Bluetooth communications are on the rise. Millions of users use the technology to connect to peripherals that simplify and provide greater convenience and experience. There is a trick or hack for iOS 11.1.2 and earlier that exploits profile management causing privacy impact to users who use Bluetooth technology on a daily basis. A lot of information about you as a user and your background can be obtained from the iOS device information leakage caused by improper profile management.

When the iOS system detects a Bluetooth signal, the user can choose which device to connect to.

The speaker that appears in Bluetooth discovery is advertising the A2DP profile, a profile for playing audio over Bluetooth connection. When the user clicks on it, pairing is completed without the need for a PIN on Bluetooth 2.1 versions or higher.

After few seconds, the Bluetooth speaker may display, for example, its PBAP profile. If this happens, iOS will activate the new profile without any notification to the user.

Be aware of a weakness or extra configuration accessibility in iOS. When the profile change is performed without notification, contact synchronisation is enabled by default, giving access to it. In other words, DirtyTooth is a trick or hack that can exploit this accessibility setting.

The provided tool can start or stop a Bluetooth agent that waits for a device to pair with it. This agent will not ask for any kind of pin or token to perform the pairing, as it is a Bluetooth 4.0 implementation (Raspberry Pi 3 case) to maximise simplicity for the user.

Once an iOS device has been paired and connected, the DirtyTooth script will be called automatically, which is responsible for collecting the phonebook and call history information in the /root/dirtytooth directory.

No further interaction is required, it simply works automatically.

DirtyTooth

You may also be interested in

  • cloud-professional-services-migration

    Cloud Professional Services: Migration

  • alias robotic

    Telefónica Tech and Alias Robotics created the CS4R laboratory

  • navantia

    Navantia y Telefónica Tech: the Future of Cyber Defence