Bluetooth Vulnerability Could Allow iOS and macOS Devices Be Tracked and Identified

Discussion in ' News Discussion' started by MacRumors, Jul 17, 2019.

  1. MacRumors macrumors bot


    Apr 12, 2001

    A security vulnerability in the Bluetooth communication protocol has the potential to allow malicious actors to track and identify devices from Apple and Microsoft, according to new research from Boston University that was highlighted by ZDNet.

    Apple devices including Macs, iPhones, iPads, and the Apple Watch are impacted, as are Microsoft tablets and laptops. Android devices are not affected.


    As outlined in the research paper [PDF], Bluetooth devices use public channels to announce their presence to other devices.

    To prevent tracking, most devices broadcast a randomized address that periodically changes rather than a Media Access Control (MAC) address, but the researchers have found that it is possible to extract identifying tokens that allow a device to be tracked even when this randomized address changes by exploiting the address-carryover algorithm.
    The tracking method explained in the research paper has the potential to allow for an identity-exposing attack that allows for "permanent, non-continuous tracking," plus an iOS side-channel that "allows insights into user activity."
    Android devices do not use the same advertising approach as Microsoft and Apple, and are immune to the data tracking methods used by the researchers.

    It's not clear if the method described has been used by any bad actors for the purpose of tracking Apple devices using Bluetooth, but it would be undetectable as it does not require breaking Bluetooth security. The research paper contains several recommendations on how to mitigate the tracking vulnerability, and Apple is often quick to patch any security issues that come up, so we could see a fix for this problem in the near future.

    Article Link: Bluetooth Vulnerability Could Allow iOS and macOS Devices Be Tracked and Identified
  2. HenryFSU macrumors member


    Jul 8, 2015
    Orlando, FL
  3. kemal macrumors 65816


    Dec 21, 2001
  4. Crowbot macrumors 6502


    May 29, 2018
    Right, the last line is the most important part.
  5. dumastudetto macrumors 68040

    Aug 28, 2013
    I'll like to see more evidence that Android is not vulnerable.
  6. matt_and_187_like_this macrumors member

    Dec 8, 2015
    iOS 13 reveals how many apps want to access Bluetooth. Really appreciate the new controls, but I wish Apple hadn't made turning off Bluetooth and Wifi so difficult in general. Never seems to turn off completely.
  7. sinsin07 macrumors 68040

    Mar 28, 2009
    Yet you glossed over:
    It's true.
    People see what they want to see.:p:D
  8. Dirtfarmer macrumors regular

    Jan 18, 2012
    Demonstrably low-quality software and decreasing-quality hardware.

    Meaning increased margins and increased stock price!

    Karaoke web series, watch bands, Doctor Dre headsets.

    The sky's the limit!

  9. MauiPa macrumors 6502

    Apr 18, 2018
    I am a little confused. Does this mean that if someone is following you and within bluetooth range (100 ft?), they can track you?
  10. Packdude macrumors member


    Apr 16, 2010
    They knew someone else would mention it. :)
  11. MauiPa macrumors 6502

    Apr 18, 2018

    if the software is of such demonstrably low quality, it should be easy for you to prove it. let's hear your proof.

    BTW: Nothing like Windows not loading on its own surface laptops, or Excel crashing while running on Windows, or...., or myriad android bugs allowing replacement of software. Fact: Bugs do exist
  12. now i see it macrumors 68040

    Jan 2, 2002
    so much for the "Find My" app in iOS 13.
    And it's comforting to know that simply turning off Bluetooth via Control Center is only temporary ... it turns itself back on (unless you really kill it via Settings).

    So how many people are now gong to have to remember to axe Bluetooth permanently while out in public? Millions? Billions?

    "What happens on your phone, stays on your phone*"

    * until you turn Bluetooth on
  13. urgs macrumors newbie

    Jun 27, 2019
    What's so difficult to long press/3d touch the settings icon and then choose WiFi or bluetooth and turn it off?
  14. matt_and_187_like_this macrumors member

    Dec 8, 2015
    Not difficult, but annoying that it doesn't work in control center that way anymore. When I turn Wifi off I want to turn it off not "disconnect but still on".
  15. bbeagle macrumors 68040


    Oct 19, 2010
    Buffalo, NY
    Non-continuous tracking.

    For example, if you're in a Starbucks, you can find the 5 people (who have an iOS/MacOS device) that are sitting there's bluetooth ID .... now tape your device under a table tracking all these ids, you'll know when those 5 people return. Therefore you can 'track people' and their comings and goings by their devices. Of course, you don't know who those 5 people are, you'd have to monitor it in person, and then watch as they leave/enter to name these IDs to track person by person. (i.e. ID #1 is 'cute freckled girl', #2 is 'fat balding guy', etc)

    It has been possible to track people via cell phone towers for a long time for iOS and Android devices.
  16. Dirtfarmer, Jul 17, 2019
    Last edited: Jul 17, 2019

    Dirtfarmer macrumors regular

    Jan 18, 2012
    1. Super
    2. easy
    3. to
    4. prove:
    5. How
    6. many
    7. more
    8. do
    9. you
    10. want?

    That's just from a few months; not the most major clusters from, say, the last year or two.

    The world outside of your echo chamber noticed a long time ago:

  17. MauiPa macrumors 6502

    Apr 18, 2018
    That doesn't sound like you read the article. nothing leaves your phone, it is only a method to potentially track you, but as the tracker would have to be within bluetooth range (100 ft), not really much of an issue at all. I suppose some Government agency, could put bluetooth devices every 100 feet and check when you passed by.
  18. JosephAW macrumors 68020


    May 14, 2012
    I have an app that scans all nearby Bluetooth devices and extracts information about the devices including device names.
    Retailers have been tracking unique customer phones via wifi or Bluetooth. I have a radar app that scans the retailers for them.

    Does this mean they will release a patch for new iOS 13 devices or will this include older iOS devices?
  19. Swift macrumors 68000


    Feb 18, 2003
    Los Angeles
    Let's see, how many serious flaws have been found in Android?
  20. imnotthewalrus macrumors regular


    Nov 20, 2015
    Right back atcha.
  21. Superhai macrumors 6502


    Apr 21, 2010
    Tracking Bluetooth devices is nothing new, and hard to avoid. The difference here is the ability to figure out the exact device continuously even if it doesn’t announce identifying information.
  22. ka-spot macrumors 6502a

    May 23, 2012
    Sofia, Bulgaria
  23. laz232 macrumors 6502

    Feb 4, 2016
    At a café near you
    Except that doesn't turn it off Apple changed that in iOS 11(?) - now it's in a disconnected-but-still-on mode. very annoying. Same problem when I travel. I use a VPN, but turn it, and wifi, off when I go to bed. If I turn Wifi "off" via control centre then it turns back on at 5am (without the VPN).

    Great management on that one, Tim Cook and co...
  24. dallastigers macrumors newbie

    Jun 23, 2003
    So the system not vulnerable is set up to be able to take advantage of the ones that are. Good thing it’s secure and not run by a company that makes money by collecting & using data.

    “Instead, the Android SDK scans for advertising nearby -- rather than advertising itself in a continuous fashion.”

    “Android devices that we tested are not affected by the address-carryover algorithm, as they do not continuously send advertising messages. This is consistent with the BLE Central role (see Section 3.1), which scans for advertising from nearby Peripheral devices instead of advertising itself.”
  25. Packdude macrumors member


    Apr 16, 2010
    You don't have to turn it off permanently. Simply turning it off and back on randomizes the address and breaks the tracking.

Share This Page

119 July 17, 2019