The World Wide Web has radically altered the way business is conducted. The globalisation and…
“If Bluetooth is ON on your Apple device everyone nearby can understand current status of your device, get info about battery, device name, Wi-Fi status, buffer availability, OS version and even get your mobile phone number”, — report Hexway experts.
When Bluetooth is enabled on the Apple device, it transmits BLE (Bluetooth Low Energy) packets to the outside, transmitting information about the device’s position, OS version, battery charge, and many other data to them.
This behavior is part of the Apple Wireless Direct Link (AWDL) protocol, which can work either through Wi-Fi or through BLE to connect and transfer data between neighboring devices.
Earlier, we talked about a study by experts from the Darmstadt Technical University who found a number of problems in AWDL that can assist in tracking users, provoke device malfunctions, and intercept files transferred between devices using MitM attacks.
Read also: 66% of information security specialists believe that cloud protection technologies do not work
Hexway analysts now point to another AWDL flaw. So, during certain operations, the BLE packets transmitted by the device contain the SHA256 hash of the phone number (as well as the AppleID and email address). Although the device only broadcasts the first 3 bytes of the hash, this turned out to be quite enough to restore the number, since the phone numbers are in a strict format, and the researchers armed themselves with pre-calculated hash tables. Unfortunately, to protect yourself from such attacks, you can only disable Bluetooth on the device.
BLE traffic containing hashes of phone numbers can be intercepted by cybercriminals when a user uses AirDrop to transfer files; when a user’s phone is trying to share a Wi-Fi password; or when a contact asked the user for a Wi-Fi password. Worse, researchers believe that you can extract a phone number from traffic not only while using AirDrop, but also when using other functions (for example, when connecting to a Wi-Fi network).
“All that is needed is a person with a laptop and Bluetooth and Wi-Fi adapters, as well as enough people with Apple devices using BLE”, – Hexway experts explain.
Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…
Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…
Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…
Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…
News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…
Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…