Search

What You Need To Know About Apple AirTag Security Risks and How They Compare

The other night, I watched an episode of “A Million Little Things”, a drama series that follows a group of friends from Boston as they navigate life’s often unexpected curveballs. In the particular episode, one of the characters was shown planting a tag on Maggie, which allowed him to track her location. Perhaps this might have gone unnoticed by others but, considering my career revolves around the issue of personal safety and location data, I couldn’t help but wonder – isn't this an incredibly problematic privacy violation? More importantly, are there real-world examples of this happening?


For those unfamiliar, Apple AirTags are small Bluetooth tracking devices used to track important items like keys and wallets, similar to the ever-popular Tile platform. After the device is set up, you can see your item's last known location if you've attached an AirTag to it. If the item is within Bluetooth range, you can also use the Find My app to signal the AirTag's tiny built-in speaker to play a sound. While this use case is easy to understand and justify (we all misplace things from time to time), there appears to be a more malicious application for the AirTags’ Bluetooth capabilities. As it turns out, the issue of Apple AirTags and, more specifically, their potential application as a tool to stalk unsuspecting individuals, has made headlines a number of times over the last few years. In January of this year, Sports Illustrated model Brooks Nader took to social media to warn her followers to “be more aware of their surroundings”, after a stranger attempted to track her location using an Apple AirTag. Nader told her followers that she received a notification alerting her that her location was being tracked after leaving a bar in Tribeca, NYC. According to the posts, Nader had been at a crowded establishment waiting for a friend, and she had her coat slung behind her on a chair. She didn't notice anything out of the ordinary and left; however, when she received the alert that her location was being tracked, she realized someone had planted an AirTag in her coat.


Similarly, in 2021 a woman shared her experience tracking her child’s location via an Apple AirTag clipped to his backpack to test its privacy features. “My experiment highlighted how easily these trackers could be used to track another person,” she wrote. To this effect, New York Attorney General Letitia James sent out a consumer alert with "safety recommendations" to protect New Yorkers from ‌AirTags‌ in February of this year. Similar to Apple’s own recommendations, James urged individuals to listen for unfamiliar beeping and watch for “Item Detected Near You” notifications on iPhones. Android users, she noted, do not have access to this feature, but can download Apple’s “Tracker Detect” app to manually scan for AirTags.


In response to public scrutiny and concerns relating to AirTag security threats, Apple updated its AirTag technology to make a noise, at random times between eight to 24 hours, when they are separated from their owners. The company also published detailed instructions individuals can utilize to disable an unwanted AirTag from the phone. “AirTag was designed to help people locate their personal belongings, not track people or another person’s property, and we condemn any malicious use of our products in the strongest possible terms,” Apple shared at the time. “Unwanted tracking has long been a societal problem, and we took this concern seriously in the design of AirTag.”


Specifically, AirTags utilize “ultrawideband technology” offered via Apple’s U1 chip, which allows for “Precision Finding”. This feature uses a combination of Apple's ARKit software and the phone's camera, accelerometer, and gyroscope to guide users toward the precise location of their AirTag. Users can also expect to receive helpful notes, including how many feet away their AirTag is while approaching the lost item. While ultrawideband technology allows for the convenient transmission of ultra-precise, real-time location data, we are also now aware of how it can be leveraged with nefarious intent.


Notably, however, Apple’s technology differs from the BLE technology (Bluetooth Low Energy) utilized by TraknProtect. TraknProtect’s platform, which can be leveraged both as a staff panic button and as a hotel inventory tracker, utilizes a network of BLE/Wi-Fi gateways that continuously gather real-time data from buttons and sensors to triangulate and provide accurate location of those devices in a hotel. Once a staff member issues an alert, TraknProtect’s patented proprietary software computes the data from the sensors and gateways to provide accurate location of the sensors and make it available to mobile, web, and desktop TraknProtect applications. Unlike AirTags, our staff safety buttons do not send continuous, real-time location data to TraknProtect applications unless a staff member activates them.


Our BLE-enabled platform was designed specifically for hospitality, both to reinforce and improve staff safety in the event of an emergency (such as a physical accident or assault) and to enhance operational efficiency and accountability. Moreover, our technology was developed with extensive feedback from hotel management and staff to ensure ease of use with minimal training and, perhaps more importantly, to ensure that users' personal safety and privacy cannot be compromised.


Apple also uses something called “Community GPS”. This essentially means that all the Apple ID’d cell phones are working together to track air tags so this can be super vulnerable.


The more the infrastructure (secured gateways and buttons) is designed for specific uses such as tracking hotel assets and keeping housekeepers and other employees safe, the more likely it is to offer up greater security. Nothing is 100% secure but having an industry “bespoke” platform. Developed from the ground up to be specific to the hospitality industry and a for a hotel… it’s just better.