Enlarge / German airline Lufthansa decided, 17 months after their release, that AirTags in checked luggage could be considered "dangerous goods" under battery and transmission rules that didn't seem to actually apply to the tiny coin-battery devices. (credit: Getty Images)

It was a strange fate that Lufthansa and its customers should suffer so much fear and doubt for something as small as an Apple AirTag.

But suffer they did, because the German airline Lufthansa, seemingly misreading an International Civil Aviation Organization (ICAO) regulation, positioned itself this week as the only major airline banning people from tracking their checked luggage with AirTags. A representative for the company tweeted Saturday that it was "banning activated AirTags," following up Sunday that it was concerned the tiny CR2032 coin batteries and Bluetooth Low Energy (BLE) transmitters in Apple's tracking devices could be considered " dangerous goods" under ICAO rules.

Outcry, close reading of the relevant sections ( part 2, section C ) of ICAO guidelines, and accusations of ulterior motives immediately followed. AppleInsider noted that the regulations are meant for lithium-ion batteries that could be accidentally activated; AirTag batteries are not lithium-ion, are encased, and are commonly used in watches, which have not been banned by any airline. The site also spoke with "multiple international aviation experts" who saw no such ban in ICAO regulations. One expert told the site the ban was "a way to stop Lufthansa from being embarrassed by lost luggage."

Enlarge (credit: Getty Images)

When you use your phone to unlock a Tesla, the device and the car use Bluetooth signals to measure their proximity to each other. Move close to the car with the phone in hand, and the door automatically unlocks. Move away, and it locks. This proximity authentication works on the assumption that the key stored on the phone can only be transmitted when the locked device is within Bluetooth range.

Now, a researcher has devised a hack that allows him to unlock millions of Teslas—and countless other devices—even when the authenticating phone or key fob is hundreds of yards or miles away. The hack, which exploits weaknesses in the Bluetooth Low Energy standard adhered to by thousands of device makers, can be used to unlock doors, open and operate vehicles, and gain unauthorized access to a host of laptops and other security-sensitive devices.

When convenience comes back to bite us

“Hacking into a car from hundreds of miles away tangibly demonstrates how our connected world opens us up to threats from the other side of the country—and sometimes even the other side of the world,” Sultan Qasim Khan, a principal security consultant and researcher at security firm NCC Group, told Ars. “This research circumvents typical countermeasures against remote adversarial vehicle unlocking and changes the way we need to think about the security of Bluetooth Low Energy communications.”