SecureMac, Inc.

Checklist 267: But We Had AirTag Last Week…

February 18, 2022

AirTag security updates from Apple (and plans for more in the future). Plus, helpful advice on AirTag security from New York State.

Checklist 267: But We Had AirTag Last Week…

On this week’s show:

Apple takes further action on AirTag

AirTag is a unique security and privacy threat. There are lots of digital dangers out there: phishing, keyloggers, stalkerware, and scams upon scams upon scams. But all of these threats have one thing in common: The bad guys have to have some level of skill in order to make them work.

Not so with AirTag. Any jerk with $29 and a grudge can use one to track you!

Apple is coming around to the seriousness of the problem. Last week, the company published an update on AirTag, and announced some planned changes that will mitigate the danger. Here’s what Apple is doing right now:

  • Giving a warning to users during AirTag setup to let them know that tracking people without consent is a crime in many locations. The warning states that Apple would have to tell the authorities who owns the AirTag, if asked. This one, hopefully, will have the effect of deterring potential stalkers.
  • Changing the on-screen messaging that people receive to differentiate between an “Unknown Accessory Detected” and a pair of AirPods detected.
  • Expanding on the unwanted tracking support section of the Apple website, and providing some additional resources to people who feel that they are in danger: links to The National Network to End Domestic Violence and The National Center for Victims of Crime.

Coming changes to improve AirTag safety

Apple is also planning some changes that will improve AirTag safety (although these will come later in the year):

  • Precision Finding will let users of newer iPhones (iPhone 11, iPhone 12, and iPhone 13) to pinpoint the location of an unknown AirTag. The feature will make use of the newer model devices’ powerful suite of AR and motion data tools.
  • AirTag alerts will be visual, instead of just making a beeping noise. This should help in cases in which the AirTag’s speaker has been disabled, or when an AirTag is in a place where it can’t be easily heard.
  • Providing unwanted tracking alerts sooner, so there’s less of a delay between someone tracking you and you getting a notification.
  • Improving the sound used to locate a hidden AirTag. From Apple’s description it seems as though they’ll be making the tone louder.

Some practical advice from New York

Law enforcement and government agencies across the country are also starting to recognize that AirTag stalking is an issue.

This week, the Office of the Attorney General for the State of New York released some guidance on AirTag safety. It’s a great list (here’s the link in case you want to read it in full). It’s also an excellent example of how cybersecurity communication should be: practical, clear, and measured.

Here’s what the New York AG’s office recommends:

  • Listen for beeping and watch for “Item Detected Near You” notifications on your iPhone
  • Get Tracker Detect from the Google Play Store if you’re an Android user
  • Realize that not all unknown AirTags are malicious
  • Stay current with Apple’s updated guidance
  • Update your device’s OS

Good, useful advice, and again, notable for being so clear and easy to understand. Also noteworthy: the focus on being cautious without automatically assuming a worst-case scenario. For example, here’s what the AG has to say about unfamiliar AirTags:

While it is important to be careful, AirTags are sometimes legitimately lost by their users, and your device will alert you regardless. If an AirTag has been reported lost, your Find My notification will give you information to allow you to return it.

We like it. If only all cybersecurity communication was this good!

But it could be worse!

There’s been a lot of focus on AirTag safety, and on Apple. But there’s something missing from these discussions. Namely, that there are other, non-Apple personal tracking devices on the market — and that these are arguably far more dangerous than AirTag!

A recent New York Times article described what happened when a Times reporter ran a side-by-side test of popular tracking devices on her husband (with his consent, of course!). The reporter wanted to see how AirTag stacked up against two other leading tracking devices: a Tile and a LandAirSea GPS tracker.

Her findings were striking. Despite all the public concern over AirTag, it turned out that the LandAirSea GPS tracker was the scariest of the bunch, at least from a personal safety perspective. It updates its location every three minutes. Worse still, it doesn’t provide any kind of alert to warn the person being tracked. The Tile actually updated its location less frequently than the other devices. That makes sense: Because Tile uses a dedicated network to determine location, it doesn’t need to update location as often. 

AirTag, meanwhile, proved extremely accurate in densely populated New York City — but it also did its best to warn the journalist’s husband that he was being tracked. The warnings weren’t ideal (he said he couldn’t pinpoint the device’s exact location), but the test subject did know that something was amiss, because he kept getting notifications that an unknown device was following him.

So while AirTag isn’t perfect, it’s apparently better than some of the alternatives. And at least Apple recognizes that there’s a problem, and is actively trying to improve the situation.

Do you have a question about digital security and privacy? Send us an email so we can answer it on a future edition of The Checklist!

Get the latest security news and deals