
What an attacker gets from Apple devices if they sniff Bluetooth traffic - est31
https://hexway.io/blog/apple-bleee/
======
vdnkh
Clickbait title: 'If Bluetooth is ON on your Apple device everyone nearby can
understand current status of your device, get info about battery, device name,
Wi-Fi status, buffer availability, OS version and even get your mobile phone
number'

~~~
ilikehurdles
A part of the problem is that bluetooth is almost always ON on iPhones. The
way one typically toggles it from the control center only disables bluetooth
for a short period of time (24 hours), after that, it turns on again. One has
to go into settings to actually disable bluetooth.

~~~
justwalt
Gotta love the dark pattern. I remember when they made the change, I was
pretty frustrated with that.

~~~
millstone
"Dark pattern" seems too strong. Apple doesn't benefit from your turning
Bluetooth on and isn't trying to manipulate you into doing so.

It's fixing the annoying issue of today's AirPods failing because of something
I did yesterday afternoon which I forgot.

~~~
m463
Apple does benefit from turning bluetooth on.

Your phone will locate and report bluetooth ibeacons, and allow apple to
update their crowdsourced location databases.

The same thing with wifi (which has the same behavior in control panel)

It would have been SO SIMPLE to have a nicer pattern. short press to
disconnect, long press to turn off.

~~~
ilikehurdles
>It would have been SO SIMPLE to have a nicer pattern. short press to
disconnect, long press to turn off.

Indeed, this is exactly what I expected would happen when I long pressed and I
was disappointed when it didn’t. There are definitely times like this when
Apple’s UX gets more credit than it deserves.

------
groovybits
This article fails to mention that AirDrop is only enabled for Contacts by
default.

Furthermore, each AirDrop session is a TLS session, where the users exchange
iCloud certificates to authenticate each other.

See:
[https://www.apple.com/business/site/docs/iOS_Security_Guide....](https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf)
(p. 45)

The phone is only as secure as the user makes it.

~~~
bri3d
I believe that this information leak occurs BECAUSE AirDrop is only enabled
for Contacts by default - you disclose your own hashed phone number when you
open the Share dialog in order to allow nearby phones to decide whether you're
on their Contacts list.

~~~
groovybits
The claimed threat vector is loss of anonyminity. There is no anonyminity
designed into AirDrop, and nowhere in Apple's documentation do I see the claim
for it.

You iCloud account is your identity. When you choose to share things directly
from your phone, you are choosing to share that identity. How else can another
iPhone verify you?

There is no information leak. This is a clickbait title combined with a 'Well,
duh' moment.

~~~
bri3d
There’s a difference between disclosing “I am phone XYZ and I want to AirDrop”
and “here is my phone number.” I would call that an information disclosure.

With that said I agree with you that it’s an intuitive and non-serious
disclosure, but it appears some disagree.

~~~
eridius
Except it's not "here is my phone number", it's "if you know my phone number
you can tell it's me".

~~~
Thorrez
It's functionally the same, because attackers can brute force all phone
numbers to reverse the hash.

~~~
eridius
I just looked up Apple's Security White Paper and it explains that the
Bluetooth LE signal only includes a "short identity hash", and then the
receiving device responds with its own identity info, and then the sending
device establishes a peer-to-peer WiFi connection and sends its "long identity
hash", which the receiver then uses to confirm that it knows the recipient
before responding with its own "long identity hash".

Which it to say, it sounds like you only get partial information about the
sender prior to identifying yourself and establishing a direct connection. So
you cannot passively identify the exact phone number of an unknown sender.

The "short identity hash" itself it says is "created based on the email
addresses and phone numbers associated with the user’s Apple ID", though I
have to assume that it's independently hashing each piece of info because if
you hash the whole set, then the receiver would have to know the whole set,
which would be a problem (my device knows more email addresses for me than any
of my friends do).

~~~
Thorrez
Interesting. Looking at the code, it uses the first 3 bytes of the sha256
hash. That's 24 bits of entropy, or 16777216 possibilities. So if you know the
area code, you can find the full phone number with decent probability.

[https://github.com/hexway/apple_bleee/blob/master/hash2phone...](https://github.com/hexway/apple_bleee/blob/master/hash2phone/hashmap_gen.py)

------
bri3d
Here's the problem space - I'm interested in how HN would design AirDrop
without this information leak:

How do you allow two mutually untrusted client devices to determine that they
share a common 9-digit number, without disclosing the secret? And for bonus
points, how do you allow this to happen without two-way communication or
access to a central authority?

~~~
danShumway
From the article:

> _your phone sends out SHA256 your phone number hash to all the devices
> around you every time you hit Share._

In theory, this should be enough to protect your number (although it's still a
fingerprinting vector). The reason it's a problem isn't because other people
can see the hash -- is because it's trivial to iterate over the list of
possible phone numbers and figure out which one corresponds to each hash.

So... don't use 9 digit phone numbers. I'm sure I'm missing something, but
this does not seem like a hard problem, at all.

Everyone using an Apple device has an Apple account. AirDrop is not compatible
with Android; so this isn't a compatibility thing. I can't think of any reason
why this needs to be a hash of a phone number instead of a randomized string
that's attached to your account. Airdrop is fundamentally a way for you to
share files across _Apple_ devices -- so just give them new IDs.

Yes, this means that there's a tiny amount of coordination with Apple servers
that would need to happen when you add a new contact or share with a brand new
phone number you've never seen before, but is anyone on here seriously going
to argue that's worse for privacy than essentially transmitting your phone
number in the open every time you use AirDrop?

From later in the article:

> _How does your friend know that the person requesting a password is you?
> Broadband BLE requests contain your data, namely, SHA256 hashes of your
> phone number, AppleID, and email._

There's a device with a screen, right in front of you, and the screen has to
be visible for you to click the share button. Your friend also needs to be
right next to you so that your phone's are close enough to connect over
Bluetooth.

So pick one to two randomized dictionary words, display them on the screen,
and just read that out loud to your friend as confirmation.

Is there something I'm misunderstanding about how these features work? The
developers at Apple aren't dumb, so I'm assuming there's some good reason for
needing to use a mobile number as a device ID for a proximity-based sharing
service on a tightly-controlled device.

~~~
giancarlostoro
> Yes, this means that there's a tiny amount of coordination with Apple
> servers that would need to happen when you add a new contact or share with a
> brand new phone number you've never seen before,

I would just have hashes of all the numbers of all your contacts on both
phones and if your hash sent over matches you have a contact. No need to phone
home.

~~~
bri3d
That’s exactly how it works currently, but 9 numbers isn’t enough entropy to
protect against a brute force enumeration.

------
newscracker
The constant stream of information broadcast on Bluetooth is a concern. But
MAC addresses of Apple devices have been randomized for a long time. The
device name is something that could be used as a fingerprint for a longer
duration if it turns out to be unique. What are the other risks, from a
tracking perspective, from this general information broadcast?

------
aloer
technical problems aside it’s not great to see how many people around us leave
leave AirDrop on for everyone.

Sitting in a train or plane full of people means there’s usually 3-4 at least
in range to randomly annoy with shared pictures or to force open a link in
safari

works as intended I guess

sidenote: anyone know what limits there are on all things short range
wireless? How many AirPods can reasonably work in a small area? How many Apple
watches can unlock a mac wirelessly? How much AirDrop/short range device
discovery can happen simultaneously?

~~~
vegardx
On some morning flights I'd bet that close to half of the passengers are using
some type of wireless noise cancelling headphones, and I have yet to notice
any problems. So the bandwidth or noise doesn't seem to be an issue.

------
DevKoala
The title is a lie.

Checking the status of your phone or collecting your phone number is much
different of collecting information for “what happens on your iPhone”. I am
downvoting this.

------
_bxg1
I mean, fair enough. But all of these are highly local (and most require user
interaction), meaning they're less of a privacy concern and more of a security
concern for high-value targets. Localized phishing, mostly. Plus you can guard
against them by turning off bluetooth.

Worth knowing about if you're somebody important, or manage security for
someone who is, but pretty far from "Everyone Knows What Happens on Your
iPhone".

~~~
dlivingston
The edge case would be a someone using these techniques on, say, an attractive
woman three seats down on the train.

In addition, one (hypothetically) could use iOS state awareness in conjunction
with other attack vectors to gain access: i.e., we have an attack vector to
gain remote access, but it only works if the target device is unlocked.

------
mehrdadn
Is this true on Android too? Can someone just lift your phone number via you
merely having your Bluetooth/Wi-Fi/etc. running?

~~~
bri3d
First off, "someone can lift your phone number via you merely having Bluetooth
running" is entirely not true of this information leak.

The scope of this issue is that an unsalted SHA256 of your phone number is
broadcast when you open the Share dialog with AirDrop and Bluetooth active.
Your phone number is broadcast to determine whether the sending device is in
the receiving device's contacts list.

The feature that causes this information leak (AirDrop) has no equivalent on
stock Android, but hundreds of horrifyingly insecure apps exist to replicate
it.

Google are introducing a similar feature (Fast Share) soon and we will see how
it fares security wise.

This is an interesting cryptography question: how do you allow two mutually
untrusted client devices to determine that they share a common secret, without
disclosing the secret? And for bonus points, how do you allow this to happen
without two-way communication?

~~~
nemosaltat
>This is an interesting cryptography question

Is that a solved problem?

~~~
mehrdadn
It sounds impossible for very-low-entropy secrets. Like just imagine if the
secret is 1 bit. Anyone can pretend they have that 1 bit (since they can just
try both possibilities), which would let them determine that's the same secret
the other person has. The only solution would seem to be to stretch the
entropy and make a brute-force enumeration slow.

------
PaulMest
Any idea why this is flagged? I found the demos and the GitHub repo pretty
interesting.

~~~
bri3d
I didn’t flag but it’s obvious why: the title and introduction paragraph is
comically misleading. Without the hyperbole it would be an interesting
discovery, with the hyperbole it’s obnoxious fear mongering.

------
phenomax
Are there any news from Apple's side?

------
hansdieter1337
md5 of a 10 digit phone number... classic noob mistake.

------
buboard
MAybe the IT community should be telling people the truth: smartphones are
terminals to the worldwide network of hackers. There should be no expectation
of real privacy. Encryption can temporarily obscure data, until it becomes
obsolete.

~~~
lukifer
The legal frameworks surrounding privacy all revolve heavily around
"reasonable expectations of privacy". I can't be upset if someone learns
salacious information from the street through an open window; but if I close
the blinds and someone intentionally peeks through a crack, they are violating
my expectation of privacy and potentially breaking a law, even though I failed
to secure that privacy properly by covering every square inch of the window.

In some cases, it can be possible to use E2E encryption to create a secret
that is functionally impossible to discover. But even in cases where digital
security is flawed, vulnerable, or outsourced to a third party, it's still
valuable to us from a legal standpoint to maintain social expectations of
privacy.

