Bluetooth exploit can track and identify iOS, Microsoft mobile device users

Bluetooth exploit can track and identify iOS, Microsoft mobile device users 1

A flaw in the Bluetooth communication protocol may expose modern device users to tracking and could leak their ID, researchers claim. 

The vulnerability can be used to spy on users despite native OS protections that are in place and impacts Bluetooth devices on Windows 10, iOS, and macOS machines. This includes iPhones, iPads, Apple Watch models, MacBooks, and Microsoft tablets & laptops. 

On Wednesday, researchers from Boston University David Starobinski and Johannes Becker presented the results of their research at the 19th Privacy Enhancing Technologies Symposium, taking place in Stockholm, Sweden.

According to the research paper, Tracking Anonymized Bluetooth Devices (.PDF), many Bluetooth devices will use MAC addresses when advertising their presence to prevent long-term tracking, but the team found that it is possible to circumvent the randomization of these addresses to permanently monitor a specific device. 

Identifying tokens are usually in place alongside MAC addresses and a new algorithm developed by Boston University, called an address-carryover algorithm, is able to “exploit the asynchronous nature of payload and address changes to achieve tracking beyond the address randomization of a device.”

“The algorithm does not require message decryption or breaking Bluetooth security in any way, as it is based entirely on public, unencrypted advertising traffic,” the paper reads. 

See also: Singtel will give free mobile data to people that walk

The Bluetooth low-energy specification, introduced in 2010 and used in Bluetooth 5, is the main focus of the research. During their experiments, the researchers set up a testbed of Apple and Microsoft devices to analyze BLE advertising channels and “advertising events” within standard Bluetooth proximities. 

To conduct the tests, a custom version of Xianjun Jiao’s BTLE software suite and sniffer was used. Over a period of time, advertising events and log files were passively collected and this information was analyzed to elicit data structures which revealed device ID tokens. 

CNET: WhatsApp, Telegram had security flaws that let hackers change what you see

“Most computer and smartphone operating systems do implement address randomizations by default as a means to prevent long-term passive tracking, as permanent identifiers are not broadcasted,” the paper reads. “However, we identified that devices running Windows 10, iOS or macOS regularly transmit advertising events containing custom data structures which are used to enable certain platform-specific interaction with other devices within BLE range.”

It is these identifiers which can be incorporated into an algorithm to track devices and circumvent address randomization by giving attackers data which the researchers call “a temporary, secondary pseudo-identity.” 

TechRepublic: Top 5 cybersecurity challenges for CISOs

While this technique works on Windows, iOS, and macOS systems, the Android operating system is immune as the OS does not continually send out advertising messages. Instead, the Android SDK scans for advertising nearby — rather than advertising itself in a continuous fashion. 

“Any device which regularly advertises data containing suitable advertising tokens will be vulnerable to the carry-over algorithm if it does not change all of its identifying tokens in sync with the advertising address,” the researchers say. “As Bluetooth adoption is projected to grow from 4.2 to 5.2 billion devices between 2019 and 2022 […] establishing tracking-resistant methods, especially on unencrypted communication channels, is of paramount importance.”

ZDNet has reached out to Microsoft and Apple and will update if we hear back. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

Crypto casinos
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin48,116 0.08 % 2.88 % 15.94 %
Ethereum3,996.2 1.57 % 5.30 % 6.85 %
Binance Coin551.09 2.42 % 4.70 % 9.87 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Solana182.32 1.30 % 9.05 % 9.05 %
Cardano1.300 0.31 % 6.56 % 18.21 %
USD Coin1.000 0.14 % 0.20 % 0.17 %
XRP0.7718 0.15 % 8.17 % 20.17 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Terra62.64 1.19 % 15.08 % 25.35 %

Bitcoin (BTC) $ 49,073.00
Ethereum (ETH) $ 4,113.51
Binance Coin (BNB) $ 560.37
Tether (USDT) $ 1.01
Solana (SOL) $ 187.46
Cardano (ADA) $ 1.33
USD Coin (USDC) $ 0.998863
XRP (XRP) $ 0.791303
Polkadot (DOT) $ 26.84
Terra (LUNA) $ 64.96