According to Certo, the Phone Link programme may be used to track a user’s text messages, phone calls, and notification activity if someone has physical access to an iPhone or Android device.
Cyberstalkers could misuse a Microsoft programme that enables customers to use their Windows PC and iPhone or Android phone simultaneously to spy on private data. Software developer Certo details how iPhone consumers might be victimised by Microsoft’s Phone Link app in a paper published on Thursday, along with precautions they can take.
How a cyberstalker could access an iPhone through Phone Link
How the Windows Phone Link app works
People may watch and receive phone conversations, text messages, and notification data from their smartphone immediately on their Windows 10 or 11 PC by using the free Microsoft programme Windows Phone Link. Previously, only Android phones were supported by the programme, but a new update from Microsoft enables Windows 11 users to configure Phone Link to operate with certain iPhone models.
Both the phone and a Windows PC must be physically accessible in order to set up Phone Link. The danger here is that someone who can even momentarily take control of another person’s phone may activate Phone Link on their own Windows PC and use the programme to secretly record the victim’s phone conversations and text messages.
Even with an iPhone, activating Phone Link is a rather straightforward procedure. In Windows 11, the user would open the programme, scan its QR code with their phone, and the phone and PC would immediately pair and connect. You may sync contacts and alerts from the phone with Windows by digging into the Bluetooth settings on the device. (Figure A).
Figure A
They don’t need the phone anymore after they’ve configured Phone Link on their computer and someone else’s phone. However, they would now have access to all alerts, examine all sent and received messages, send new messages to contacts, check call history, and make and receive phone calls. Someone might possibly read work information in addition to obtaining personal information, endangering the victim and the victim’s organisation. (Figure B).
Figure B
How Android phones can be exploited this way
This vulnerability is also present in Android phones, although Android and iOS devices vary in a few ways.
According to Simon Lewis, a co-founder of Certo, “This method can also be used against Android phones, and you can see more data from the phone too, like Photos.” But for a few reasons, it’s lot simpler to identify on Android. The Link to Windows software has to be downloaded from the Play Store first. Second, when a connection to a computer is active, a notice is shown on the phone.
To be clear, this cannot be accomplished remotely; instead, the perpetrator must physically possess the victim’s phone in order to complete the operation. As a result, there is not a danger from unidentified online criminals. Instead, this is something that a stalker, such as a relative, spouse, or significant other who wants to keep tabs on someone they know, would be able to do..
What Apple and Microsoft could and should do
Despite the fact that the Phone Link software for Windows and iOS is intended to assist users, there is a chance that it might be misused. In light of this, Certo offers a few actions Apple and Microsoft might take to alert consumers to a possible danger.
When your microphone or camera are in use, your iPhone shows a green or orange dot at the top of the screen if you have iOS 14 or above. When alerts or messages are being exchanged with a Bluetooth-connected device, Apple may provide a similar visual cue to let users know. The alternatives available to Microsoft are more restricted, although the corporation could make the Phone Link app more explicit that it should only be used with your own devices.
What steps iPhone users should take
Anyone worried about this possible abuse of the Phone Link software should take precautions to be safe.
Turning off Bluetooth while not in use is one option. If Bluetooth must remain on, look for any unidentified devices. Follow these instructions to accomplish this on your iPhone:
- Go to Settings and then Bluetooth.
- In the My Devices section, look for any devices you don’t recognize, especially a Windows computer.
- Tap its Info icon to see if the device is set to show notifications or sync contacts.
- Tap the link for Forget This Device to sever the connection.
Another step is to confirm that your iPhone is secured with both Touch ID or Face ID and a strong password.
You can always reset either feature so that only your own face or fingerprint will be recognised and verified if someone else has added their facial recognition or fingerprint to your phone and you wish to delete that person.
