Bluetooth flaw could leave iPhones, Macs and more susceptible to tracking

There's a new security to worry about that is affecting iPhones, iPads, Macs, Windows 10 devices, and Fitbit devices. The new Bluetooth flaw discovered by researchers at Boston University leaves devices open for third-party tracking.

Researchers from Boston University (BU) have discovered a flaw in the Bluetooth communication protocol that could expose most devices to third-party tracking and leak identifiable data.

Here's how the flaw works:

The vulnerability allows an attacker to passively track a device by exploiting a flaw in the way Bluetooth Low Energy (BLE) is implemented to extract identifying tokens like the device type or other identifiable data from a manufacturer.

The vulnerability discovered by BU researchers exploits this secondary random MAC address to successfully track a device. The researchers said the "identifying tokens" present in advertising messages are also unique to a device and remain static for long enough to be used as secondary identifiers besides the MAC address.

Normally, a Bluetooth use random MAC addresses to track a device, but the flaw is able to pinpoint the address and the track and possible even lift information off a device.

Apple not any other company has commented on the issue. It's unclear if they can patch the flaw with an over the air update. A simple solution you can use right now is turning off and on your Bluetooth, which will randomize the address and change the payload, eliminating the vulnerability.

The entire Boston University paper is worth reading up on.

We may earn a commission for purchases using our links. Learn more.