This New Security Flaw Could Let Hackers Take Control of Your iPhone via Bluetooth

These days there’s no shortage of security vulnerabilities that keep being discovered in our devices, and while most of them tend to be software-based, and therefore easily patched, there’s a new hardware vulnerability that’s recently been found by security researchers that might make you want to leave Bluetooth turned off on your iPhone, iPad, or MacBook.

Although there’s some good news in that Apple’s latest devices use newer Bluetooth chips that aren’t impacted by the exploit, there are still a lot of older devices that are, including the iPhone 8 and older models, the 2018 iPad and those that came before it, and the 2017 MacBook Pro and prior MacBooks.

To be clear, this isn’t just an Apple exploit either — it impacts any device running Bluetooth chips from Intel, Qualcomm, and Samsung, so many Android phones and other laptops are also similarly impacted.

How It Works

The vulnerability, which was discovered by a team of security researchers at the University of Oxford, the CISPA Helmholtz Center for Information Security and the Swiss École polytechnique fédérale de Lausanne (EPFL), was published in a detailed technical paper titled BIAS: Bluetooth Impersonation AttackS and shared by 9to5Mac, which outlines how an older, “legacy” authentication procedure that’s part of the Bluetooth specification can be exploited to make a device assume that it’s connected to a previously-trusted Bluetooth device, such as a Bluetooth keyboard.

Basically, the attack identifies the connection as coming from a device that you’ve already trusted, such as a keyboard, Bluetooth headset, or smartphone, and then tells your device that it only supports the minimum level of Bluetooth security, and due to a bug in the Bluetooth Classic protocol, it’s then able to convince your device that it’s in charge of the authentication process, and that it’s decided that it should be authenticated.

Once connected, the attacker could both send and receive data via Bluetooth, depending on the type of device they’re impersonating. For example, a Bluetooth keyboard could be used to send keystrokes to the target device.

Researchers tested the attack on 30 unique Bluetooth devices, using 28 different Bluetooth chips, and were successful in reproducing it in every case, using unsophisticated low-cost equipment such as a Raspberry Pi kit.

What It Means For You

Since this is a Bluetooth vulnerability, it’s a short-range attack, meaning that a hacker who wanted to compromise your device would have to be within about 30 feet for it to be effective, however a complicated rig is not necessary to carry out the attack, so it could be done surreptitiously from somebody sitting in the same coffee shop.

However, it’s also a targeted attack, which means that the attacker not only has to be going after your computer or smartphone specifically, but they also need to be able to impersonate a device that you’ve already paired.

Again, it also doesn’t affect Apple’s latest devices, so if you’re using an iPhone 11, or even an iPhone XS/XR, you don’t need to worry about it at all.

So we’d consider this one a fairly low-risk attack, but if you’re still using an older iPhone, iPad, or MacBook that could be vulnerable and you want to be extra-careful, you can simply switch off Bluetooth entirely when you’re not using it. Further, since it relies on impersonating an existing device, it’s a good idea to go into your Bluetooth settings and “forget” any Bluetooth devices that you’re no longer regularly using.

The Bluetooth SIG, the body that manages the Bluetooth standard, was informed back in December about this vulnerability, and has been working on updating the Bluetooth Core Specification to mitigate against it, and has been encouraging manufacturers to issue a fix in the meantime. It’s not clear if the latest iOS/iPadOS and macOS releases include a fix as of yet.