Hackers Can Obtain Your Phone Number via an iPhone Bluetooth Traffic Leak
- Your iPhone is continuously sending out Bluetooth LE data packets that can be misused by malicious actors.
- The latest Bluetooth traffic leak is connected to AirDrop and Wi-Fi password sharing features, exposing your personal and private data to third parties.Â
- The only way to protect yourself is to disable Bluetooth on your iPhone while in crowded and public spaces.
So far, this has been a problematic week for iOS users – in terms of their security. We learned about serious iMessage vulnerabilities that allow hackers to gain control of your device, and we learned about security flaws in Apple’s AWDL protocol. As it turns out, this isn’t where the problems for Apple’s AWDL end. There’s now a new report indicating that malicious actors can use your iPhone’s Bluetooth connection to collect private information, including your phone number.
According to security researchers at Hexway, the ability of your iPhone to talk to other devices can be used in a malicious way. As you already know, one of the best things about Apple’s devices is their ecosystem of services – which is probably one of their biggest selling points. If you own an iOS and macOS device, you can simply start your work on one device, and continue on the other. The core of this feature is two technologies: Wi-Fi and Bluetooth. More precisely, your iPhone continuously sends large data packets using Bluetooth LE (Low Energy). And the thing is that Bluetooth LE on iOS reveals your phone status, Wi-Fi status, buffer availability, OS version, and more.
In this particular case, Apple’s AirDrop feature can be used to retrieve your phone number. That’s because once you initiate an AirDrop file transfer, your phone is sending out SHA256 hash containing your phone number as well. Here’s a detailed explanation of this vulnerability.
- An attacker would first need to create a 'phone number' database based on a specific city or region, which will be filled with data later on.
- Then, a special script is initiated on the attacker’s laptop. This script isn’t a secret, as Hexway researchers have already published it on GitHub. For the most effective results, this could be done on a subway train, for example.
- If somebody tries to use AirDrop, the attacker will automatically collect the sender’s phone number hash in their database.
- Finally, the phone number is recovered in the hash. And also, the name of the victim can be then obtained using TrueCaller or from the affected device’s name.
To see the exploitation of this vulnerability in action, check out the following YouTube video. The Hexway researchers have nicely showcased the entire process, which can be run by just about anyone (not just hackers).
It’s important to note that the ‘AirDrop method’ isn’t the only way to take advantage of your iPhone’s Bluetooth traffic leak. The same can be done if someone is sharing Wi-Fi passwords. This method can reveal even more details, as its SHA256 hashes reveal your phone number, Apple ID, and your email address. Even though attackers could obtain only the first 3 bytes of the hashes, this is enough to reconstruct your phone number.
You’ve probably heard about cyber-flashing and free Wi-Fi networks tracking your location (like those in coffee shops and stores). Well, now you have another reason to disable the AirDrop feature and to only use it when absolutely needed. In addition, we’ll add that the vulnerabilities of your iPhone Bluetooth traffic can be stopped only if you disable Bluetooth on your device. Hexway says that they’ve detected this Bluetooth leak in the iOS versions starting from 10.3.1. Also, older devices (all iPhone models before the iPhone 6S) don’t pose a security risk as they’re not sending Bluetooth LE packets continuously.
Are you concerned about something stealing your personal information in crowded and public spaces? Let us know in the comments section below, and don’t forget to follow us via our social media profiles, on Facebook and Twitter. Thanks!