A few months ago Apple made available for retail Apple AirTag. An AirTag was designed to help you find lost or stolen items through the Find My App on your iPhone, iPod, or iPad. These devices are circular and only 32mm in diameter, slightly larger than a US quarter (25mm), and are reportedly tremendously accurate at pinpointing the locations of items they are associated with. Many of the common uses include attaching the AirTag to a key ring, luggage, a child’s backpack, a pet’s collar, and TV remotes – all great ideas and reasons to use this technology.
The technology behind these devices has been around for many years. A transponder is a wireless communication, monitoring, or control device that picks up and automatically responds to an incoming signal. The term is a contraction of the words transmitter and responder. It has been tracked back to motor racing in the 1980s, and Texas Instruments’ release of lower-cost products in the 1990s. Apple’s AirTag patent application was filed under “Multi-Interface Transponder Device – Altering Power Modes.” A solid and time-tested technology, now being used for a broader commercial application.
Taking Transponder Technology to a Commercial Market
As often happens, good things can be used for bad. In this case, the bad could be the use of these (and other similarly situated competitor devices) as stalking mechanisms violating another’s security and privacy. In this blog, the aim is not to point to Apple (who by the way are taking steps to increase the privacy and security features of the AirTags) but instead to make you aware of the maleficence of these devices and how one can protect themselves from falling victim to misuse of the technology.
So the questions are: Can this happen? Is there any way to protect yourself? The answer to both questions is yes.
AirTags can be used to violate one’s privacy and security when used to stalk or track an individual unbeknownst to the victim. These small button-like devices that retail for under $30.00 can be placed in someone’s handbag, bookbag, or hidden away inside a car for spying. Then again, you can turn on the tracking feature of your phone and accomplish the same act. AirTags use sensors, wireless signals, and Apple’s massive network, through their Find My application, enabling very precise location identification. The owner of the AirTag has all the monitoring controls on his/her phone. While there is a real concern for all of us when AirTags are misused, this is especially true of those who are in an abusive domestic relationship.
These concerns have not gone unnoticed by Apple. In their initial offering, Apple provided safeguards to thwart the use of tracking people. Their first safeguard included a notification on the iPhone of the person potentially being tracked that reads: “AirTag Found Moving With You.” This is a great alert; however, it only works if you have an iPhone, iPad, or iPod Touch running iOS 14.5 or later, with the Find My Network option enabled. Apple is working to release an app for Android users. For those with an iPhone running the latest software, this notification alert will take you through the steps to silence the alert and even disable the AirTag by removing its battery.
Additionally, Apple provides an audible alert. At Apple’s initial offering of AigTag, the audible alert emanating from the AirTag only went off after three days of the AirTag being separated from the owner. New updates by Apple are resetting the three-day alert to a random alert within 24 hours, but no sooner than 8 hours. Many have remarked the sound is not very loud, can be muffled, and even disabled. Apple has also heard concerns related to the three-day alarm never being reached for victims who live with or in range of the stalker’s iPhone, as the clock resets when the device and its paired iPhone are nearby. Apple is trying to find a balance between the audible alert going off too soon during legitimate use versus the concerns voiced by many for alerting a victim sooner.
How to Protect yourself:
- Make sure your Apple device is updated to the latest iOS to ensure notification. Apple will push security updates and features in their latest release.
- Make sure the Find My network option is enabled. (If it is disabled you will never receive a safety alert).
- Make sure that the option to turn off all “item safety alerts” is NOT enabled in the Find My application.
- If you are an Android user, watch for Apple’s release of the AirTag application and install it on your device so you will receive the “AirTag Found Moving With You” notification.
- Physically search your handbag, gym bag, backpack, pockets, car, etc. (These devices are very small making this type of search challenging, but it is a necessary evil to move toward peace of mind).
- If you find an AirTag or similar transponder, it can be disabled by twisting the cover off the back and taking the battery out. This will prevent your location from being shared.
- To potentially identify who owns the AigTag, using your iPhone’s Find My application or on an iPhone or a Near Field Communication (NFC) reader on Android, tap to the white side of the AirTag. A notification will appear that will take you to a webpage showing the serial number. With the serial number and a court order, you may be able to identify which iPhone the AirTag is registered to.
- You can use Bluetooth tracking apps that will give you an idea of what is around you but will not specifically call out an AirTag by name but might be enough to identify a device that is unrecognized or unaccounted for.
New Technology, New Risks
In the right hands and used for the correct purposes, AirTags and transponder technology as a whole is a revolutionary improvement in tracking and managing. If used without permission, without legal rights, or for unwanted purposes, this technology can be explosive. Our legal systems are maturing and further clarification and case law on privacy, computer crimes, wiretapping, and the like is evolving. Be cautious and make sure you do not become a victim of our ever-evolving world.
At Capsicum, we are frequently asked to investigate matters concerning privacy and security to include a client’s technology being compromised, such as having spyware and activity-monitoring software programs unknowingly installed on their devices that give hackers access to personal data. Additionally, we provide services related to determining whether tracking devices have been employed against our client. These cases run the gamut from personal, business, corporate, and government compromises to family law matters.
For over 20 years, Capsicum Group has been providing comprehensive support in the areas of hosted eDiscovery services, digital forensics, data recovery, computer investigations, privacy and security, vulnerability assessment, penetration testing, technology delivery, regulatory compliance, cyber-crimes, and incident response.
Founded within the law firm Pepper Hamilton LLP in 2000, Capsicum combines our deep knowledge of law and technology to help clients meet challenges and respond to opportunities. We have performed thousands of collections across many different media and platforms. Our consultants and eDiscovery analysts are certified professionals who have worked on such cases as computer hackings, data breach investigations, intellectual property theft, global bankruptcies, crimes against children, white-collar criminal defense, and internal corporate investigations. We are recognized in the industry as experts and have testified in state, federal, and international courtrooms. Capsicum is headquartered in Philadelphia, PA with offices in New York, Florida, Texas, and California