PCs and iPhones can be traced through a security flaw
According to American researchers at Boston University, who specialize in computer security, there is a security flaw that could track Windows 10 computers and smartphones in particular iPhones.
This article will also interest you: How do spy apps work and how to get rid of them?
Discovered since August, this time it is located in the a protocol of the Bluetooth BLE feature. Based on the how this protocol works, each time sending unique Identifiers. A hacker could use identify and track its victim. In principle these identifiers are supposed to be untre exploited. However, the researchers say they are managed to bypass the security system. The real problem is that there is no solution at the moment to counter attacks targeting this security breach.
It is known that Bluetooth Low Energy and one of the recent protocol variants that were incorporated only in 2010. Its objective had been to ensure that the energy consumption of wireless devices using Bluetooth was as low as possible. This includes Bluetooth headsets or other compatible machines. And all this while keeping the same features of the standard Bluetooth.
This protocol manages to perform its role because it uses a frequency band associated with algorithms that are used to reduce interference and on the spot limit the transmission power. Unfortunately, this same protocol also has other features that have been discovered by boston University researchers. And it is this other feature that makes its weakness.
it is known that since its incorporation into the Bluetooth standard, researchers have been very attracted by its discovery system which has always worried. In its first version the Bluetooth Low Energy protocol clearly emits a MAC address that was likely to identify and track the devices. But this problem has since been corrected, allowing manufacturers to periodically change MAC addresses issued by their devices, randomly.
Despite this, the researchers also found that it was not just MAC addresses that the protocol was issuing. It also disseminated identification tokens that are a single data that is updated at intervals longer than the MAC address. This allows random MAC addresses to be matched with the device that broadcasts them. "The address tracking algorithm explores the asynchronous nature of address chan[…]ges and exploits identification tokens that don't change in the Payload to associate a new random incoming address with a known device. In doing so, the address tracking algorithm neutralizes the goal of anonymity," the researchers explain.
In the various tests, the researchers eventually came to a clear conclusion. This vulnerability isn't just limited to Windows. Devices on Mac OS and iOS are also affected. Devices like the Apple Watch are also affected. but the strangest thing is that Android smartphones are spared this problem.
Now access an unlimited number of passwords: