Security researchers say they can extract a user’s phone number from the Bluetooth traffic coming from an iPhone smartphone during certain operations.
The attack works because, when Bluetooth is enabled on an Apple device, the device sends BLE (Bluetooth Low Energy) packets in all directions, broadcasting the device’s position and various details.
This behavior is part of the Apple Wireless Direct Link (AWDL), a protocol that can work either via WiFi or BLE to interconnect and allow data transfers between nearby devices.
Previous academic research has revealed that AWDL BLE traffic contains device identification details such as the phone status, Wi-Fi status, OS version, buffer availability, and others.
However, in new research published last week, security researchers from Hexway said that during certain operations these BLE packets can also contain a SHA256 hash of the device’s phone number.
SOURCE: https://www.zdnet.com/article/iphone-bluetooth-traffic-leaks-phone-numbers-in-certain-scenarios/