A new bug allows Apple devices to be tracked via Bluetooth

22. 7. 2019

A security flaw has appeared in the Bluetooth protocol that, under certain circumstances, allows potential attackers to track and recognize Apple and Microsoft devices. The news about this was brought by the latest survey of Boston University.

As far as Apple devices are concerned, Macs, iPhones, iPads and the Apple Watch are potentially at risk. At Microsoft, tablets and laptops. Android devices were not affected, according to the report.

Devices with Bluetooth connectivity use public channels to announce their presence to other devices. To prevent tracking, most devices broadcast random addresses that change regularly instead of a MAC address. According to the authors of the study, however, it is possible to use an algorithm to extract identification tokens that enable device tracking.

The algorithm does not require decryption of messages, nor does it break Bluetooth security in any way, as it is based entirely on public and unencrypted communication. With the help of the described method, it is possible to reveal the identity of the device, monitor it continuously, and in the case of iOS, it is also possible to monitor the user's activity.

iOS and macOS devices have two identification tokens that change at different intervals. Token values are synchronized with addresses in many cases. However, in some cases the token change does not occur at the same time, which allows the transfer algorithm to identify the next random address.

It could be interest you

Tutorials macOS tutorials

The hidden menu in macOS will help you solve all your Bluetooth problems

Patrik Siwek

Android phones and tablets do not use the same approach as devices from Apple or Microsoft and are therefore immune to the aforementioned tracking methods. At this time, it is unclear if any Bluetooth attacks have already occurred.

A Boston University research report includes several recommendations on how to protect yourself from vulnerabilities. It can also be assumed that Apple will soon implement the necessary security measures through a software update.

Source: ZDNet, pets symposium [PDF]

Topics: algorithm, Bluetooth, Microsoft, Android, Apple Watch, MacOS, Mac, phone, iOS, iPhone

Discussion of the article

Daniel

22. 7. 2019 18:51

A bag of so-called errors has been torn open - I could ask someone to hack me and show proof of a real breakthrough and not just on a theoretical level that it is possible (but realistically 5 people in the world can do it)

Your name

Your comment

By filling in the above data, I acknowledge that the company TEXT FACTORY s.r.o., registered office in Brno, Durďákova 336/29, Černá Pole, ZIP code: 613 00, ID number: 06157831, registered at the Regional Court in Brno, section C, insert 100399, will process my personal data provided in the registration form filled out by me on the basis of the legitimate interests of TEXT FACTORY s.r.o. according to Article 6 paragraph 1 letter f) GDPR and to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR), for the following purposes: the necessity to ensure the authorization of visitors to websites operated by TEXT FACTORY s.r.o. to actively contribute to published articles or within discussion forums and exercising the rights of TEXT FACTORY s.r.o. as the administrator of these discussion forums. More information about the processing of personal data and rights can be found in Lessons on personal data protection. the entire text

It could be interest you

It could be interest you

Related