A Bluetooth vulnerability could give hackers your location2019-07-17 17:59 by Daniela
Researchers have found a bug in the Bluetooth communication protocol that may expose iOS, macOS, and Microsoft users to device tracking. An academic team at Boston University (BU) uncovered the flaw, which exist in the periodically changing, randomized device addressing mechanism that many new-model Bluetooth Low Energy (BLE) devices incorporate to prevent passive tracking.
The vulnerability has to do with the way Bluetooth-enabled devices pair with each other. In that relationship, one device serves as the central connection and the other plays a peripheral role. The peripheral device sends out a signal that contains a unique address - similar to an IP address - and data about the connection. Most devices produce a randomized address which automatically reconfigures periodically. That's meant to protect users' privacy, but the BU researchers found that, using an open-source "sniffer" algorithm, they could identify Bluetooth connections even when their addresses changed.
The bug could be used to spy on users, regardless of OS protections that are in place. Currently, it is thought that this flaw effects devices with Windows 10, macOS, and iOS. Devices affected could be iPhones, iPads, MacBooks and iMacs, Apple Watches, and any Microsoft laptop or tablet.
While iOS, macOS, and Windows 10 systems are affected, Android operating systems appear immune due to differences in handling identifying tokens.
Read more -here-