Windows 11 just introduced Phone Link support for iOS, which is now available to everyone – but we’re hearing a warning that iPhone owners may be being spied on by someone exploiting a misuse vulnerability.
Phone Link has been available for Android for ages and allows you to transfer messages, notifications and much more to your Windows 11 PC so you can deal with them on your desktop without even picking up your smartphone.
So its introduction to iOS is a definite boon for iPhone users – even if it’s a more limited feature set than Android – but the problem is that cybercriminals can abuse this functionality due to the way Phone Link has been implemented in Apple phones.
Certo Software, a mobile security company, reports that several of its users have claimed that they were spied on using Phone Link for iOS.
How it’s working? Certo explains (via Apple Insider) process in messagethough the bottom line is that in order to compromise a person, the cyber stalker needs physical access to the victim’s iPhone.
If an attacker can get it – and knows the password to the device – it’s fairly easy to set up Phone Link on your own Windows PC. Certo doesn’t detail the exact steps to not provide such information to potential perpetrators, but notes that it requires scanning a QR code on a computer monitor with the victim’s iPhone to set up a Bluetooth connection.
Once this is done and Phone Link is set up on that computer, things like phone call history, iMessages, and the content of any notifications can be viewed without the iPhone owner being aware that any of their data is being compromised in this way.
Certo notes that “cyberstalkers seem to be taking advantage of this new feature quickly” and that this is of course worrying.
Analysis: what can be done?
This is especially worrisome because it can be used in scenarios where, for example, an abusive partner can take advantage of it. They could view all messages and notifications and engage in quite in-depth spying on their victim, all without their partner’s knowledge.
If you own an iPhone and are concerned, Certo explains that there are several actions you can take to ensure you’re not being spied on in this way. First, if you never use Bluetooth, make sure it’s turned off – without wireless turned on, you won’t be able to communicate with the connected Windows PC.
Alternatively, you can check what devices have been connected to your iPhone’s Bluetooth and remove the ones you don’t recognize. To do this, go to Settings and go to Bluetooth > My Devices. If you see any devices that you’re unsure about or don’t know what they are, you can use the “Forget This Device” option to remove them from your iPhone (thus cutting off the link).
Finally, of course it helps if no one else knows your iPhone passcode to unlock it for access – if that’s the case or you think they might, change it and don’t share your passcode with anyone (after you’ve completed the steps above ordinal Bluetooth).
Certo further warns, “As with previous iPhone vulnerabilities, spyware writers may soon start creating tools that use this method to extract even more information from victims’ iPhones.”
We do not know how widely this method may have been used so far, as it seems to be just a scattering of reports, with the possibility of making the situation worse.
Hopefully both Microsoft and Apple will look into this now to make sure that doesn’t happen and take any additional measures necessary to protect the privacy of iPhone users. One of Certo’s suggestions is for Apple to introduce some sort of visual warning indicator in iOS when notifications or messages are shared with another device via Bluetooth.