Newly discovered Bluetooth exploit tracks iOS, macOS devices

Researchers have identified a flaw in the Bluetooth communication protocol that may expose iOS, macOS, and Microsoft users to device tracking.

The vulnerability could be used to spy on users, regardless of OS protections that are in place. Currently, it is thought that this flaw affects devices with Windows 10, macOS, and iOS. Devices affected could be iPhones, iPads, MacBooks and iMacs, Apple Watches, and any Microsoft laptop or tablet. This news has come months after the news of the "Torpedo" location detection exploit.

According to ZDnet, David Starobinski and Johannes Becker, two researchers from Boston University, presented the results of their research at the 19th Privacy Enhancing Technologies Symposium in Stockholm, Sweden.

Their research shows that many Bluetooth devices will use MAC addresses when advertising their presence to prevent long-term tracking, but it's possible to circumvent the randomization of these addresses, allowing a specific device to be permanently monitored.

Identifying tokens are issued alongside MAC addresses and an algorithm developed by Boston University — called an address-carryover algorithm — is able to exploit the address. According to the research paper, "The algorithm does not require message decryption or breaking Bluetooth security in any way, as it is based entirely on public, unencrypted advertising traffic."

During their experiments, researchers tested Apple and Microsoft devices, analyzing BLE advertising channels and events within standard Bluetooth proximities. Over a period of time, advertising log files were passively collected, and from the data researchers were able to find device ID tokens.

"We identified that devices running Windows 10, iOS or macOS regularly transmit advertising events containing custom data structures which are used to enable certain platform-specific interaction with other devices within BLE range," the paper reads.

The identities can then be incorporated into an algorithm to track devices.

While iOS, macOS, and Windows 10 systems are affected, Android operating systems appear immune due to differences in handling identifying tokens.

Exploits have caused trouble for Apple in the past, including the now fixed FaceTime exploit that allowed callers to hear someones audio before they answered the call. Continued pressure from lawmakers will likely have Apple and Microsoft searching for a fix.