Apple makes it easy for people to locate lost iPhones, share Wi-Fi passwords, and use AirDrop to send files to other nearby devices. A recently published report demonstrates how snoops can capitalize on these features to scoop up a wealth of potentially sensitive data that in some cases includes phone numbers.
Simply having Bluetooth turned on broadcasts a host of device details, including its name, whether it’s in use, if Wi-Fi is turned on, the OS version it’s running, and information about the battery. More concerning: using AirDrop or Wi-Fi password sharing broadcasts a partial cryptographic hash that can easily be converted into an iPhone’s complete phone number. The information — which in the case of a Mac also includes a static MAC address that can be used as a unique identifier — is sent in Bluetooth Low Energy packets.
The information disclosed may not be a big deal in many settings, such as work places where everyone knows everyone anyway. The exposure may be creepier in public places, such as a subway, a bar, or a department store, where anyone with some low-cost hardware and a little know-how can collect the details of all Apple devices that have BLE turned on. The data could also be a boon to companies that track customers as they move through retail outlets.
MacDailyNews Take: It’s a trade-off. Apple wants to make sharing easy enough for average users and also, by using partial cryptographic hashes, make it not a trivial thing to grab this info.
Security firm Hexway, which published the report, includes proof-of-concept software that demonstrates the information broadcast.
Hexway also posted a video to YouTube: