Windows 11 has just introduced Phone Link support for iOS, which has now rolled out to everyone – but we’re hearing a warning that iPhone owners could be spied upon by somebody leveraging a flaw allowing for misuse of the app.
Phone Link has been around for Android for ages, and allows messages, notifications, and much more to be piped through to a Windows 11 PC, so you can deal with them there on the desktop without even picking up your smartphone.
So, its introduction to iOS is a definite boon for iPhone users – even if it’s a more limited set of features than Android – but the problem is that cyber-stalkers could abuse the functionality due to the way Phone Link has been implemented for Apple handsets.
Certo Software, a mobile security outfit, reports that several of its users have said they’ve been spied upon using Phone Link for iOS.
How does this work? Certo explains (via Apple Insider) the process in a news post, though the key thing to note is that to compromise an individual, the cyber-stalker needs physical access to the victim’s iPhone.
If the attacker can get that – and knows the passcode for the device – it’s an easy enough matter to set up Phone Link on their own Windows PC. Certo doesn’t detail the exact steps, so as not to give would-be abusers that information, but observes that it involves scanning a QR code on the PC monitor with the victim’s iPhone in order to setup a Bluetooth connection.
Once that’s done and Phone Link is set up, then things like phone call history, iMessages, and the content of any notifications can be viewed on that PC, with the iPhone owner unaware that any of their data is being compromised in this manner.
Certo notes that “cyberstalkers seem to be rapidly exploiting this new feature” and that this is obviously worrying.
Analysis: What can be done?
This is particularly concerning as it could be leveraged in scenarios where, for example, an abusive partner might use this. They’d be able to view all messages and notifications, and engage in some quite in-depth spying on their victim, all without their partner’s knowledge.
If you own an iPhone and are now feeling concerned, Certo explains there are several actions you can take to check that you’re not being spied on in this way. Firstly, if you don’t ever use Bluetooth, check to make sure it’s turned off – without that wireless connection enabled, there can be no communication with the linked Windows PC.
Alternatively, you can look at what devices have been hooked up to your iPhone’s Bluetooth, and delete any you don’t recognize. To do that, head into Settings, and navigate to Bluetooth > My Devices. If you see any devices that you’re not sure about, or don’t know what they are, you can use ‘Forget This Device’ to remove them from your iPhone (thereby cutting the link).
Finally, it obviously helps if no one else knows your iPhone passcode to unlock it to gain access – if they do, or you think they might, then change it, and don’t share the passcode with anyone at all (after you’ve completed the above Bluetooth housekeeping).
Certo further warns: “As with previous loopholes in iPhone security, it may not be long before spyware makers start creating tools that make use of this method to extract even more information from victim’s iPhones.”
We don’t know how widely this method might’ve been exploited thus far, as the suggestion seems to be it’s just a scattering of reports, with the potential for things to get worse.
Hopefully, both Microsoft and Apple will be looking into this right now, to ensure that doesn’t happen, and to take any extra measures necessary to defend the privacy of iPhone users. One of Certo’s suggestions is for Apple to bring in some kind of visual warning indicator in iOS when notifications or messages are being shared with another device via Bluetooth.