iPhone Bluetooth traffic leaks phone numbers -- in certain scenarios

silversurfer

Level 68
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
5,731
Security researchers say they can extract a user's phone number from the Bluetooth traffic coming from an iPhone smartphone during certain operations.

The attack works because, when Bluetooth is enabled on an Apple device, the device sends BLE (Bluetooth Low Energy) packets in all directions, broadcasting the device's position and various details.

This behavior is part of the Apple Wireless Direct Link (AWDL), a protocol that can work either via WiFi or BLE to interconnect and allow data transfers between nearby devices.

Previous academic research has revealed that AWDL BLE traffic contains device identification details such as the phone status, Wi-Fi status, OS version, buffer availability, and others.

However, in new research published last week, security researchers from Hexway said that during certain operations these BLE packets can also contain a SHA256 hash of the device's phone number.

"Only the first 3 bytes of the hashes are sent, but that's enough to identify your phone number," researchers said. Since phone numbers have pretty strict formatting, attackers can use pre-calculated hash tables to recover the rest of the phone number.
 

boutthatlife

Level 1
Mar 15, 2019
35
Would vpn stop this? Do apps like signal help?

Wow. I have called Apple a gazillion times complaining about bluetooth...I'm going to give them a call about this as well as that faceid.
 
  • Like
Reactions: venustus

DeepWeb

Level 25
Verified
Jul 1, 2017
1,421
Welp. I hope they do. I am on an Android phone and we have a feature to disable Bluetooth scanning. I hope Apple devices have the same switch though I doubt it.
 

Vasudev

Level 31
Verified
Nov 8, 2014
2,047
Why the frigging hell would BT or WiFi be broadcasting a phone number? That's just idiotic design.
Usually iPhones with BT are like Nokia feature phone and you can't do FTP eventhough hardware supports it and you can do A2DP and contact sharing through Apple certified BT headsets which rake in more cash as usual!
I turned it off on my mom's phone.
 
  • Like
Reactions: venustus

RejZoR

Level 15
Verified
Nov 26, 2016
700
I've
Usually iPhones with BT are like Nokia feature phone and you can't do FTP eventhough hardware supports it and you can do A2DP and contact sharing through Apple certified BT headsets which rake in more cash as usual!
I turned it off on my mom's phone.

I've done the same. I can't use BT with anything anyway since iPhone BT can't even communicate with any Android. And freaking everyone around me has Androids.
 

Vasudev

Level 31
Verified
Nov 8, 2014
2,047
I've


I've done the same. I can't use BT with anything anyway since iPhone BT can't even communicate with any Android. And freaking everyone around me has Androids.
I wasted 17 hrs to transfer contacts and photos through BT on iPhone and found it the hard way it doesn't support it, so switched to WP again. I really in a dilemma which Android phone to choose; By the time I choose/zero-in on a model, several newer models comes out deprecated the older phones in the process. Too many phones to choose from :cry:
 
Top