iPhone Bluetooth traffic leaks phone numbers -- in certain scenarios

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
Security researchers say they can extract a user's phone number from the Bluetooth traffic coming from an iPhone smartphone during certain operations.

The attack works because, when Bluetooth is enabled on an Apple device, the device sends BLE (Bluetooth Low Energy) packets in all directions, broadcasting the device's position and various details.

This behavior is part of the Apple Wireless Direct Link (AWDL), a protocol that can work either via WiFi or BLE to interconnect and allow data transfers between nearby devices.

Previous academic research has revealed that AWDL BLE traffic contains device identification details such as the phone status, Wi-Fi status, OS version, buffer availability, and others.

However, in new research published last week, security researchers from Hexway said that during certain operations these BLE packets can also contain a SHA256 hash of the device's phone number.

"Only the first 3 bytes of the hashes are sent, but that's enough to identify your phone number," researchers said. Since phone numbers have pretty strict formatting, attackers can use pre-calculated hash tables to recover the rest of the phone number.
 

boutthatlife

Level 1
Verified
Mar 15, 2019
33
Would vpn stop this? Do apps like signal help?

Wow. I have called Apple a gazillion times complaining about bluetooth...I'm going to give them a call about this as well as that faceid.
 
  • Like
Reactions: Venustus

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Welp. I hope they do. I am on an Android phone and we have a feature to disable Bluetooth scanning. I hope Apple devices have the same switch though I doubt it.
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
Why the frigging hell would BT or WiFi be broadcasting a phone number? That's just idiotic design.
Usually iPhones with BT are like Nokia feature phone and you can't do FTP eventhough hardware supports it and you can do A2DP and contact sharing through Apple certified BT headsets which rake in more cash as usual!
I turned it off on my mom's phone.
 
  • Like
Reactions: Venustus

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
I've
Usually iPhones with BT are like Nokia feature phone and you can't do FTP eventhough hardware supports it and you can do A2DP and contact sharing through Apple certified BT headsets which rake in more cash as usual!
I turned it off on my mom's phone.

I've done the same. I can't use BT with anything anyway since iPhone BT can't even communicate with any Android. And freaking everyone around me has Androids.
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
I've


I've done the same. I can't use BT with anything anyway since iPhone BT can't even communicate with any Android. And freaking everyone around me has Androids.
I wasted 17 hrs to transfer contacts and photos through BT on iPhone and found it the hard way it doesn't support it, so switched to WP again. I really in a dilemma which Android phone to choose; By the time I choose/zero-in on a model, several newer models comes out deprecated the older phones in the process. Too many phones to choose from :cry:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top