A young tech enthusiast in India bought a pair of AirPods Pro 2 for his deaf grandmother because he knew the device had a hearing aid feature. However, he quickly discovered that the feature was geo-blocked in India due to regulatory restrictions.

Instead of giving up, however, Rithwik Jayasimha and fellow tech enthusiasts Lagrange Point built a Faraday cage and used microwaves to spoof the location and unlock the hearing aid feature on the headphones.

According to the group, the cheapest hearing aid in India costs over 6,000 rupees, which is beyond the reach of most users. On the other hand, the AirPods Pro 2 are half the price of the cheapest hearing aid, at around 3,000 rupees, making them a great alternative for people with hearing problems. However, to use the earbuds as hearing aids, you need to be in a country where Apple has not geo-blocked the feature, running iOS or iPadOS 18.1 or later, have AirPods Pro 2, and make sure they are running firmware 7B19 or later.

While Jayasimha had all the hardware and software needed to set up the AirPods Pro 2 as hearing aids, due to geography, they needed to set up the location of the AirPods in a location outside of India. This was easier said than done, as even though they spoofed the IP location and language of the iPad used to set up the headphones, the device still knew it was located in India.

After several rounds of testing, one of the team discovered that the iPad uses the SSID and MAC address that the routers (Wi-Fi modems) around it broadcast to determine its geographic location. So even if the iPad has no cellular network and GPS is turned off, it can still accurately locate the area it is in.

The team decided to place the iPad and an ESP32 board, which simulates the environment of hundreds of Wi-Fi SSIDs located in Menlo Park, California, in a makeshift Faraday cage (a cardboard box lined with aluminum foil). Underneath, they placed a microwave oven running at full power to disrupt and jam any 2.4G Wi-Fi signals in the vicinity.

The microwave was turned on at high power to emit strong electromagnetic waves in the 2.4 GHz band – the same frequency as Wi-Fi. These waves can interfere with and disrupt local Wi-Fi signals, allowing the team to prevent the iPad from detecting real surrounding Wi-Fi signals and only recognize fake SSIDs from the ESP32 board.

This way, the iPad only receives fake SSIDs from the ESP32 board and cannot detect real Wi-Fi networks in India, fooling it into believing it is in Menlo Park, California, USA.

They then ran a script on the MacBook that instructed the iPad to reboot and turn on its Wi-Fi antenna five minutes later. The first few attempts failed, requiring the team to adjust the Faraday cage, microwave, and reboot. But finally, after about three hours of fiddling, the Mac Console reported that the iPad was showing up as being in the United States. With that result, the team pulled the iPad out of the Faraday cage, connected the AirPods to the device, and the Hearing Aid setup process popped up on the screen. They had succeeded.

After the iPad was removed from the Faraday cage, it was still fooled because it had “remembered” the fake SSIDs and MAC addresses of the Wi-Fi networks broadcast by the ESP32. During its time in the Faraday cage, the iPad retained this information and thought it was in Menlo Park, California, because it did not recognize the real Wi-Fi networks around it.

Apple's location database stores Wi-Fi information to locate the device, and when the iPad receives simulated Wi-Fi networks from the ESP32, it syncs this data as if it were the real network in Menlo Park. After leaving the Faraday cage, the iPad doesn't automatically update its location immediately, but instead uses the fake SSID and MAC address data it has recorded.

Once setup is complete and features are enabled, if the AirPods are disconnected from the iPad, they will retain these settings and will not automatically recheck their location. As long as the AirPods are not reset or connected to another device that requires location verification, they will continue to function as if they were in the US.

After figuring out the process, the team repeated it a few more times and built a more stable Faraday cage. Now that they had the hang of it, they started a hearing aid unlocking service at Lagrange Point so that anyone in the Bengaluru area could benefit from the feature.