Apple AirTags and Finding Intelligence Agency Fronts

Apple's popular location tracking devices are a nightmare for organizational security.

Illustration of someone dancing with headphones and a mobile phone.

An interesting thing happens when consumer technology products are created and distributed to a population—if any nefarious capability can be found in their use, it will be found, and it will be used for that purpose.

Well, maybe that isn't all that interesting. It's obvious that would happen. The cost-benefit analysis of whether the development of the product is a net positive or a net negative to society is math that is likely beyond anyone's capability, however. In a twist of extreme irony, developing that econometrical capacity would likewise be bent to bad ends and do more harm than good.

The Apple AirTag, in particular, has been incredibly problematic. Are you trying to stalk someone? Want to know when someone leaves their house so you can do some burglary? Want to see when that expensive car is in a location where it will be easy to steal? Tape one to the underside of their vehicle.

Beyond simple theft and harassment, intelligence services have been grappling with the issues tracking devices and end-to-end encryption cause for their line of work. When you want to eavesdrop on someone or when you want to unencrypt data, modern encryption technology throws a wrench in the works. Gone are the days you could just put on a utility worker's hard hat, a tool belt, and some Carhartts and shimmy up a telephone pole to run a wiretap. The modern equivalent requires a tech repair service front business, getting people to download files with malicious QR codes, or sending socially-engineered emails with spoofed headers. Who knows what the latest and greatest circumvention method is these days—it's likely all of the above and situationally dependent.

But speaking of front businesses...

Bundesservice Telekommunikation — enttarnt: Dieser Geheimdienst steckt dahinter
Nach einer Tarnbehörde suchen und drei finden. Mit welchen einfachen Tricks deutsche Geheimdienste entlarvt werden können.

Lilith Wittmann is a German activist and security researcher living in Berlin. After trying to find information on a little-known and barely-used office and whether it was a front for a spy agency, she mailed some AirTags to it. Shortly afterward, she watched as the tracking devices were sent to facilities used by German intelligence services, confirming her suspicions.

Bureaucratic organizations have a long way to go if they want to keep up with consumer electronics. The obvious solution that this intelligence service should have implemented was to wrap the AirTag tightly in tin foil before shipping it off to be processed. This would block the Bluetooth signal and stop the device from being able to communicate with Apple devices in its vicinity, preventing their locations from being exposed. This is a $0.01 solution that was just not implemented.

It's always troubling when various federal agencies appear not to understand the basics of their fields and industries, and honestly, I don't know if that's a good thing or a bad thing.