A few days ago, an update of the Phone Link application arrived on Windows 11, which introduced the possibility of connecting the iPhone as well to take advantage of the same features that have long been available with Android smartphones. Phone Link allows you to use your PC to make/receive phone calls, send and receive text messages, iMessages and view notifications directly from your computer screen.
However, it seems that this connection mode is not so secure and can be easily exploited by malicious users to access personal data. The alarm was raised by the developer of Certo Software, according to which it would be good to take precautions before using it. An article written on the company’s official page explains that it is not so difficult for a cyberstalker to circumvent the protections and access someone’s data without their knowledge.
The first step for the attacker is even briefly have physical access to the phone, as this can be associated with a PC by quickly reading a QR code. Once done, the path is all downhill and very unlikely the affected user can realize that he is sharing personal information with someone else.
As for the cyberstalker, once the operation has been performed, he is able to view notifications, all messaging, listen to recordings of phone calls where present and much more.
How to protect yourself? Prevention is always the best solution and Sure Software recommends regularly check which devices are enabled to connect with our smartphone, and if there are any that are not recognized, to proceed with their disconnection. Phone Link works via Bluetooth connection, therefore it would be a good idea to go to the dedicated settings section, both on iPhone and Android, and check the list of connected devices. In case we don’t recognize someone, the best option is to delete them from the list.
Certain software believes that both Apple and Microsoft should make changes, in order to facilitate the identification of potential privacy risks. As for Apple, it should implement a visual indication when notifications/messages are shared with a Bluetooth device. Microsoft, for its part, could also add a notice to the Phone Link app advising it to be used only with personal devices.
Similar to previous iPhone security breaches, it may not be long before spyware makers start create tools that can leverage this method to extract even more information from victims’ smartphones. Something similar happened in the past with Apple’s iTunes WiFi Sync feature, where some spyware tools exploited the iOS feature to get private information from iPhones over Wi-Fi. Even then, users were not able to easily notice that their device was being spied on.
A Phone Link attack would look similar, because the stalker needs physical access to the iPhone. The main difference lies in using Bluetooth with the latter, but this does not offer guarantees of protection.
Clearly, the need to have physical access to the terminal makes it easier to think of someone from the same family circle as a potential perpetrator of the crime, therefore a similar series can certainly be traced back to cases of domestic abuse, for example by ex-partners or situations similar. As always, the best advice is to be aware of potential threats and be very careful when using these tools.