A researcher has discovered a vulnerability in the way that Bluetooth communication protocols work that could allow an attacker to spy on certain devices. The flaw affects iPhones, iPads, Apple Watches, and Microsoft tablets and laptops and can be used to collect user locations and ID’s despite the built-in protections. Many Bluetooth devices use Media Access Control (MAC), specifically Windows 10 and iOS operating systems, to advertise their presence and to prevent long-term tracking. However, this feature can be abused to work around the randomization of the MAC address to permanently monitor specific devices. The researcher was successful in exploiting this flaw by creating a new algorithm that can “exploit the asynchronous nature of payload and address changes to achieve tracking beyond the address randomization of a device.” This algorithm does not require message decryption or breaking of the security protocols as it is based entirely on the public unencrypted advertising traffic. During the research experiment, a testbed of devices was set up and they were able to collect the advertising files, log files and elicit data structures that showed device tokens.
Analyst Notes
With this research being new, manufacturers have yet to release an update into the Bluetooth Communication system. Users are advised to turn off the Bluetooth feature of their devices when not in use.
