It’s theoretical, but it’s interesting.
A pair of researchers have discovered a Bluetooth Low Energy (BLE) vulnerability that can affect Apple devices and allow for tracking and data leakage.
Researchers Johannes K. Becker and David Starobinski wrote a paper called Tracking Anonymized Bluetooth Devices. They presented it yesterday at the 19th Privacy Enhancing Technologies Symposium in Stockholm, Sweden.
The flaw allows an attacker to track a device and extract information such as the device type and other data. The vulnerability can occur when devices are paired using non-encrypted public channels to ping nearby devices. While BLE lets device manufacturers use a randomized address that changes constantly, the researchers were still able to find a way around it.
Per the paper:
“We present an address-carryover algorithm which exploits the asynchronous nature of payload and address changes to achieve tracking beyond the address randomization of a device. We furthermore identify an identity-exposing attack via a device accessory that allows permanent, non-continuous tracking, as well as an iOS side-channel which allows insights into user activity.”
The exploit can work on Apple devices and Windows 10 devices, but not Android devices at this point.
Stay tuned for additional details as they become available.
Via The Mac Observer, The Next Web, and PET Symposium