A flaw in the Bluetooth communication protocol may expose modern device users to tracking and could leak their ID, researchers claim.
The vulnerability can be used to spy on users despite native OS protections that are in place and impacts Bluetooth devices on Windows 10, iOS, and macOS machines. This includes iPhones, iPads, Apple Watch models, MacBooks, and Microsoft tablets & laptops.
On Wednesday, researchers from Boston University David Starobinski and Johannes Becker presented the results of their research at the 19th Privacy Enhancing Technologies Symposium, taking place in Stockholm, Sweden.
According to the research paper, Tracking Anonymized Bluetooth Devices, many Bluetooth devices will use MAC addresses when advertising their presence to prevent long-term tracking, but the team found that it is possible to circumvent the randomization of these addresses to permanently monitor a specific device… While this technique works on Windows, iOS, and macOS systems, the Android operating system is immune as the OS does not continually send out advertising messages. Instead, the Android SDK scans for advertising nearby — rather than advertising itself in a continuous fashion.
MacDailyNews Take: Miraculously, Android is immune from something for once!
Congrats to the researchers as now Apple and Microsoft can remove this vulnerability now that it’s been identified.