Last week, white hat hacker Jae Bochs intentionally pranked iPhone users at the DefCon 2023 security conference with a $70 homemade kit to make fun of. This tool sent unsolicited notifications to recipients by taking advantage of Bluetooth LE's background running.
According to Bochs, turning off Bluetooth via the Control Center menu is a habit of most iPhone users. This is quick and convenient, but the truth is that this does not completely disconnect the Bluetooth connection, but simply switches to background mode.
This hacker explains, in fact, the user's above operation only requires the iPhone to disconnect all devices that are directly connected. At that time, Bluetooth is still active to identify other Apple devices around. Only when the user goes to Settings > Bluetooth and switches the switch to Off, will the application turn off completely.
Bochs said, bad guys can exploit it for nefarious purposes, even stealing users' passwords. For example, bad guys can send requests to others to connect AppleID or share passwords with nearby Apple TVs.
Apple has mentioned the issue of Bluetooth and Wi-Fi running in the background when users turn it off in the Control Center on the support page. However, the majority of users are still misunderstood. So, according to security expert Jaime Blasco of Nudge Security, there should be a quick shortcut that can completely turn off the above connection.
Apple has not yet commented on the matter.