) + decryptor.finalize() Basic Idea on this :
This system works—assuming:
Apple never interferes
The firmware remains secure
Key derivation parameters stay secret
But Is It Really End-to-End Encrypted? Answer Yes and Big NOOO.
Technically, yes. Functionally? Not fully.
Despite Apple's claims, our review of vulnerabilities and implementation gaps suggests that Apple still holds the control levers.
Real-World Vulnerabilities (from Patched Reports)
These aren't theoretical—Apple patched them. But they show the system isn’t zero-trust.
Final Thoughts
I didn’t hack an AirTag—but we modeled it critically and technically.
Apple’s design uses strong cryptography—ECC, ECDH, AES, HKDF—to protect location privacy. But the system isn’t zero-trust. It relies on trusting Apple to do the right thing.
What Could Go Wrong?
Firmware tampering could disable key rotation or leak the seed.
BLE spoofing can create fake AirTags to confuse or track people.
Lost Mode fields once allowed XSS attacks for phishing.
Apple still sees metadata—who interacted with what, when, and how often.
OTA updates, if insecure, could silently change how the cryptography works.
Bottom line? The crypto is solid—but the trust model is centralized. If Apple ever bends the rules, your privacy goes with it.
Commenti