IPhone, Bluetooth problem: allows you to steal your phone number

Security researchers have discovered that the iPhone's Bluetooth and Wi-Fi suffer from a flaw that allows you to steal various data from your phone

If you have an iPhone and you use the Bluetooth connection then be careful: someone could steal your phone number. This is what some researchers specialized in computer security have discovered by analyzing the behavior of the iPhone's Bluetooth chip during some specific operations.

The vulnerability is inherent in the Apple Wireless Direct Link (AWDL) protocol, which is used to transfer data between nearby devices connected to each other via Wi-Fi or Bluetooth Low Energy. Within the traffic sent with AWDL there is also information about the smartphone: Wi-Fi status, operating system version and more. But, at least until now, no one had been able to access through this data even the phone number of the SIM inserted in the iPhone. Now Hexway researchers have succeeded. The big risk arising from this vulnerability is that AWDL is used during file, video and photo sharing via AirDrop.

Not only Bluetooth LE connections are at risk

Researchers point out that, during some operations performed with both Bluetooth Low Energy (BLE) and Wi-Fi connections, the device's phone number can also be extracted. Not the whole number is transmitted, but the few data sent are enough to reconstruct it in full because phone numbers have a standard and always the same formatting.

So it is possible to use pre-computed tables to retrieve the rest of the phone number. "Our research reveals the possibility of extracting the phone number not only while using AirDrop but also while using other functions, such as WiFi network connection," explains Dmitry Chastuhin, researcher at Hexway.

What you risk with the bug

This bug in the AWDL protocol is not usable by hackers to pull off massive attacks against a large number of devices. It is, however, usable for targeted attacks aimed at social engineering: "Someone could attend any conference and collect information about its attendees," Chastuhin explains. But the researcher also had an idea about a positive way to exploit this vulnerability: "Detect students using AirPods to cheat on exams or people sending offensive content via AirDrop."