The Bluetooth connection of iPhones with peripherals such as speakers, headphones or sound equipment imply risk for the user's privacy as these elements could extract private information from the iPhone, without the user being aware of it.
The hack or trick puts users privacy at risk. The iOS configuration does not notify the profile change and allows the execution of the functions and actions associated with the new profile, so that the users' data are at risk of being stolen by a potential attacker.
The models that can be used in the hack are:
Currently, all iOS operating systems, compatible with the list of previous models, can be used with DirtyTooth trick. The current version of the operating system configuration in the release of this document is iOS 10.3.3 and iOS 11 beta 4.
When the iOS system detects a Bluetooth signal, the user can visualize the device with which it wants to connect and a scenario like the following will be observed.
The speaker that appears in the Bluetooth discovery is announcing the A2DP profile, a profile to play audio via the Bluetooth connection. When the user clicks on it, the pairing is completed, with no need for a PIN in versions Bluetooth 2.1 or higher.
After a few seconds, the speaker Bluetooth can change its profile to a PBAP profile for example.
If this happens, iOS will perform the profile change without displaying any type of notification to the user.
Note the existence of a weakness or an accesibility configuration extra in iOS. When the profile change is carried out without notification, the synchronization of contacts is enabled by default, giving access to it. In other words, DirtyTooth is a trick or hack that can take advantage of this accesibility configuration.
The trick or hack can be extended to other profiles, as the operating system does not request authorization to change the profile. In the case of a MAP profile, in order to access the messages on the mobile device, a switch displays to synchronize messages, but in this case it is disabled by default, on the contrary to what happens in the case of the PBAP profile. In other words, the trick takes advantage of the lack of authorization to change profile and the default settings to synchronize elements on the device via the Bluetooth connection. It's a simply accesibility configuration potentially dangerous.
It's a easy hack for any user. It affects to privacy users.
Of course, In this URL: https://www.slideshare.net/elevenpaths/dirtytooth