Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,972
17,352



A security vulnerability in the Bluetooth communication protocol has the potential to allow malicious actors to track and identify devices from Apple and Microsoft, according to new research from Boston University that was highlighted by ZDNet.

Apple devices including Macs, iPhones, iPads, and the Apple Watch are impacted, as are Microsoft tablets and laptops. Android devices are not affected.

appledevicesbluetooth-800x454.jpg

As outlined in the research paper [PDF], Bluetooth devices use public channels to announce their presence to other devices.

To prevent tracking, most devices broadcast a randomized address that periodically changes rather than a Media Access Control (MAC) address, but the researchers have found that it is possible to extract identifying tokens that allow a device to be tracked even when this randomized address changes by exploiting the address-carryover algorithm.
We present an online algorithm called the address-carryover algorithm, which exploits the fact that identifying tokens and the random address do not change in sync, to continuously track a device despite implementing anonymization measures. To our knowledge, this approach affects all Windows 10, iOS, and macOS devices.

The algorithm does not require message decryption or breaking Bluetooth security in any way, as it is based entirely on public, unencrypted advertising traffic.
The tracking method explained in the research paper has the potential to allow for an identity-exposing attack that allows for "permanent, non-continuous tracking," plus an iOS side-channel that "allows insights into user activity."
iOS or macOS devices have two identifying tokens (nearby, handoff) which change in different intervals. In many cases, the values of the identifying tokens change in sync with the address. However, in some cases the token change does not happen in the same moment, which allows the carry-over algorithm to identify the next random address.
Android devices do not use the same advertising approach as Microsoft and Apple, and are immune to the data tracking methods used by the researchers.

It's not clear if the method described has been used by any bad actors for the purpose of tracking Apple devices using Bluetooth, but it would be undetectable as it does not require breaking Bluetooth security. The research paper contains several recommendations on how to mitigate the tracking vulnerability, and Apple is often quick to patch any security issues that come up, so we could see a fix for this problem in the near future.

Article Link: Bluetooth Vulnerability Could Allow iOS and macOS Devices Be Tracked and Identified
 
  • Like
Reactions: jpn

Dirtfarmer

macrumors regular
Jan 18, 2012
210
274
Demonstrably low-quality software and decreasing-quality hardware.

Meaning increased margins and increased stock price!

Karaoke web series, watch bands, Doctor Dre headsets.

The sky's the limit!

#FIRETHEACCOUNTANT
 

MauiPa

macrumors 68020
Apr 18, 2018
2,468
3,517
Demonstrably low-quality software and decreasing-quality hardware.

Meaning increased margins and increased stock price!

Karaoke web series, watch bands, Doctor Dre headsets.

The sky's the limit!

#FIRETHEACCOUNTANT


if the software is of such demonstrably low quality, it should be easy for you to prove it. let's hear your proof.

BTW: Nothing like Windows not loading on its own surface laptops, or Excel crashing while running on Windows, or...., or myriad android bugs allowing replacement of software. Fact: Bugs do exist
 

now i see it

macrumors 604
Jan 2, 2002
7,956
15,729
so much for the "Find My" app in iOS 13.
And it's comforting to know that simply turning off Bluetooth via Control Center is only temporary ... it turns itself back on (unless you really kill it via Settings).

So how many people are now gong to have to remember to axe Bluetooth permanently while out in public? Millions? Billions?

"What happens on your phone, stays on your phone*"

* until you turn Bluetooth on
 

bbeagle

macrumors 68040
Oct 19, 2010
3,449
2,740
Buffalo, NY
I am a little confused. Does this mean that if someone is following you and within bluetooth range (100 ft?), they can track you?

Non-continuous tracking.

For example, if you're in a Starbucks, you can find the 5 people (who have an iOS/MacOS device) that are sitting there's bluetooth ID .... now tape your device under a table tracking all these ids, you'll know when those 5 people return. Therefore you can 'track people' and their comings and goings by their devices. Of course, you don't know who those 5 people are, you'd have to monitor it in person, and then watch as they leave/enter to name these IDs to track person by person. (i.e. ID #1 is 'cute freckled girl', #2 is 'fat balding guy', etc)

It has been possible to track people via cell phone towers for a long time for iOS and Android devices.
 

Dirtfarmer

macrumors regular
Jan 18, 2012
210
274
if the software is of such demonstrably low quality, it should be easy for you to prove it. let's hear your proof.

BTW: Nothing like Windows not loading on its own surface laptops, or Excel crashing while running on Windows, or...., or myriad android bugs allowing replacement of software. Fact: Bugs do exist
  1. Super
  2. easy
  3. to
  4. prove:
  5. How
  6. many
  7. more
  8. do
  9. you
  10. want?

That's just from a few months; not the most major clusters from, say, the last year or two.

The world outside of your echo chamber noticed a long time ago:

quality.png
 
Last edited:

MauiPa

macrumors 68020
Apr 18, 2018
2,468
3,517
so much for the "Find My" app in iOS 13.
And it's comforting to know that simply turning off Bluetooth via Control Center is only temporary ... it turns itself back on (unless you really kill it via Settings).

So how many people are now gong to have to remember to axe Bluetooth permanently while out in public? Millions? Billions?

"What happens on your phone, stays on your phone*"

* until you turn Bluetooth on

That doesn't sound like you read the article. nothing leaves your phone, it is only a method to potentially track you, but as the tracker would have to be within bluetooth range (100 ft), not really much of an issue at all. I suppose some Government agency, could put bluetooth devices every 100 feet and check when you passed by.
 
  • Like
Reactions: AMCTheaters

JosephAW

macrumors 601
May 14, 2012
4,253
5,129
I have an app that scans all nearby Bluetooth devices and extracts information about the devices including device names.
Retailers have been tracking unique customer phones via wifi or Bluetooth. I have a radar app that scans the retailers for them.

Does this mean they will release a patch for new iOS 13 devices or will this include older iOS devices?
 
  • Like
Reactions: rp2011 and motulist

laz232

macrumors 6502a
Feb 4, 2016
678
1,325
At a café near you
What's so difficult to long press/3d touch the settings icon and then choose WiFi or bluetooth and turn it off?

Except that doesn't turn it off Apple changed that in iOS 11(?) - now it's in a disconnected-but-still-on mode. very annoying. Same problem when I travel. I use a VPN, but turn it, and wifi, off when I go to bed. If I turn Wifi "off" via control centre then it turns back on at 5am (without the VPN).

Great management on that one, Tim Cook and co...
 

dallastigers

macrumors member
Jun 23, 2003
84
19
TX
So the system not vulnerable is set up to be able to take advantage of the ones that are. Good thing it’s secure and not run by a company that makes money by collecting & using data.

“Instead, the Android SDK scans for advertising nearby -- rather than advertising itself in a continuous fashion.”

“Android devices that we tested are not affected by the address-carryover algorithm, as they do not continuously send advertising messages. This is consistent with the BLE Central role (see Section 3.1), which scans for advertising from nearby Peripheral devices instead of advertising itself.”
 
  • Like
Reactions: daavee80

Packdude

macrumors member
Apr 16, 2010
60
215
so much for the "Find My" app in iOS 13.
And it's comforting to know that simply turning off Bluetooth via Control Center is only temporary ... it turns itself back on (unless you really kill it via Settings).

So how many people are now gong to have to remember to axe Bluetooth permanently while out in public? Millions? Billions?

"What happens on your phone, stays on your phone*"

* until you turn Bluetooth on

You don't have to turn it off permanently. Simply turning it off and back on randomizes the address and breaks the tracking.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.