Handoff All Your Privacy: A Review of Apple's Bluetooth Low Energy Implementation

by   Jeremy Martin, et al.

In recent versions of iOS, Apple has incorporated new wireless protocols to support automatic configuration and communication between devices. In this paper, we investigate these protocols, specifically Bluetooth Low Energy (BLE) "Continuity," and show that the price for this seamless user experience is substantial leakage of identifying information and users' behavioral data to a passive listening adversary. We start by reverse engineering Apple's proprietary protocol and identifying a number of data fields that are transmitted unencrypted. Plaintext messages are broadcast over BLE in response to user actions such as locking and unlocking a device's screen, using the copy/paste feature and tapping the screen while it is unlocked. We also demonstrate that the format and contents of these messages can be used to identify the type and OS version of a device. Finally, we show how the predictable sequence numbers of these frames can allow an adversary to track iOS devices from location to location over time, defeating existing anti-tracking techniques like MAC address randomization.


page 1

page 2

page 3

page 4

page 5

page 10

page 15

page 16


Handoff All Your Privacy: A Review of Apple's Bluetooth Low Energy Continuity Protocol

We investigate Apple's Bluetooth Low Energy (BLE) Continuity protocol, d...

Privacy Analysis of Samsung's Crowd-Sourced Bluetooth Location Tracking System

We present a detailed privacy analysis of Samsung's Offline Finding (OF)...

Exploration of User Privacy in 802.11 Probe Requests with MAC Address Randomization Using Temporal Pattern Analysis

Wireless networks have become an integral part of our daily lives and la...

Who Can Find My Devices? Security and Privacy of Apple's Crowd-Sourced Bluetooth Location Tracking System

Overnight, Apple has turned its hundreds-of-million-device ecosystem int...

What Your Wearable Devices Revealed About You and Possibilities of Non-Cooperative 802.11 Presence Detection During Your Last IPIN Visit

The focus on privacy-related measures regarding wireless networks grew i...

Toward a Secure Crowdsourced Location Tracking System

Low-energy Bluetooth devices have become ubiquitous and widely used for ...

Optimizing BLE-Like Neighbor Discovery

Neighbor discovery (ND) protocols are used for establishing a first cont...

Please sign up or login with your details

Forgot password? Click here to reset