Security researchers have recently highlighted a new flaw in Bluetooth protocol that impacts Windows 10, iOS, and macOS machines, and puts them at risk of being spied on despite all the native OS protections in place, ZDNet is reporting.
According to Boston University researchers David Starobinski and Johannes Becker, except for Android, all modern smartphones and devices, including iPhones, iPads, Apple Watches, MacBooks, and Microsoft tablets and laptops are vulnerable to the exploit.
Presenting the results of their research at the 19th Privacy Enhancing Technologies Symposium in Stockholm, Sweden, the researchers explained how Bluetooth devices use MAC addresses as identifiers when advertising their presence to prevent long-term tracking:
It is these identifiers which can be incorporated into an algorithm to track devices and circumvent address randomization by giving attackers data which the researchers call “a temporary, secondary pseudo-identity.”
While this technique works on Windows, iOS, and macOS systems, the Android operating system is immune as the OS does not continually send out advertising messages.
“Any device which regularly advertises data containing suitable advertising tokens will be vulnerable to the carry-over algorithm if it does not change all of its identifying tokens in sync with the advertising address,” the researchers say.
Microsoft and Apple have not yet issued any comment regarding the exploit.
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
