A Relay a Day Keeps the AirTag Away: Practical Relay Attacks on Apple's AirTags

April 11, 2026 ยท Grace Period ยท ๐Ÿ› ACSAC 2025

โณ Grace Period
This paper is less than 90 days old. We give authors time to release their code before passing judgment.
Authors Gabriel K. Gegenhuber, Leonid Liadveikin, Florian Holzbauer, Sebastian Strobl arXiv ID 2604.10138 Category cs.CR: Cryptography & Security Cross-listed cs.CY Citations 0 Venue ACSAC 2025
Abstract
Apple AirTags use Apple's Find My network: when nearby iDevices detect a lost tag, they anonymously forward an encrypted location report to Apple, which the tag's owner can then fetch to locate the item. That encryption protects privacy -- neither the finder nor Apple learns the owner's identity -- but it also prevents Apple from validating the correctness of received reports. We show that this design weakness can be exploited: using a relay attack, we can inject manipulated location reports so the Find My service reports a false position for a lost AirTag. The same technique can be used to deny recovery of a targeted tag (a focused DoS), since the owner is misled about its whereabouts.
Community shame:
Not yet rated
๐Ÿ“„ View on arXiv ๐ŸŒ View on ar5iv ๐Ÿ“‘ PDF ๐ŸŽ‰ Report Code Found
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

๐Ÿ“œ Similar Papers

In the same crypt โ€” Cryptography & Security