Papers
Topics
Authors
Recent
Search
2000 character limit reached

A Relay a Day Keeps the AirTag Away: Practical Relay Attacks on Apple's AirTags

Published 11 Apr 2026 in cs.CR and cs.CY | (2604.10138v2)

Abstract: Apple AirTags use Apple's Find My network: when nearby iDevices detect a lost tag, they anonymously forward an encrypted location report to Apple, which the tag's owner can then fetch to locate the item. That encryption protects privacy -- neither the finder nor Apple learns the owner's identity -- but it also prevents Apple from validating the correctness of received reports. We show that this design weakness can be exploited: using a relay attack, we can inject manipulated location reports so the Find My service reports a false position for a lost AirTag. The same technique can be used to deny recovery of a targeted tag (a focused DoS), since the owner is misled about its whereabouts.

Summary

  • The paper demonstrates that relay attacks can inject manipulated location reports into Apple’s Find My system, misleading both owners and backend services.
  • The methodology involves capturing BLE advertisements and using custom hardware to relay signals, proving the feasibility of the attack with commodity devices.
  • The study highlights significant security implications, exposing a trade-off between privacy and authenticity, and suggests potential anti-stalking countermeasures.

Practical Relay Attacks Against Apple's AirTags: A Comprehensive Analysis

Introduction

This paper rigorously investigates the security and privacy implications inherent in Apple's AirTag item-finding ecosystem, with a focus on exploiting gaps in the privacy-agnostic design of the Find My protocol. The main contribution is the demonstration and in-depth characterization of a practical relay attack that enables adversaries to inject manipulated location reports and thus mislead AirTag owners and Apple’s backend about the true location of a tag. The findings challenge assumptions regarding the integrity of crowdsourced geolocation reporting when end-to-end privacy is prioritized at the protocol level without robust location authenticity guarantees.

Attack Model, Methodology, and Implementation

The attack is predicated on the fact that Apple's Find My protocol encrypts location reports from participating iDevices before submission, protecting ownership privacy but preventing the server from authenticating the truthfulness of uploaded locations. The authors empirically validate that this design enables a relay attack:

  • The adversary captures BLE advertisements emitted by a target AirTag.
  • These beacons are then rebroadcast—either locally or at a remote site—using custom hardware and open-source BLE tooling capable of arbitrary MAC address injection (notably Linux and ESP32 platforms).

This relaying causes proximate iDevices at the rebroadcast site to detect the AirTag and generate location reports referencing a false position, effectively spoofing the AirTag’s location in the Find My system. Figure 1

Figure 1: Relaying an AirTag's BLE advertisments over the Internet injects false location reports into the Find My system.

The experimental campaign is conducted under controlled conditions, with careful isolation of the AirTag signals, systematic collection and timestamping of BLE advertisements, and validation of relay-induced geolocation falsification via controlled replays using a relay server.

Empirical Characterization of Protocol Behavior

The study details nuanced protocol behavior in response to relayed beacons, including:

  • Cloud Reports: Find My app retrieves location reports from Apple’s cloud, accepting only those referencing the AirTag’s most recent public key (rotated every 24 hours). Relay of up-to-date beacons causes the app to oscillate between spoofed and genuine locations, as both coexist until the tag’s beacon rotates.
  • Local BLE Beacons: When the owner’s device directly receives a passive BLE beacon from the tag (even historic captures), these are prioritized over cloud-sourced locations. This allows adversaries to mislead an owner even if the physical tag is not present, provided the beacon is still considered valid by the app.
  • Replay Lifetime: Analysis reveals that captured BLE advertisements can be relayed with impunity for up to seven days if public key rotation is suppressed (e.g., by removing the AirTag battery). After this window, the Find My app flags beacons as outdated and ceases to display them. Figure 2

    Figure 2: Key rotation mitigates cloud replay; historic beacons can mislead via local BLE. Local replays can persist for seven days if key rotation is halted.

These findings are validated across multiple platforms and device configurations, reflecting the robustness and practical feasibility of the proposed attack vector.

Implications and Impact

The results expose a significant security-privacy trade-off in the Find My protocol implementation. While privacy guarantees are strong—ensuring neither Apple nor relay device owners can connect reports to tag owners—the lack of authenticity/auditability for submitted locations directly enables targeted DoS and location spoofing. This vulnerability is critical when AirTags are used for high-value asset tracking or safety applications, as adversaries can effectively render the owner unable to recover an item or trust Find My’s reports.

On the practical front, these attacks are well within reach for moderately resourced adversaries using commodity platforms and open-source tools. The work also identifies the potential for protocol manipulation not only as an attack, but potentially as an anti-stalking countermeasure, should relay functionality be deliberately deployed to obfuscate surreptitious tracker placement.

From a theoretical standpoint, this research highlights the difficulty of guaranteeing both end-user privacy and report integrity in crowdsourced networking protocols for physical-world tracking—a consideration increasingly pertinent as similar BLE-based systems proliferate.

Future Directions

The authors propose investigating which algorithms the Find My app uses to reconcile inconsistent or maliciously injected location reports (e.g., averaging, voting), as well as extending their evaluation to competing tracker ecosystems (e.g., Chipolo, Samsung SmartTag, Tile) to determine if similar privacy-integrity conflicts exist. Furthermore, the dual-use potential of relaying as an anti-stalking measure represents an unexplored defensive avenue that may warrant careful protocol redesign to strike an optimal privacy/security balance.

Conclusion

This work conclusively demonstrates that Apple’s AirTag and Find My protocol are susceptible to practical relay attacks facilitated by structural privacy features. By leveraging the lack of server-side validation and the protocol’s acceptance of unverified reports, adversaries can inject manipulated locations, denying legitimate tag recovery or executing targeted misinformation attacks. These findings call for careful reevaluation of protocol design choices to adequately address the tension between privacy and authenticity, informing both future item-tracking hardware and broader BLE crowdsourcing architectures.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.