Windows 11 Phone Link App Can Compromise iPhone Security: Researchers

A feature in Microsoft’s Windows 11 appears to have inadvertently created a way for cyberstalkers to target iPhone users, claims Certo, a company that makes spyware detection tools.

The Phone Link app in Windows, initially designed to facilitate Android users in connecting their phones to their PCs, has now been extended to include iPhones and iOS users. While this move has been welcomed by many for its cross-platform integration, it has also raised concerns about its potential misuse, says Certo.

The Phone Link app, after its recent update in April 2023, has been reported to be exploited by cyberstalkers to spy on iPhones. Certo says there have been multiple instances where users have found their iPhones compromised through Phone Link.

According to Certo, the setup of Phone Link on someone else’s iPhone is straightforward, with no obvious indications of data sharing. This means that cyberstalkers can easily connect their Windows PC to the iPhone of their victim, thereby gaining access to iMessages and call history without the victim’s knowledge, said Simon Lewis, co-founder of Certo, in an email to iPhone in Canada.

Phone Link’s easy setup is part of the problem. Without going into specifics, Certo explained that stalkers only need to scan a QR code on their PC with the victim’s iPhone and enable certain options to begin sharing data.

Once connected, the PC can view and send iMessages, view call history, make calls, and most alarmingly, view the contents of all notifications, even those that are set to remain hidden until the phone is unlocked. Certo emphasizes that there are no apparent signs for the iPhone user to know that their information is being shared with a PC, making it a potent tool for cyberstalkers.

Certo has recommended that to prevent such incidents, iPhone users should regularly check their Bluetooth settings for any unrecognized devices and unpair them. If Bluetooth is not being used, turning it off can immediately halt such attacks. Additionally, users are encouraged to set a secure unlock passcode and regularly check for any unfamiliar Face IDs or Touch IDs on their iPhones.

The company has also urged Apple and Microsoft to take action. They suggest that Apple could introduce a visual indication when notifications or messages are being shared with a Bluetooth device, similar to the current feature that indicates when the microphone or camera is in use (the green and orange dot indicators in the status bar). They also believe Microsoft could add a warning to the Phone Link app advising users against connecting to other people’s devices.

Certo warned that similar security loopholes in the past have been exploited by spyware makers and the Phone Link vulnerability could be next in line. The company is already receiving reports of Phone Link being used in instances of domestic tech abuse. They have urged all iPhone users to be aware of this potential threat and take immediate action if they suspect they are being targeted.

It’s clear that setting a secure iPhone passcode can stop your device from an unauthorized pairing for Windows Phone Link. At the end of the day, always know where your iPhone is and don’t just lend it out to others.