Cyberstalkers are using this Windows 11 tool to track iPhone users — how to stay safe

iPhone 14 Plus shown held in hand
(Image credit: Tom's Guide)

Using one of the best iPhones with a Mac is a seamless experience, but the same can’t be said if you use a Windows PC, which is why Microsoft released its Phone Link app for Windows 11 earlier this year.

With Phone Link installed on a Windows laptop or desktop, you can use your iPhone right from your PC to make and take calls, use iMessage and view all of your incoming notifications, which can be really useful. However, according to a new report from the spyware detection company Certo Software, Phone Link is already being abused by cyberstalkers.

Over the course of the last few weeks, several of the firm's users have reported that cyberstalkers have been abusing the Phone Link app to spy on their iPhones. Following Certo’s investigation into the matter, it found that it’s actually really easy for potential cyberstalkers to set up Phone Link on someone else’s iPhone.

To make matters worse, there are “no obvious signs that the iPhone user’s data is being shared”. If a cyberstalker has physical access to a victim’s iPhone, they can set up Phone Link with their own Windows PC and then use the app to read the victim's messages on a PC and see who they’re communicating with via the connected iPhone.

Microsoft designed Phone Link in such a way that the app is easy to set up and essentially, all a cyberstalker needs to do is scan a QR code on their PC using a victim’s iPhone to establish a Bluetooth connection.

From here, they just need to enable a few options on the iPhone to start sharing information from it with their PC. However, Certo points out that cyberstalkers can only view a user’s iMessage history after setting up Phone Link. That means they can't snoop on messages sent or received before connecting the iPhone to the Phone Link app.

While using iMessage and making and receiving phone calls is the main functionality of the Phone Link app, it also allows you to see all of the incoming notifications from an iPhone including the contents of these notifications.

Surprisingly, even if an iPhone is configured to not show notification content until it’s unlocked, the Phone Link app will still show this information regardless of whether this iPhone setting is enabled or not. This can allow a cyberstalker to see other sensitive information including WhatsApp messages or notifications from banking apps.

While Microsoft will likely make some changes to its Phone Link app following this discovery, Certo has a fix that you can apply right now to stay protected from cyberstalkers abusing the app to spy on you through your iPhone.

A woman looking at a smartphone while using a laptop

(Image credit: Shutterstock)

To check to see whether or not someone else has set up the Phone Link app using your iPhone, you need to head to the device’s Bluetooth settings menu by going to Settings and then Bluetooth

Here you’ll find another option called My Devices that allows you to see all of the Bluetooth devices connected to your iPhone. Carefully look through the list for any devices you don’t recognize and you want to pay close attention for those that have the options Show Notifications or Share System Notifications enabled.

If there are any devices you don’t recognize with these options enabled in the list, tap on Forget this Device to unpair it from your iPhone. Likewise, you can also disable Bluetooth entirely if you’re not using Bluetooth headphones or other Bluetooth-enabled devices with your iPhone.

At the same time, Certo recommends checking to see if there are any other Face IDs or Touch IDs set up on your iPhone, as they can provide another way for stalkers to access your messages and other data.

Microsoft and Apple will likely address this security loophole soon but there is a possibility that it could be exploited by spyware makers to create espionage tools that take advantage of it.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

  • mwbudd
    admin said:
    Being able to use iMessage on Windows is great, but Microsoft’s Phone Link app could be used to spy on your iPhone if you’re not careful.

    Cyberstalkers are using this Windows 11 tool to track iPhone users — how to stay safe : Read more
    Well, I waited for this Phone Link to come out and was disappointed in a couple of days. It felt klugey and the hot button issue for me was having to rest my bluetooth settings in my car *everytime* I used the link with my desktop. And since I use bluetooth to connect my phone to my car this is a dealbreaker.
  • NiteCourt
    I think the security loophole is the idiot who leaves their phone unlocked and unattended so someone can take the phone back to a computer and setup phone link. I know on android you can easily go into phone link and see all the pcs that is linked to. I never had it interfere with any other Bluetooth connections or android auto.
  • mwbudd
    Well, it definitely interfered with the BT connection between my iPhone and the car. 4 times in a row. Shut the link program off and the trouble disappeared. That's the extent of my problems with this app and it is a dealbreaker.