There was a bluff on Bluetooth that would allow a bad actor to track a wide range of devices – including iPhone, iPad, Mac and Apple watches.
Other vulnerable devices include laptops and tablets with Windows 10 and Fitbit branded products. However, Android devices are not at risk …
TNW reports the vulnerability found by researchers at Boston University.
Vulnerability allows a hacker to passively track a device by using a blemish in the Bluetooth communication protocol that can expose most third-party tracking devices and identifiable data
the way the Bluetooth Low Energy (BLE) is used to retrieve identifying tokens such as the type of device or other identifiable data from the manufacturer […]
To make pairing between two devices easy, BLE lized public unencrypted advertising channels to announce their presence to other nearby devices. The protocol initially attracted privacy concerns for broadcasting permanent Bluetooth Device MACs – a unique 48-bit identifier – on these channels. their permanent MAC Access Address (MAC). Researchers have stated that the "identifying characters" present in the ad messages are also unique to a device and remain static long enough to be used as secondary identifiers besides the MAC address.
In other words, it is possible to connect the current random address to the next one and thus identify it as the same device. It can then be tracked indefinitely – albeit only with the relatively short range of Bluetooth signals.
Researchers have a suggested solution to the security problem. must synchronize field changes with MAC address ranges.
By adopting Bluetooth devices on a large scale, they warn that "establishing trace-resistant methods, especially unencrypted communication channels, is paramount."
It's unclear whether Apple and other affected companies could make this change into up-to-date information, but meanwhile, if you're ever concerned about tracking your device, there's a simple solution.
Turning Bluetooth on or off in the System Settings (or in the macOS menu bar) will randomly address and change the payload.
You can read the full text here. 9659002] The discovery follows a new one that affects Maca: a vulnerability in several videoconferencing applications that can allow the camera to be remotely enabled.