When Apple introduced the AirTag, they also added support for the Find My network which means users can use the site to find items to which they have attached the AirTag. Unfortunately, it seems that there may be a flaw / flaw in the system that could lead to the “Good Samaritan” attack.
This is according to a report from KrebsOnSecurity which found that when AirTag’s Lost Mode is enabled, Apple does not check whether the computer is logged into the phone number. This means that if someone finds a bad AirTag and checks it on their phone, it can create a pop -up that can direct users to a phony iCloud login page.
Users who think they are doing something good may enter their Apple ID credentials to try and help, but may end up having their login credentials stolen instead. Speaking to KrebsOnSecurity, Bobby Rauch, who discovered the vulnerability, said he told Apple about it.
Although Apple has raised the issue and said it will be repaired in the near future, they did not respond when asked about a set time for repairing it, if it will be successful. well, if his acquisition would qualify him for the Apple bug bounty program. This apparent lack of connection to someone displeased other developers and researchers.
Recently he was a researcher forced to go public with his quests after being handed over to Apple but there was no response from them. Following unwanted attention, Apple later announced and said they were still investigating.