Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Bluetooth Vulnerability Could Allow iOS and macOS Devices Be Tracked and Identified
- Thread starter MacRumors
- Start date
- Sort by reaction score
That's true. It's why I said I hope they fix the glitch.
I'm no fan of the "I have nothing to hide" nonsense. I ditched Facebook the first time they updated their privacy terms and I read the new one.
By now if we're not all a bunch of data layer-cakes created by one after another massive data breach, it's only by iterations of sheer random luck. That won't change because corporations want ability to conduct their business at will much, much more than they want the inconveniences of having seriously locked-down "data security". They pay for enough security to be able to cover their legal behinds, they hope, and no more.
I know this because I used to work in data security and often enough got told by the honchos to break the rules "for a special situation" when I was supposedly hired to enforce their rules without exception. Go figure. I always figured ok I'll document the hell out of it and then I'll do it and leave my fingerprints all over the place. Just so any other admin would realize " oh so she's who they finally made pick up that wacko request last night."
We all knew we could say no until the head honcho finally woke up some hapless admin at 2am and said ya know what just do this already we have a business to run here. The magic words that leave them vulnerable. Just install this back door. Just give the guy the password and change it tomorrow. Just this, that and the other thing that paves the road for a data breach (or if one is lucky, just some application crash).
Basically because of that I spend much more time exercised over lack of appropriate rural access by this late date to even 20th century telecom than I do wondering about data breaches or whether some dude briefly parked in the road crew's turnaround site down the road is trying to hack my router so he can pick up his email on his lunch hour... we have no cell service here so it's common for people to try to find, uh.. "free WiFi" wherever they can.
None of that means I actually think it's ok for Apple to ignore a BT vulnerability, which I do think I made clear at end of my post.
For what it's worth, I don't think it about bugs as much as what has happened to packages Apple has taken over and what they've done to them, along with UI degradation. It seems there have been some really sloppy releases too, though it's hard to say how they compare to the past (as you say, there have always been bugs, problems).
How many customers they have, though, is a bit irrelevant. Once you're in the Apple eco-system, the switching cost is high (so that we keep buying doesn't mean we agree with Apple's decisions), and Apple has earned a very high brand reputation. The real question is how that looks 10, 20 years from now, not right at the moment.
The good news, is a LOT of things I was worried about in the last decade seem to be turning around a bit now. So, we'll see.
True, I'm just saying it could be a possibility. Also, with that short range, comes precision. (ie: a path through a store vs at the store)
Ahh, but it is about WHO whined and how many. Apple has long been a target of whining tech-pundits and 'industry experts', as well as the Wall Street types. But, when die-hard Apple evangelists start worrying, or there is a large outcry from the core Apple user base, that's quite a different thing.
Find me someone like me who complained when the iPod or iPhone were released. It would be hard. We loved those.
Someone here occasionally posts a link to an MR story about the iPhone release. Maybe they'll post it now. Pretty funny.
Their 2019 product matrix is a big pile of things that markedly resemble the things that other people are making.
Some are better in some ways and some are worse in some ways.
For example, the market said their digital assistant plus smart speaker ecosystem is stupid and didn't buy it. That's a hard fail.
Some were Apple's innovations originally, but have been well-copied and even improved upon by others. So now Apple is trying to catch up in certain markets that they literally invented, and therefore had huge head starts on.
The last time that was true of Apple, Scully was CEO and they had thoroughly lost their way.
#FIRETHEACCOUNTANT
Heh, yeah. My favorite is when they bring in an outside consultant to do a 'study,' which basically means no matter what the consultant comes up with, they'll have to rewrite it until it matches the outcome the powers that be would like to see happen.
Haha... Yeah... I can’t think of a reason I’d be on anyone’s radar, even the government agencies. Of course, that’s not to say I don’t deserve a fair level of privacy. Simply, I don’t feel a need to be paranoid, just reasonably cautious — sensibility.
Maybe one day I’ll be worth obsessing about? ☺️ ;-)
They are not vulnerable to THIS vulnerability.
[doublepost=1563421279][/doublepost]
Yeah or swipe up and click the bluetooth icon
THIS! I hate this, and I think from a user perspective this is not justifiable and inexcusable. There's no reason why Bluetooth should be switched to hidden-but-on instead of switching it off. And worse, on the iPhone X you can't even see whether your VPN I still active, because there's not enough space anymore due to the frigging notch!
To be completely honest, I like that new behaviour. As someone who is kinda responsible for all tech things around my people, I get crazy if they disable WiFi and/or Bluetooth ("to save battery life hurr durr") and they're complaining for instance that AirDrop does not work. More and more things are done via WiFi and BT; not to mention that WiFi supports GPS in accuracy. So for me the "pausing" is completely fine as everything works as expectedIt isn't that it is all that hard or tedious, but just a shame to take one step forward, then three back. Once upon a time, CC was actually useful for this kind of stuff. Apple giveth, Apple taketh away.
First, the guy you guys replied to suggested to long press the settings icon and thus actually turning Bluetooth off. You are replying to someone who replied to something he didn’t read.
Second, of course there is a reason for it. What, you think they just did it for fun? What the button does is disconnect from any currently connected Bluetooth devices (except Apple Watch and similar), which is very useful (especially for people with apple watches). The WiFi button does the same, disconnects from the current network without disabling WiFi. Those buttons fit my, and I bet many others, use cases perfectly.
There is rarely any need to turn those radios off entirely, unless you’re paranoid or really scared over something like mentioned in this article.
The effect of this is marginal at best. You have to stay in range of whatever's tracking you. If you stay outside the range too long both identifiers reset, and you're anonymous again.
Really, they're tracking you on the in-store wifi anyway. Don't use in-store wifi? Then it's your carrier triangulating you via your cell signal.
There are better ways of tracking people than bluetooth identifiers...like getting people to download your app and giving them in-store coupons via the app.
Really, they're tracking you on the in-store wifi anyway. Don't use in-store wifi? Then it's your carrier triangulating you via your cell signal.
There are better ways of tracking people than bluetooth identifiers...like getting people to download your app and giving them in-store coupons via the app.
I keep BT off because I don't use it. By off, I mean off off, not Apple off that turns it off but it's not really off.
Yes but that short range means many more receivers required to do the tracking. Admittedly I am not an authority on this subject so I am just trying to understand how this is a vulnerability. Is it the mere possibility that someone could rig up a network of trackers or an is there an existing mechanism for this tracking?
I disagree. I find that logging off WiFi based on the location or on the time useful. For instance, when I leave my home, there are a couple of seconds where I am still connected to my WiFi's network but it won't really work given I'm too far away. So I turned it off *momentarily*, with the quick access, so I can get on the LTE. Same if I am walking by a place (e.g. coffee shop) where I have WiFi access. But I still want my phone to connect to my work's WiFi or to my home WiFi when I get back home -- and I know I would forget to turn it back on when I get home or at work.
The vulnerability is that you can identify a phone (and thus a user) because the identifiers don't change at the same time.
Identifier A changes every 5 minutes
Identifier B changes every 6 minutes
If you have both identifier A and B attached to a device C, when Identifier A changes the device is still broadcasting Identifier B. You can then associate the new Identifier A with Identifier B and thus device C. Then when Identifier B changes you can associate the new Identifier B with Identifier A, and thus back to device C.
It's not really a big deal for anyone except spies or people attempting to avoid tracking. But if you're one of the latter you shouldn't be carrying a cellphone.
will they be rolling out a patch to older devices that aren't capable of iOS13? I have the original iPad Air. I still use it daily. but it's limited now to 12.1.3
for my usage, I don't have a reason to buy a new iPad just for a security patch.
