Bluetooth flaw could enable hackers to track iOS, macOS and Windows 10 devices
Neither Apple nor Microsoft have yet issued a fix
A vulnerability in the Bluetooth communication protocol could enable cybercriminals to track Bluetooth devices, including laptops and smartphones manufactured by Apple and Microsoft.
That's according to the researchers from Boston University, who claimed that the flaw could be used to leak users' data from the tracked devices.
The devices equipped with Bluetooth technology use advertising channels to set up a link with other Bluetooth-enabled devices. To prevent tracking of those advertising channels, the device generates periodically changing and randomised addresses as well as identifying tokens to be used in place of permanent MAC address.
Boston University researchers said they have noticed that in a large number of new Bluetooth Low Energy (BLE) devices, those random addresses and identifying tokens don't change in sync, thus creating opportunities for bad actors to track iOS, macOS and Windows 10 devices.
The identifying tokens used by BLE devices are unique to those devices and can remain static for a long period of time to be used as secondary identifiers.
In the study, the researchers used an "address-carryover algorithm" to track devices using a secondary "pseudo-identity."
"The address-carryover algorithm exploits the asynchronous nature of address and payload change, and uses unchanged identifying tokens in the payload to trace a new incoming random address back to a known device," the research paper reads.
"In doing so, the address-carryover algorithm neutralises the goal of anonymity in broadcasting channels intended by frequent address randomisation."
The algorithm doesn't need to use the advertising message decryption or break into Bluetooth security to track the devices, the researchers said.
The exploit was found to be working on iOS, macOS and Windows 10 devices, including iPhones, MacBooks and Surface devices, although Android devices are not vulnerable to the flaw.
"The algorithm succeeds consistently on Windows 10 and sometimes on Apple operating systems," the paper claimed.
The researchers said that they disclosed the vulnerability to Apple and Microsoft in November 2018, but those companies have not yet provided any patches to fix the issue. Switching Bluetooth on and off on macOS and iOS devices could be a temporary workaround.
Windows 10 users will need to periodically disable the Bluetooth device on their machine through the Windows Device Manager and then re-enable it again. That would reset the token as well as the advertising address.
The detailed findings of the study [PDF] were presented on Wednesday at the 19th Privacy Enhancing Technologies Symposium.
Bluetooth is no doubt a very useful technology and is now found in almost every modern gadget. Earlier this year, the Bluetooth Special Interest Group announced that it was launching a new direction-finding feature in the Bluetooth 5.1, which would provide better location accuracy to users.
With the new feature, devices can determine exactly where another Bluetooth 5.1-enabled device is located - down to the centimetre, rather than to within a few metres.