Bluetooth Low Energy Flaw Affects Apple Devices

Bluetooth icon

Researchers have discovered a Bluetooth Low Energy (BLE) flaw that affects Apple devices and expose them to tracking and data leakage (via The Next Web).

Bluetooth Low Energy Flaw

Researchers Johannes K. Becker and David Starobinski wrote a paper [PDF] called Tracking Anonymized Bluetooth Devices. They presented it yesterday at the 19th Privacy Enhancing Technologies Symposium in Stockholm, Sweden.

The flaw lets an attacker track a device and extract information like device type or other data. BLE pairs devices by using non-encrypted public channels to ping nearby devices. Although BLE lets device manufacturers use a randomized address that changes constantly, the researchers were still able to find a way around it.

We present an address-carryover algorithm which exploits the asynchronous nature of payload and address changes to achieve tracking beyond the address randomization of a device. We furthermore identify an identity-exposing attack via a device accessory that allows permanent, non-continuous tracking, as well as an iOS side-channel which allows insights into user activity.

Their technique works on Apple devices and Windows 10 devices, but not Android. It sounds like it works onĀ all iOS and macOS devices regardless of OS version.

Further Reading:

[Israeli Hacker Steals $1.7 Million in Cryptocurrency]

[Chuck Schumer Calls For Investigation into FaceApp]

One thought on “Bluetooth Low Energy Flaw Affects Apple Devices

  • Wired is king for EVERYTHING. Everything is always better wired, wenever possible, or course. That includes not only speakers, but also Ethernet vs WiFi, wired vs wireless keyboard and mouse, etc. It is a pain in the back to recharge batteries, they waste and last shorter and shorter periods of time, they are dangerous (can explode, get fire, etc), they have a huge negative impact on the environment and you cannot use the device without batteries.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.