Wednesday, June 7, 2023
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

How cyberstalkers can access your iPhone using Windows Phone Link

Researcher by Researcher
May 13, 2023
in Cybersecurity
0
How cyberstalkers can access your iPhone using Windows Phone Link
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Someone who gains physical access to an iPhone or Android phone could use the Phone Link app to spy on the user’s text messages, phone calls and notifications, says Certo.

Person using a cellphone with a lot of bright red malignant imagery hovering around it.
Image: Pungu X/Adobe Stock

A Microsoft app that helps people use their Windows PC and iPhone or Android phone in tandem could also be abused by cyberstalkers to snoop on personal information. In a report released Thursday, software maker Certo explains how Microsoft’s Phone Link app could be used against iPhone owners and how they can protect themselves against this type of threat.

Jump to:

Related articles

CISA: North Korea-Backed Actors Using Maui Ransomware

North Korean Attackers Target Google Account Credentials

June 7, 2023
Sentra Raises $30 Million for DSPM Technology

KeePass Update Patches Vulnerability Exposing Master Password

June 6, 2023

How a cyberstalker could access an iPhone through Phone Link

How the Windows Phone Link app works

Windows Phone Link is a free Microsoft app that lets people view and access phone calls, text messages and notifications from their smartphone directly on their Windows 10 or 11 PC. In the past, the app has supported just Android phones, but a recent update from Microsoft allows Windows 11 users to set up Phone Link to work with certain models of iPhones.

Setting up Phone Link requires physical access to the phone and to a Windows computer. The risk here is that a person who’s able to even temporarily grab someone else’s phone could enable Phone Link on their own Windows PC and use the app to spy on the victim’s phone calls and text messages without their knowledge or permission.

Activating Phone Link is a relatively simple process, even with an iPhone. In Windows 11, the person would launch the app and then scan its QR code from their phone to automatically connect and pair the phone and PC. Drilling down into the Bluetooth setting on the phone lets you sync contacts and notifications from the phone with Windows (Figure A).

Figure A

The set up window for using Phone Link
You can easily use Phone Link to pair an iPhone with a Windows PC. Image: Certo

Once the person has set up Phone Link on their own computer and someone else’s phone, they no longer need the phone. But now, they would be able to view sent and received messages, send new messages to contacts, view a history of phone calls, make phone calls, and view all notifications. Beyond accessing personal information, someone could potentially view work information, thereby putting the victim and the victim’s organization at risk (Figure B).

Figure B

Sending messages from linked devices in Phone Link
Phone Link lets people send and receive messages from linked devices. Image: Certo

How Android phones can be exploited this way

Android phones can also be exploited this way; however, there are a couple of differences between Android and iOS devices.

“This method can also be used against Android phones, and you can see more data from the phone too, for example, Photos,” Certo co-founder Simon Lewis said. “However, it’s much easier to spot on Android for a few reasons. Firstly, the Link to Windows app must be installed from the Play Store. Secondly, a notification is shown on the phone when a connection to a computer is active.”

To be clear, this isn’t a process that could be done remotely — it does require that the person have physical access to the victim’s phone. Therefore, this is not a threat posed by anonymous cybercriminals. Rather, this is more something that a stalker could potentially pull off, meaning a family member, spouse or significant other who wants to spy on someone they know.

What Apple and Microsoft could and should do

Must-read security coverage

Though the Phone Link app for both Windows and iOS is designed to help users, there is this potential for abuse. With that in mind, Certo suggests a couple of steps that both Apple and Microsoft can take to warn users of a potential threat.

With iOS 14 and higher, your iPhone displays a green or orange dot at the top of the screen when your microphone or camera is being used. Apple could develop a similar visual clue that would tell people when notifications or messages are being shared with a Bluetooth-connected device. Microsoft’s options are more limited, but the company could add a warning to the Phone Link app that it should only be used with your own devices and not those of other people.

Note: I contacted Microsoft and Apple for comment, but I did not receive replies from either company prior to publication.

What steps iPhone users should take

Anyone concerned about this potential misuse of the Phone Link app can take steps to protect themselves.

One way is to turn off Bluetooth when you’re not using it. If you do need to keep Bluetooth turned on, check for any unknown devices. To do this on your iPhone, follow these steps:

  1. Go to Settings and then Bluetooth.
  2. In the My Devices section, look for any devices you don’t recognize, especially a Windows computer.
  3. Tap its Info icon to see if the device is set to show notifications or sync contacts.
  4. Tap the link for Forget This Device to sever the connection.

Another step is to make sure your iPhone is protected with a secure passcode as well as Touch ID or Face ID.

If someone else has added their facial or fingerprint recognition to your phone, and you want to remove that person, you can always reset either option, so only your own face or fingerprint will be recognized and authenticated.



Source link

Tags: AccesscyberstalkersiPhoneLinkphoneWindows
Share76Tweet47

Related Posts

CISA: North Korea-Backed Actors Using Maui Ransomware

North Korean Attackers Target Google Account Credentials

June 7, 2023
0

North Korean threat group Kimsuky has recently launched a social engineering campaign against a number of experts specializing in North...

Sentra Raises $30 Million for DSPM Technology

KeePass Update Patches Vulnerability Exposing Master Password

June 6, 2023
0

Open source password manager KeePass was updated over the weekend to patch a vulnerability allowing attackers to retrieve the cleartext...

Zero-day MOVEit Transfer vulnerability exploited in the wild

Zero-day MOVEit Transfer vulnerability exploited in the wild

June 6, 2023
0

Shodan search engine results for internet-facing MOVEit instances. Image: Shodan The Cybersecurity & Infrastructure Security Agency has issued an alert...

New DDoS Attack Vector Abuses Content Filtering Systems

UNC4857 Exploits MOVEit Transfer Flaw in Data Extortion Attacks

June 6, 2023
0

A newly discovered threat campaign has been observed exploiting the recently uncovered, critical-severity MOVEit Transfer vulnerability in order to launch...

Sentra Raises $30 Million for DSPM Technology

Dozens of Malicious Extensions Found in Chrome Web Store

June 6, 2023
0

Security researchers recently identified more than 30 malicious extensions that had made their way into the Chrome web store, potentially...

Load More
  • Trending
  • Comments
  • Latest
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
Supply chain efficiency starts with securing port operations

Supply chain efficiency starts with securing port operations

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
Money20/20 Europe 2023: Day One TFT Roundup

Money20/20 Europe 2023: Day One TFT Roundup

June 7, 2023
Release date, price and more

Release date, price and more

June 7, 2023
CISA: North Korea-Backed Actors Using Maui Ransomware

North Korean Attackers Target Google Account Credentials

June 7, 2023
7 tips for spotting a fake mobile app

7 tips for spotting a fake mobile app

June 6, 2023

Recent Posts

Money20/20 Europe 2023: Day One TFT Roundup

Money20/20 Europe 2023: Day One TFT Roundup

June 7, 2023
Release date, price and more

Release date, price and more

June 7, 2023
CISA: North Korea-Backed Actors Using Maui Ransomware

North Korean Attackers Target Google Account Credentials

June 7, 2023

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • LetsAskBinuBlogs
  • Malware
  • Networking
  • Protection

Tags

Access attack Attacks banking BiWeekly bug Cisco cloud code critical Cybersecurity Data Digital exploited financial Fintech Flaw flaws Google Group Hackers Krebs Latest launches malware Microsoft million Network News open patches Payments platform Ransomware RoundUp security Software Stories TFT Threat Top vulnerabilities vulnerability warns Week

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved