Windows 11 Phone Link for iOS is allegedly being utilized for covert surveillance of iPhone owners.
Individuals may be unaware that their iPhones have been compromised…
Windows 11 recently introduced Phone Link support for iOS, which has now been made available to everyone. However, there are concerns that someone could exploit a vulnerability in the app, leading to misuse and spying on iPhone users.
Phone Link has long been available for Android devices, enabling the transmission of messages, notifications, and more to a Windows 11 PC. This allows users to handle these interactions on their desktops without needing to pick up their smartphones.
The introduction of Phone Link to iOS is undoubtedly advantageous for iPhone users, despite the features being more limited compared to Android. Nevertheless, the issue lies in the potential abuse of this functionality by cyber-stalkers due to the way Phone Link has been implemented for Apple devices.
So, how does this exploit work? Certo explains the process in a news post (via Apple Insider). The crucial aspect to note is that, in order to compromise an individual, the cyber-stalker requires physical access to the victim’s iPhone.
If the attacker manages to gain access and knows the device’s passcode, setting up Phone Link on their Windows PC becomes a relatively straightforward task. Certo refrains from providing the exact steps to prevent potential abusers from obtaining such information. However, it is mentioned that the process involves scanning a QR code displayed on the PC monitor using the victim’s iPhone to establish a Bluetooth connection.
Once Phone Link is successfully set up, the cyber-stalker can view various information on their PC, including phone call history, iMessages, and the content of notifications. The iPhone owner remains unaware that their data is being compromised in this manner.
Certo notes that cyber-stalkers appear to be rapidly exploiting this new feature, which is a cause for concern.
Analysis: What can be done?
This situation is particularly distressing as it could be leveraged in scenarios where an abusive partner takes advantage of it. They could gain access to all messages and notifications, engaging in extensive surveillance of their victim without their knowledge.
If you own an iPhone and are now concerned, Certo provides several steps to ensure you are not being spied on in this manner. Firstly, if you never use Bluetooth, ensure that it is turned off. Without an active wireless connection, there can be no communication with the linked Windows PC.
Alternatively, you can review the devices that have been connected to your iPhone via Bluetooth and remove any unfamiliar ones. To do this, navigate to Settings, then go to Bluetooth > My Devices. If you encounter any devices that are unfamiliar or unknown, you can use the Forget This Device option to remove them from your iPhone, effectively severing the connection.
Lastly, it is crucial that no one else knows your iPhone passcode for unlocking the device. If you suspect that someone does or may know it, change the passcode immediately and avoid sharing it with anyone (after completing the Bluetooth-related measures mentioned above).
Certo also issues a warning: As with previous vulnerabilities in iPhone security, it may not be long before spyware developers start creating tools that exploit this method to extract even more information from victims’ iPhones.
The extent to which this method has been exploited thus far is uncertain, as there have only been scattered reports. However, there is the potential for the situation to worsen.
It is hopeful that both Microsoft and Apple are actively investigating this issue to prevent any further incidents and implement any additional measures necessary to safeguard the privacy of iPhone users. One of Certo’s suggestions is for Apple to introduce a visual warning indicator within iOS, notifying users when their notifications or messages are being shared with another device via Bluetooth.