A recent prank at the Def Con hacker conference is a salient reminder of one of Apple’s most confounding ‘design features’. When you turn off Bluetooth from Control Centre, this does not really turn Bluetooth off.
Pranks are part of Def Con’s tradition with hackers trying to one-up each other with newly discovered vulnerabilities. Security research Jae Bochs created a small device that cost about USD$70 to make. It consists of a Raspberry Pi Zero 2 W, a couple of antennae, a Linux-compatible Bluetooth adapter, and battery pack to make the device portable. Bochs wandered around the conference and, using the contraption, was able to make an alert appear on iPhones that did not have Bluetooth completely disabled.
Bochs says there are about 16 different alerts he could have chosen but he picked the one prompting people to connect to a nearby Apple TV. In theory he could have extended this further prompting them to enter their iCloud username and password. With iOS 17’s new NameDrop feature, which makes it simple to exchange digital business cards, it possible this device could be used to dupe people into sharing personal information.
He was also quick to note that he did not actually enable any malicious payload or data collection. The prompt was just an alert with no data collecting function.
When Bluetooth is ‘turned off” through Control Centre by swiping down from the top-right corner of your iPhone or iPad screen, Bluetooth is limited but not powered off. Apple’s support documents say:
The icon dims and your device disconnects from any accessory it’s connected to, except for Apple Watch, Instant Hotspot, Apple Pencil and Continuity features like Handoff.
Source: Apple Support
If you really want to turn off Bluetooth, you must do it from the Settings app.
Anthony is the founder of Australian Apple News. He is a long-time Apple user and former editor of Australian Macworld. He has contributed to many technology magazines and newspapers as well as appearing regularly on radio and occasionally on TV.