Security Highlight: Bluetooth Security Flaws
Recently, Apple introduced a useful but potentially dangerous feature to its iPhones. Most of us would assume that a phone becomes inactive when switched off by the user or due to low power. Surprisingly, newer phones continue limited functionality for several hours in low power mode or even when the device is turned off. This includes cards in your Wallet and the Find My service. This feature caught the attention of Technical University Darmstadt, resulting in an insightful paper.
The low power mode makes it possible to continue making payments, unlock your car, or find your phone if it gets lost. Clearly, this can provide a great user experience. Imagine your relief when you have low phone battery after a long day, but you can still unlock your car or pay for transit. Or think of the time you switched off your phone but forgot where you left it. In situations like that, this service can be a lifesaver.
However, there's another side to the story. Often, card services in your phone require user authentication involving the user interface of your phone. In low power mode, only the near-field communication (NFC) chip is enabled and, therefore, it can’t rely on the phone to perform user authentication. This means that anyone holding the phone theoretically can make so-called “express payments” for amounts below the merchant’s authentication limit ($100 USD in the United States), which effectively offers the same level of security as a regular payment card. It's true that many mobile payment cards are pre-configured to disable express payments, but users may be tempted to enable them without realizing they also abandon payment authentication.
The Bluetooth service plays a central role in the “Find My” system. Sometimes a user wants to be anonymous and untraceable. However, switching off your phone would not achieve that for you. Although the “Find Me” service is normally only available for authorized users, this does not stop the Bluetooth traffic, and adversaries might still be able to track a device.
Lastly, the researchers found that the Bluetooth chip is not well protected, meaning its firmware could be analyzed and altered by an iPhone user with privileged access. While this is a complex process, it may also lead to discovering and exploiting new vulnerabilities that would introduce even more risk. It would be beneficial for Apple to address the Bluetooth chip vulnerabilities and enhance firmware security.
In general, product vendors should be very cautious about security implications when introducing features without increasing user awareness. The human factor always plays an important role in security, and you cannot assume the right user behavior when they aren’t aware of the implications of their actions. A security assessment may help developers understand whether other measures mitigate a lack of user prudence. understand whether other measures mitigate a lack of user prudence.