Security researchers have recently highlighted a new flaw in Bluetooth protocol that impacts Windows 10, iOS, and macOS machines, and puts them at risk of being spied on despite all the native OS protections in place, ZDNet is reporting.
According to Boston University researchers David Starobinski and Johannes Becker, except for Android, all modern smartphones and devices, including iPhones, iPads, Apple Watches, MacBooks, and Microsoft tablets and laptops are vulnerable to the exploit.
Presenting the results of their research at the 19th Privacy Enhancing Technologies Symposium in Stockholm, Sweden, the researchers explained how Bluetooth devices use MAC addresses as identifiers when advertising their presence to prevent long-term tracking:
It is these identifiers which can be incorporated into an algorithm to track devices and circumvent address randomization by giving attackers data which the researchers call “a temporary, secondary pseudo-identity.”
While this technique works on Windows, iOS, and macOS systems, the Android operating system is immune as the OS does not continually send out advertising messages.
“Any device which regularly advertises data containing suitable advertising tokens will be vulnerable to the carry-over algorithm if it does not change all of its identifying tokens in sync with the advertising address,” the researchers say.
Microsoft and Apple have not yet issued any comment regarding the exploit.