Feed aggregator

Bluetooth Vulnerability Could Allow iOS and macOS Devices Be Tracked and Identified

MacRumors - 2 hours 15 min ago
A security vulnerability in the Bluetooth communication protocol has the potential to allow malicious actors to track and identify devices from Apple and Microsoft, according to new research from Boston University that was highlighted by ZDNet.

Apple devices including Macs, iPhones, iPads, and the Apple Watch are impacted, as are Microsoft tablets and laptops. Android devices are not affected.


As outlined in the research paper [PDF], Bluetooth devices use public channels to announce their presence to other devices.

To prevent tracking, most devices broadcast a randomized address that periodically changes rather than a Media Access Control (MAC) address, but the researchers have found that it is possible to extract identifying tokens that allow a device to be tracked even when this randomized address changes by exploiting the address-carryover algorithm.We present an online algorithm called the address-carryover algorithm, which exploits the fact that identifying tokens and the random address do not change in sync, to continuously track a device despite implementing anonymization measures. To our knowledge, this approach affects all Windows 10, iOS, and macOS devices.

The algorithm does not require message decryption or breaking Bluetooth security in any way, as it is based entirely on public, unencrypted advertising traffic.The tracking method explained in the research paper has the potential to allow for an identity-exposing attack that allows for "permanent, non-continuous tracking," plus an iOS side-channel that "allows insights into user activity."iOS or macOS devices have two identifying tokens (nearby, handoff) which change in different intervals. In many cases, the values of the identifying tokens change in sync with the address. However, in some cases the token change does not happen in the same moment, which allows the carry-over algorithm to identify the next random address.Android devices do not use the same advertising approach as Microsoft and Apple, and are immune to the data tracking methods used by the researchers.

It's not clear if the method described has been used by any bad actors for the purpose of tracking Apple devices using Bluetooth, but it would be undetectable as it does not require breaking Bluetooth security. The research paper contains several recommendations on how to mitigate the tracking vulnerability, and Apple is often quick to patch any security issues that come up, so we could see a fix for this problem in the near future.

Tag: Bluetooth
This article, "Bluetooth Vulnerability Could Allow iOS and macOS Devices Be Tracked and Identified" first appeared on MacRumors.com

Discuss this article in our forums

Beachgoers record emergency landing

CNN - 2 hours 19 min ago
When a small plane made an emergency landing Tuesday evening just feet off the Maryland coast, Graysen Levy couldn't believe what she was seeing.

How Notre-Dame Was Saved: 5 Things We Know

NY Times - 2 hours 25 min ago
The cause of the fire that nearly destroyed one of Europe's most famous landmarks remains unknown. But it's clear that the flames might have been contained. This is what we learned in our investigation.

New archaeological layer discovered at L’Anse aux Meadows

Ars - 2 hours 33 min ago

Enlarge / Paul Ledger and Véronique Forbes examining the cultural horizon. (credit: Linus Girdland-Flink)

L’Anse aux Meadows in Newfoundland is famed for being a site where Norse travelers set up a colony hundreds of years before Europe at large became aware of North America's existence. The colony was thought to be short-lived, but a new find may extend the length of its occupancy.

While taking sediment cores from a nearby peat bog to help study the ancient environment, archaeologist Paul Ledger and his colleagues discovered a previously unknown chapter in the story of L’Anse aux Meadows. Buried about 35cm (14 inches) beneath the modern surface, they found signs of an ancient occupancy: a layer of trampled mud littered with woodworking debris, charcoal, and the remains of plants and insects.

Based on its depth and the insect species present, the layer looks like similar surfaces from the edges of Viking Age Norse settlements in Greenland and Iceland. But organic material from the layer radiocarbon dated to the late 1100s or early 1200s, long after the Norse were thought to have left Newfoundland for good.

Read 15 remaining paragraphs | Comments

These are some of the leaked chats at the center of the scandal

CNN - 2 hours 34 min ago
Puerto Rico's embattled Gov. Ricardo Rosselló is rejecting calls to step down after the leaks of hundreds of derisive and offensive private chat messages between him and members of his inner circle.

Johnny Clegg gave South Africa reason to believe

CNN - 2 hours 38 min ago
I still remember that night back in the early 1970s. It was one of those rare moments at the height of apartheid, when I saw tangible proof that there was hope for a democratic South Africa in which all of us could live together as equals.

Apple Renews 'Carpool Karaoke' for a Third Season

MacRumors - 2 hours 39 min ago
Apple is renewing its "Carpool Karaoke: The Series" show for a third season, Apple announced on YouTube today via James Corden's YouTube channel. The new season is already in production and will feature an episode with the cast of hit Netflix show "Stranger Things."

First launched in 2017, "Carpool Karaoke: The Series" is based on the "Carpool Karaoke" segment made popular by late night talk show host James Corden.


Apple's version of the show pairs up celebrities, musicians, athletes, and more, putting them in a car together to sing popular songs.

Last season featured pairings like Jason Sudeikis and the Muppets, Matthew McConaughey and Snoop Dogg, Weird Al paired and Andy Samberg, Nick Offerman and his wife Megan Mullally, Brie Larson and Samuel L. Jackson, and more.

While "Carpool Karaoke: The Series" was initially developed as a way to promote Apple Music, Apple has been making the episodes available for free through the TV app. Previously, it was limited to Apple Music subscribers.

The second season of "Carpool Karaoke: The Series" began airing in October 2018, so third season episodes could come this fall.


This article, "Apple Renews 'Carpool Karaoke' for a Third Season" first appeared on MacRumors.com

Discuss this article in our forums

Latvia Is a Small Country Eager to Fix a Big Money-Laundering Problem

NY Times - 2 hours 40 min ago
Corruption has driven honest investors away and damaged the Latvian economy, making the cleaning up of illicit bank activity a top priority for a new government.

6-year-old killed by golf ball hit by her dad

CNN - 2 hours 40 min ago
A six-year-old girl died Monday after she was hit in the head by a golf ball that her father hit, authorities said.

LeBron James’s Agent, Rich Paul, Starts a Sports Division at a Hollywood Firm

NY Times - 2 hours 42 min ago
Paul, the agent for nearly two dozen N.B.A. stars including James, will lead a new sports division for United Talent Agency.

Video shows Trump partying with Jeffrey Epstein at Mar-a-Lago in 1992

Washington Post - 2 hours 44 min ago
NBC News aired the video, which it said was shot at the now-president’s Mar-a-Lago Club for a segment on the lifestyle of Trump, who was newly divorced.

With Name-Calling and Twitter Battles, House Republican Campaign Arm Copies Trump’s Playbook

NY Times - 2 hours 49 min ago
House Republicans’ campaign arm, waging a no-holds-barred battle to reclaim the majority, has adopted an antagonistic strategy that includes calling lawmakers names.

Beachgoers help save beached whales

CNN - 2 hours 55 min ago
Dozens of beachgoers stepped in to help several pilot whales that beached on a coastal Georgia island on Tuesday, according to local authorities and videos shared on social media.

Pelosi talks with reporters

CNN - 3 hours 3 min ago

5 Ways John Paul Stevens Made a Mark on the Supreme Court

NY Times - 3 hours 8 min ago
He was nominated to the Supreme Court by a Republican president, and even as Justice Stevens emerged as a leading liberal, President Gerald R. Ford remained a fan.

The Sad Lesson From California

NY Times - 3 hours 11 min ago
New York State, take note: Even the most pro-worker law in the country is ineffective if no one uses it.

Comic-Con swings into 50th year

CNN - 3 hours 16 min ago
Comic-Con is a festive event, as an estimated 130,000 attendees descend on San Diego, many of them clad in colorful costumes. But part of this year's 50th edition of the annual gathering will have a somewhat more somber tone, marking the first convention since the death of Marvel patriarch Stan Lee.

When ‘Good Stories’ Happen for Bad Reasons

NY Times - 3 hours 18 min ago
We take comfort in news about viral acts of kindness toward the sick, the poor and others in need, experts say, but there’s a catch.
Syndicate content