For a while now the Tame Apple Press has bee saying that Apple makes it easy for people to locate lost iPhones, share Wi-Fi passwords, and use AirDrop to send files to other nearby devices. What they didn’t tell you was that it also made it easy for hackers to scoop up a wealth of potentially sensitive data including phone numbers.
If an iPhone user switches on Bluetooth they are broadcasting a host of device details, including its name, whether it's in use, if Wi-Fi is turned on, the OS version it’s running, and information about the battery. Using AirDrop or Wi-Fi password sharing broadcasts a partial cryptographic hash that can easily be converted into an iPhone’s complete phone number. The information—which in the case of a Mac also includes a static MAC address that can be used as a unique identifier—is sent in Bluetooth Low Energy packets.
Anyone with some cheap hardware and a little know-how can collect the details of all Apple devices that have BLE turned on. Companies can also use it to track customers as they move through a store,
Researchers with security firm Hexway - which published the research - said there is enough information broadcast to recover the full phone number.