Bluetooth Flaw Lets Hackers Track Windows, macOS and iOS Devices

(Image credit: Laptop Mag)

Bluetooth is found in nearly every modern gadget, which is why a newly discovered flaw in the communication protocol should be taken very seriously.

As ZDNet first reported, David Starobinski and Johannes Becker of Boston University outlined in a research paper how smartphones, laptops and wearables can be tracked through an exploit in Bluetooth technology.

According to the document, there is a flaw in the constantly changing, randomized MAC addresses that are designed to keep Bluetooth devices safe from tracking. This security approach could play into the hand of a bad actor, allowing them not only to track a device but also to gain information about its identity as well as user activity.

At the heart of this Bluetooth flaw is a problem where identifying tokens and random MAC addresses aren't changing in sync, which allows what Boston Unversity researchers call an "address-carryover algorithm" to continuously track a device by using a secondary "pseudo-identity."

"The address-carryover algorithm exploits the asynchronous nature of address and payload change, and uses unchanged identifying tokens in the payload to trace a new incoming random address back to a known device," the paper reads. "In doing so, the address-carryover algorithm neutralizes the goal of anonymity in broadcasting channels intended by frequent address randomization."

Perhaps most frightening is that this algorithm doesn't do any decrypting and is based completely on public, unencrypted advertising traffic, according to the paper. Also concerning is that the exploit was tested on the Bluetooth low-energy (BLE) specification, which is found in the latest Bluetooth 5 standard.

The exploit supposedly works on Windows 10, iOS and macOS devices, which includes iPhones, Surface devices and MacBooks. Android devices advertise their traffic in a completely different way (by scanning for nearby advertising; there is no active, continuous tracking) and are immune to the vulnerability.

Researchers who discovered the Bluetooth flaw listed several rules that could protect affected devices, the crux of which is to synchronize any changes to tracking information with changes to a device's MAC address. Switching Bluetooth on and off on iOS and macOS devices (sorry Windows users, this won't help you) is a temporary workaround, but it's up to manufacturers to push out a more permanent solution. However, the Bluetooth exploit was first disclosed to Microsoft and Apple in November of 2018, suggesting it's not a high priority to those companies. 

"As Bluetooth adoption is projected to grow from 4.2 to 5.2 billion devices between 2019 and 2022, with over half a billion amongst them wearables and other data-focused connected devices, establishing tracking-resistant methods, especially on unencrypted communication channels, is of paramount importance," the paper reads.

Although no known cases were cited, researchers warn that if the BLE vulnerability remains unchecked, adversaries could eventually combine purchase transactions, facial recognition and other sensitive info with tracking data to create a profile of an exposed user. 

This post originally appeared on Laptop Mag.

Phillip Tracy is the assistant managing editor at Laptop Mag where he reviews laptops, phones and other gadgets while covering the latest industry news. Previously, he was a Senior Writer at Tom's Guide and has also been a tech reporter at the Daily Dot. There, he wrote reviews for a range of gadgets and covered everything from social media trends to cybersecurity. Prior to that, he wrote for RCR Wireless News covering 5G and IoT. When he's not tinkering with devices, you can find Phillip playing video games, reading, traveling or watching soccer.