NEWS
Bluetooth Vulnerability Could Allow iOS and macOS Devices Be Tracked and Identified
1597
2019-07-19
Posted by 3uTools

A security vulnerability in the Bluetooth communication protocol has the potential to allow malicious actors to track and identify devices from Apple and Microsoft, according to new research from Boston University that was highlighted by ZDNet. 

Apple devices including Macs, iPhones, iPads, and the Apple Watch are impacted, as are Microsoft tablets and laptops. Android devices are not affected. 

Bluetooth Vulnerability Could Allow iOS and macOS Devices Be Tracked and Identified
As outlined in the research paper [PDF], Bluetooth devices use public channels to announce their presence to other devices. 

To prevent tracking, most devices broadcast a randomized address that periodically changes rather than a Media Access Control (MAC) address, but the researchers have found that it is possible to extract identifying tokens that allow a device to be tracked even when this randomized address changes by exploiting the address-carryover algorithm.


We present an online algorithm called the address-carryover algorithm, which exploits the fact that identifying tokens and the random address do not change in sync, to continuously track a device despite implementing anonymization measures. To our knowledge, this approach affects all Windows 10, iOS, and macOS devices. 


The algorithm does not require message decryption or breaking Bluetooth security in any way, as it is based entirely on public, unencrypted advertising traffic.


The tracking method explained in the research paper has the potential to allow for an identity-exposing attack that allows for "permanent, non-continuous tracking," plus an iOS side-channel that "allows insights into user activity."


iOS or macOS devices have two identifying tokens (nearby, handoff) which change in different intervals. In many cases, the values of the identifying tokens change in sync with the address. However, in some cases the token change does not happen in the same moment, which allows the carry-over algorithm to identify the next random address.


Android devices do not use the same advertising approach as Microsoft and Apple, and are immune to the data tracking methods used by the researchers. 

It's not clear if the method described has been used by any bad actors for the purpose of tracking Apple devices using Bluetooth, but it would be undetectable as it does not require breaking Bluetooth security. The research paper contains several recommendations on how to mitigate the tracking vulnerability, and Apple is often quick to patch any security issues that come up, so we could see a fix for this problem in the near future.


Source: MacRumors

Related Articles
EFF Calls Apple’s Bluetooth and Wi-Fi Control Center Toggles Bad User Security Apple Submits Third Model of Mystery 'Wireless Device' With Bluetooth & NFC To FCC iPod Controls Albany Med Patient's Deep-brain Stimulation Device Bluetooth and Wi-Fi Aren't Fully Disabled When Toggled Off in Control Center on iOS 11 Apple Again Seeks FCC Approval for Mysterious 'Wireless Device' With Bluetooth and NFC Latest iOS 11.2 Beta Clarifies that Control Center Doesn't Fully Disable Wi-Fi and Bluetooth Israeli Security Firm Claims Spyware Tool Can Harvest iCloud Data in Targeted iPhone Attack Apple Explains How to Connect and Use a Bluetooth Mouse or Trackpad With iPad