Using one of the best iPhones with a Mac is a seamless experience, but the same can’t be said if you use a Windows PC, which is why Microsoft released its Phone Link app for Windows 11 earlier this year.
With Phone Link installed on a Windows laptop or desktop, you can use your iPhone right from your PC to make and take calls, use iMessage and view all of your incoming notifications, which can be really useful. However, according to a new report from the spyware detection company Certo Software, Phone Link is already being abused by cyberstalkers.
Over the course of the last few weeks, several of the firm's users have reported that cyberstalkers have been abusing the Phone Link app to spy on their iPhones. Following Certo’s investigation into the matter, it found that it’s actually really easy for potential cyberstalkers to set up Phone Link on someone else’s iPhone.
To make matters worse, there are “no obvious signs that the iPhone user’s data is being shared”. If a cyberstalker has physical access to a victim’s iPhone, they can set up Phone Link with their own Windows PC and then use the app to read the victim's messages on a PC and see who they’re communicating with via the connected iPhone.
Abusing Phone Link to spy on iPhone users
Microsoft designed Phone Link in such a way that the app is easy to set up and essentially, all a cyberstalker needs to do is scan a QR code on their PC using a victim’s iPhone to establish a Bluetooth connection.
From here, they just need to enable a few options on the iPhone to start sharing information from it with their PC. However, Certo points out that cyberstalkers can only view a user’s iMessage history after setting up Phone Link. That means they can't snoop on messages sent or received before connecting the iPhone to the Phone Link app.
While using iMessage and making and receiving phone calls is the main functionality of the Phone Link app, it also allows you to see all of the incoming notifications from an iPhone including the contents of these notifications.
Surprisingly, even if an iPhone is configured to not show notification content until it’s unlocked, the Phone Link app will still show this information regardless of whether this iPhone setting is enabled or not. This can allow a cyberstalker to see other sensitive information including WhatsApp messages or notifications from banking apps.
While Microsoft will likely make some changes to its Phone Link app following this discovery, Certo has a fix that you can apply right now to stay protected from cyberstalkers abusing the app to spy on you through your iPhone.
How to prevent cyberstalkers from spying on you through Phone Link
To check to see whether or not someone else has set up the Phone Link app using your iPhone, you need to head to the device’s Bluetooth settings menu by going to Settings and then Bluetooth.
Here you’ll find another option called My Devices that allows you to see all of the Bluetooth devices connected to your iPhone. Carefully look through the list for any devices you don’t recognize and you want to pay close attention for those that have the options Show Notifications or Share System Notifications enabled.
If there are any devices you don’t recognize with these options enabled in the list, tap on Forget this Device to unpair it from your iPhone. Likewise, you can also disable Bluetooth entirely if you’re not using Bluetooth headphones or other Bluetooth-enabled devices with your iPhone.
At the same time, Certo recommends checking to see if there are any other Face IDs or Touch IDs set up on your iPhone, as they can provide another way for stalkers to access your messages and other data.
Microsoft and Apple will likely address this security loophole soon but there is a possibility that it could be exploited by spyware makers to create espionage tools that take advantage of it.
More from Tom's Guide
