Bluetooth Vulnerability Could Allow iOS and macOS Devices Be Tracked and Identified

by

A security vulnerability in the Bluetooth communication protocol has the potential to allow malicious actors to track and identify devices from Apple and Microsoft, according to new research from Boston University that was highlighted by ZDNet.

Apple devices including Macs, iPhones, iPads, and the Apple Watch are impacted, as are Microsoft tablets and laptops. Android devices are not affected.

appledevicesbluetooth
As outlined in the research paper [PDF], Bluetooth devices use public channels to announce their presence to other devices.

To prevent tracking, most devices broadcast a randomized address that periodically changes rather than a Media Access Control (MAC) address, but the researchers have found that it is possible to extract identifying tokens that allow a device to be tracked even when this randomized address changes by exploiting the address-carryover algorithm.

We present an online algorithm called the address-carryover algorithm, which exploits the fact that identifying tokens and the random address do not change in sync, to continuously track a device despite implementing anonymization measures. To our knowledge, this approach affects all Windows 10, iOS, and macOS devices.

The algorithm does not require message decryption or breaking Bluetooth security in any way, as it is based entirely on public, unencrypted advertising traffic.

The tracking method explained in the research paper has the potential to allow for an identity-exposing attack that allows for "permanent, non-continuous tracking," plus an iOS side-channel that "allows insights into user activity."

iOS or macOS devices have two identifying tokens (nearby, handoff) which change in different intervals. In many cases, the values of the identifying tokens change in sync with the address. However, in some cases the token change does not happen in the same moment, which allows the carry-over algorithm to identify the next random address.

Android devices do not use the same advertising approach as Microsoft and Apple, and are immune to the data tracking methods used by the researchers.

It's not clear if the method described has been used by any bad actors for the purpose of tracking Apple devices using Bluetooth, but it would be undetectable as it does not require breaking Bluetooth security. The research paper contains several recommendations on how to mitigate the tracking vulnerability, and Apple is often quick to patch any security issues that come up, so we could see a fix for this problem in the near future.

Tag: Bluetooth

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
Read Full Article139 comments
iPhone 17 Plus Feature

iPhone 17 Lineup Specs Detail Display Upgrade and New High-End Model

Monday July 22, 2024 4:33 am PDT by
Key details about the overall specifications of the iPhone 17 lineup have been shared by the leaker known as "Ice Universe," clarifying several important aspects of next year's devices. Reports in recent months have converged in agreement that Apple will discontinue the "Plus" iPhone model in 2025 while introducing an all-new iPhone 17 "Slim" model as an even more high-end option sitting...
Read Full Article139 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article129 comments
Apple TV Plus Feature 2 Magenta and Blue

Apple TV+ Curbs Costs After Expensive Projects Fail to Capture Viewers

Monday July 22, 2024 5:11 am PDT by
Apple is scaling back its Hollywood spending after investing over $20 billion in original programming with limited success, Bloomberg reports. This shift comes after the streaming service, which launched in 2019, struggled to capture a significant share of the market, accounting for only 0.2% of TV viewership in the U.S., compared to Netflix's 8%. Despite heavy investment, critical acclaim,...
Read Full Article305 comments
bsod

Microsoft Blames European Commission for Major Worldwide Outage

Monday July 22, 2024 11:55 am PDT by
Last Friday, a major CrowdStrike outage impacted PCs running Microsoft Windows, causing worldwide issues affecting airlines, retailers, banks, hospitals, rail networks, and more. Computers were stuck in continuous recovery loops, rendering them unusable. The failure was caused by an update to the CrowdStrike Falcon antivirus software that auto-installed on Windows 10 PCs, but Mac and Linux...
Read Full Article252 comments

Top Rated Comments

Dirtfarmer Avatar
Dirtfarmer
66 months ago
if the software is of such demonstrably low quality, it should be easy for you to prove it. let's hear your proof.

BTW: Nothing like Windows not loading on its own surface laptops, or Excel crashing while running on Windows, or...., or myriad android bugs allowing replacement of software. Fact: Bugs do exist
[LIST=1]
* Super ('https://apple.slashdot.org/story/19/07/11/151241/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-eavesdropping')
* easy ('https://it.slashdot.org/story/19/07/11/0423244/apple-pushes-a-silent-mac-update-to-remove-hidden-zoom-web-serverhttps://it.slashdot.org/story/19/07/09/0521212/serious-zoom-security-flaw-could-let-websites-hijack-mac-cameras')
* to ('https://it.slashdot.org/story/19/06/29/0651212/new-mac-malware-abuses-recently-disclosed-gatekeeper-zero-day')
* prove ('https://apple.slashdot.org/story/19/06/15/0450239/cellebrite-says-it-can-unlock-any-iphone-for-cops'):
* How ('https://apple.slashdot.org/story/19/06/03/1957213/apple-finally-kills-itunes')
* many ('https://apple.slashdot.org/story/19/05/14/1938252/its-almost-impossible-to-tell-if-your-iphone-has-been-hacked')
* more ('https://it.slashdot.org/story/19/04/08/221253/exodus-spyware-found-targeting-apple-ios-users')
* do ('https://apple.slashdot.org/story/19/03/29/173216/macos-10144-mail-client-has-broken-gmail-access-for-some-users')
* you ('https://apple.slashdot.org/story/19/02/19/1722240/apples-newest-macs-seem-to-have-a-serious-audio-bug')
* want ('https://apple.slashdot.org/story/19/02/07/2046203/apple-releases-iphone-update-to-fix-group-facetime-eavesdropping-bug')?


That's just from a few months; not the most major clusters from, say, the last year or two.

The world outside of your echo chamber noticed a long time ago:

Score: 17 Votes (Like | Disagree)
matt_and_187_like_this Avatar
matt_and_187_like_this
66 months ago
What's so difficult to long press/3d touch the settings icon and then choose WiFi or bluetooth and turn it off?
Not difficult, but annoying that it doesn't work in control center that way anymore. When I turn Wifi off I want to turn it off not "disconnect but still on".
Score: 11 Votes (Like | Disagree)
bbeagle Avatar
bbeagle
66 months ago
I am a little confused. Does this mean that if someone is following you and within bluetooth range (100 ft?), they can track you?
Non-continuous tracking.

For example, if you're in a Starbucks, you can find the 5 people (who have an iOS/MacOS device) that are sitting there's bluetooth ID .... now tape your device under a table tracking all these ids, you'll know when those 5 people return. Therefore you can 'track people' and their comings and goings by their devices. Of course, you don't know who those 5 people are, you'd have to monitor it in person, and then watch as they leave/enter to name these IDs to track person by person. (i.e. ID #1 is 'cute freckled girl', #2 is 'fat balding guy', etc)

It has been possible to track people via cell phone towers for a long time for iOS and Android devices.
Score: 10 Votes (Like | Disagree)
laz232 Avatar
laz232
66 months ago
What's so difficult to long press/3d touch the settings icon and then choose WiFi or bluetooth and turn it off?
Except that doesn't turn it off Apple changed that in iOS 11(?) - now it's in a disconnected-but-still-on mode. very annoying. Same problem when I travel. I use a VPN, but turn it, and wifi, off when I go to bed. If I turn Wifi "off" via control centre then it turns back on at 5am (without the VPN).

Great management on that one, Tim Cook and co...
Score: 8 Votes (Like | Disagree)
matt_and_187_like_this Avatar
matt_and_187_like_this
66 months ago
iOS 13 reveals how many apps want to access Bluetooth. Really appreciate the new controls, but I wish Apple hadn't made turning off Bluetooth and Wifi so difficult in general. Never seems to turn off completely.
Score: 8 Votes (Like | Disagree)
MauiPa Avatar
MauiPa
66 months ago
Demonstrably low-quality software and decreasing-quality hardware.

Meaning increased margins and increased stock price!

Karaoke web series, watch bands, Doctor Dre headsets.

The sky's the limit!

#FIRETHEACCOUNTANT
if the software is of such demonstrably low quality, it should be easy for you to prove it. let's hear your proof.

BTW: Nothing like Windows not loading on its own surface laptops, or Excel crashing while running on Windows, or...., or myriad android bugs allowing replacement of software. Fact: Bugs do exist
Score: 8 Votes (Like | Disagree)
Read All Comments