loader gif

Security flaw in Bluetooth communication protocol puts iOS and Windows 10 devices at risk

bluetooth, symbol, key, light, icon, button, computer graphic, white, hardware, shadow, digital, technology, computer, connection, computing, pc, input device, electronic, keyboard, connectivity, digitally generated
  • The Bluetooth vulnerability affects iPhones, iPads, Apple Watch models and Microsoft tablets & laptops.
  • The flaw can be used to spy on users’ devices and collect their locations and IDs despite the native OS protections.

A flaw in the Bluetooth communication protocol can allow attackers to eavesdrop on users’ devices. The flaw impacts machines running on Windows 10 and iOS operating systems.

What is the flaw?

In a research paper titled Tracking Anonymized Bluetooth Devices, researchers David Starobinski and Johannes Becker have revealed that the Bluetooth vulnerability affects iPhones, iPads, Apple Watch models, and Microsoft tablets and laptops. The flaw can be used to spy on users’ devices and collect their locations and IDs despite the native OS protections.

According to researchers, many Bluetooth devices use MAC addresses while advertising their presence to prevent long-term tracking. However, this feature can be abused to circumvent the randomization of these addresses to permanently monitor a specific device.

The researchers had successfully managed to exploit the thing by creating a new algorithm called an address-carryover algorithm. The algorithm is able to "exploit the asynchronous nature of payload and address changes to achieve tracking beyond the address randomization of a device."

"The algorithm does not require message decryption or breaking Bluetooth security in any way, as it is based entirely on public, unencrypted advertising traffic," the research paper reads.

Worth noting

During the experiment, the researchers had set up a testbed of Apple and Microsoft devices to analyze BLE advertising channels. Over a period of time, they had managed to collect advertising files and log files. They were also able to gather elicit data structures which revealed device ID tokens.

loader gif