IPhone Bluetooth traffic can disclose phone number information and much more

Hexway experts report that by analyzing the BLE packets transmitted by Apple devices, you can find out user’s phone number.

Users value their privacy, and Apple understands this. Apple devices are valued for the ecosystem that connects them. It is really very convenient to start using the application on one device and continue on another. But how reliable is Apple’s privacy?

“If Bluetooth is ON on your Apple device everyone nearby can understand current status of your device, get info about battery, device name, Wi-Fi status, buffer availability, OS version and even get your mobile phone number”, — report Hexway experts.

When Bluetooth is enabled on the Apple device, it transmits BLE (Bluetooth Low Energy) packets to the outside, transmitting information about the device’s position, OS version, battery charge, and many other data to them.

This behavior is part of the Apple Wireless Direct Link (AWDL) protocol, which can work either through Wi-Fi or through BLE to connect and transfer data between neighboring devices.

Earlier, we talked about a study by experts from the Darmstadt Technical University who found a number of problems in AWDL that can assist in tracking users, provoke device malfunctions, and intercept files transferred between devices using MitM attacks.

Read also: 66% of information security specialists believe that cloud protection technologies do not work

Hexway analysts now point to another AWDL flaw. So, during certain operations, the BLE packets transmitted by the device contain the SHA256 hash of the phone number (as well as the AppleID and email address). Although the device only broadcasts the first 3 bytes of the hash, this turned out to be quite enough to restore the number, since the phone numbers are in a strict format, and the researchers armed themselves with pre-calculated hash tables. Unfortunately, to protect yourself from such attacks, you can only disable Bluetooth on the device.

BLE traffic containing hashes of phone numbers can be intercepted by cybercriminals when a user uses AirDrop to transfer files; when a user’s phone is trying to share a Wi-Fi password; or when a contact asked the user for a Wi-Fi password. Worse, researchers believe that you can extract a phone number from traffic not only while using AirDrop, but also when using other functions (for example, when connecting to a Wi-Fi network).

“All that is needed is a person with a laptop and Bluetooth and Wi-Fi adapters, as well as enough people with Apple devices using BLE”, – Hexway experts explain.