In certain scenarios, iPhones leak phone numbers through Bluetooth

Security researchers are reporting that they can extract a user’s phone number from the Bluetooth traffic coming from an iPhone smartphone during certain operations.

The attack works because of how Bluetooth works when it is enabled on an Apple device. The device sends Bluetooth Low Energy (BLE) packets in all directions, broadcasting the device’s position and various details.

This is part of the Apple Wireless Direct Link (AWDL) behavior protocol that can work either via Wi-Fi or BLE to interconnect and allow data transfers between nearby devices.

Academic research previously reported has revealed that ADWL BLE traffic does contain device identification details such as the phone status, Wi-Fi status, OS version, and buffer availability, among others.

However, in this new research, security researchers from Hexway have stated that during certain operations, these BLE packets can also contain a SHA256 hash of the device’s phone number. The researchers have stated that only the first 3 bytes of the hashes are sent, but state that that’s enough to identify your phone number.

As phone numbers have strict formatting, attackers can use pre-calculated hash tables to recover the rest of the phone number.

According to Hexway, the BLE traffic that contains the phone number hashes can be captured by malicious actors when a user is using AirDrop to share a file with another user, when a user’s phone is trying to share a Wi-Fi password, or when a user is asked to share a Wi-Fi password by a contact.

There are a few ways for this issue to be exploited; most of the ways revolve around social engineering and could be very successful when aimed at one individual at a time, as part of targeted attacks, in special venues or circumstances.

Hypothetically, someone could attend any conference and collect information about its attendees.

In addition, these attacks are easy to carry out at a technical level. There are published tools on GitHub that automate the process. “The tools are easy to use,” security researcher Dmitry Chastuhin of Hexway states, “All you need is just a person with a laptop and Bluetooth and Wi-Fi adapters and enough people with Apple devices using BLE.”

Chastuhin also stated that his published tools could also be used to “catch students who use AirPods to cheat on exams, and catch people sending abusive content through AirDrop,” both problems that have become quite common practices these days.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648