Security researchers say they can extract a user's phone number from the Bluetooth traffic coming from an iPhone smartphone during certain operations.
The attack works because, when Bluetooth is enabled on an Apple device, the device sends BLE (Bluetooth Low Energy) packets in all directions, broadcasting the device's position and various details.
This behavior is part of the Apple Wireless Direct Link (AWDL), a protocol that can work either via WiFi or BLE to interconnect and allow data transfers between nearby devices.
Previous academic research has revealed that AWDL BLE traffic contains device identification details such as the phone status, Wi-Fi status, OS version, buffer availability, and others.
However, in new research published last week, security researchers from Hexway said that during certain operations these BLE packets can also contain a SHA256 hash of the device's phone number.
"Only the first 3 bytes of the hashes are sent, but that's enough to identify your phone number," researchers said. Since phone numbers have pretty strict formatting, attackers can use pre-calculated hash tables to recover the rest of the phone number.
The Apple bug that might accidentally help catch people behind the recent malicious AirDrop file sharing epidemic.