A security flaw has appeared in the Bluetooth protocol that, under certain circumstances, allows potential attackers to track and recognize Apple and Microsoft devices. The news about this was brought by the latest survey of Boston University.
As far as Apple devices are concerned, Macs, iPhones, iPads and the Apple Watch are potentially at risk. At Microsoft, tablets and laptops. Android devices were not affected, according to the report.
Devices with Bluetooth connectivity use public channels to announce their presence to other devices. To prevent tracking, most devices broadcast random addresses that change regularly instead of a MAC address. According to the authors of the study, however, it is possible to use an algorithm to extract identification tokens that enable device tracking.
The algorithm does not require decryption of messages, nor does it break Bluetooth security in any way, as it is based entirely on public and unencrypted communication. With the help of the described method, it is possible to reveal the identity of the device, monitor it continuously, and in the case of iOS, it is also possible to monitor the user's activity.
iOS and macOS devices have two identification tokens that change at different intervals. Token values are synchronized with addresses in many cases. However, in some cases the token change does not occur at the same time, which allows the transfer algorithm to identify the next random address.
Android phones and tablets do not use the same approach as devices from Apple or Microsoft and are therefore immune to the aforementioned tracking methods. At this time, it is unclear if any Bluetooth attacks have already occurred.
A Boston University research report includes several recommendations on how to protect yourself from vulnerabilities. It can also be assumed that Apple will soon implement the necessary security measures through a software update.
Source: ZDNet, pets symposium [PDF]
A bag of so-called errors has been torn open - I could ask someone to hack me and show proof of a real breakthrough and not just on a theoretical level that it is possible (but realistically 5 people in the world can do it)