The iPhone’s Control Center lets you turn off Bluetooth with a single tap…but that’s not quite the case! iOS maintains a wireless link with the Apple Watch or AirPods so they can continue to communicate with the smartphone. This is not without posing a security problem.
Since 2017 and iOS 11, the buttons in the control center that allow you to activate or deactivate Wi-Fi and Bluetooth do not play fair. Deactivation is not really one, since the iPhone continues to communicate wirelessly with other Apple devices, which allows you to continue using an Apple Watch, AirPods, a Pencil, or to take advantage of Continuity functions (Handoff, hotspot, etc.).
The control center does not play fair
For Really deactivate Wi-Fi or Bluetooth, you must go to the corresponding iOS settings. But Apple recommends not completely deactivating these two functions in order to maintain a smooth experience between all the devices you own. It starts from a good feeling, but on the one hand the interface of the control center is not really explicit, and then above all this is a potential angle of attack as demonstrated by security researcher Jae Bochs.
During Def Con, the annual conference bringing together the gratin of hackers in Las Vegas, he strolled through the aisles of the event, lugging with him a box sending fake connection messages to iPhones present in the entourage, until about fifteen meters away. Bochs’ tinkering masquerading as an Apple device meant that nearby iPhones whose Bluetooth had been turned off via Control Center saw nothing but fire; they were allowing communication with what they thought were other iPhones or Apple TVs.
The device in question was cobbled together around a 2W Raspberry Pi Zero, a Bluetooth adapter, and a battery, all for $70. Not really cutting-edge technology inaccessible to apprentice hackers… or to bad hackers. The messages sent resembled the notifications and login panels that Apple devices send to each other, for example to pair with an Apple TV.
Friendly remember to be careful at #Defcon I keep getting these alerts pic.twitter.com/ygUiCCJQmb
—Jaime Blasco (@jaimeblascob) August 10, 2023
Obviously, it was for Jae Bochs to show the potential danger of true-false deactivation of the iPhone via the control center. But in the wrong hands, this trick could make it possible to collect usernames and passwords… A hack known for a long time, in fact: a 2019 study already showed that the Bluetooth LE protocol (low energy) from Apple had holes in the racket.
Despite everything, the security researcher believes that Apple will not change the behavior of the control center, ” which was designed this way, so that watches and earphones continue to work with Bluetooth enabled “, he laments. Users who really want peace of mind will need to turn off Wi-Fi and Bluetooth in their iPhone’s iOS settings.
Source :
TechCrunch