iPhone Bluetooth Traffic Can Reveal Your Phone Number
Security experts from Hexway have reported that by analyzing BLE (Bluetooth Low Energy) packets transmitted by Apple devices, it is possible to discover a user’s phone number. When Bluetooth is enabled on an Apple device, it broadcasts BLE packets containing information such as the device’s location, operating system version, battery level, and other data. This behavior is part of the Apple Wireless Direct Link (AWDL) protocol, which operates over Wi-Fi or BLE to enable connections and data transfers between nearby devices.
Last week, researchers from the Technical University of Darmstadt identified several vulnerabilities in AWDL that could allow attackers to track users, cause device malfunctions, or intercept files transferred between devices using man-in-the-middle (MitM) attacks. Now, Hexway analysts have pointed out another AWDL weakness. During certain operations, the BLE packets sent by the device contain a SHA256 hash of the phone number (as well as the Apple ID and email address). Although only the first 3 bytes of the hash are broadcast, this is often enough to recover the phone number, since phone numbers follow a strict format and the researchers used precomputed hash tables. Unfortunately, the only way to protect yourself from such attacks is to turn off Bluetooth on your device.
BLE traffic containing phone number hashes can be intercepted by attackers when a user uses AirDrop to share files, when the user’s phone tries to share a Wi-Fi password, or when a contact requests the Wi-Fi password. Worse, researchers believe that phone numbers can be extracted from traffic not only during AirDrop use, but also when using other features, such as connecting to a Wi-Fi network.
Hexway experts warn that there are several ways to exploit this issue. For example, someone attending a conference (from hacker events to government roundtables) could collect information about attendees. Moreover, the researchers have already published tools on GitHub to automate such attacks.
“All you need is a person with a laptop and Bluetooth and Wi-Fi adapters, plus enough people with Apple devices using BLE,” explains Hexway specialist Dmitry Chastukhin.