cs.CRcs.CY

A Relay a Day Keeps the AirTag Away: Practical Relay Attacks on Apple's AirTags

Gabriel K. Gegenhuber, Leonid Liadveikin, Florian Holzbauer, Sebastian Strobl

Apr 11, 2026(revised Apr 14, 2026)

AI Summarygemma4:e4b

This paper demonstrates that a relay attack can exploit the privacy-preserving design of Apple's Find My network to inject false location reports, thereby misleading users about a lost AirTag's actual position or causing a denial of service.

Abstract

More Like This

Apple AirTags use Apple's Find My network: when nearby iDevices detect a lost tag, they anonymously forward an encrypted location report to Apple, which the tag's owner can then fetch to locate the item. That encryption protects privacy -- neither the finder nor Apple learns the owner's identity -- but it also prevents Apple from validating the correctness of received reports. We show that this design weakness can be exploited: using a relay attack, we can inject manipulated location reports so the Find My service reports a false position for a lost AirTag. The same technique can be used to deny recovery of a targeted tag (a focused DoS), since the owner is misled about its whereabouts.