From 18aefcd81d746efd3a40fd04f52f8c9668530047 Mon Sep 17 00:00:00 2001 From: JGoyd Date: Sun, 17 Aug 2025 11:55:25 -0400 Subject: [PATCH] Update README.md --- README.md | 40 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ed28b97..30cb491 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,38 @@ -# iOS-18.5-Bluetooth-Privacy-Vuln -Discovery of a critical Bluetooth and GPS privacy vulnerability in iOS 18.5 enabling silent BLE scans, covert GPS activation, and trust metadata exposure without user consent. Native Apple daemons bypass TCC and cryptographic checks, violating expected iOS privacy guarantees. +# iOS 18.5 Bluetooth Privacy Vulnerability Report + +> **Silent Bluetooth Scanning, Metadata Exposure, and Covert GPS Harvesting on iOS 18.5** + +## Overview + +This repository documents a high-severity set of privacy violations discovered in **iOS 18.5** affecting **Bluetooth Low Energy (BLE)** and **location services** on stock iPhones. + +**Affected Version:** iOS 18.5 +**Test Device:** iPhone 14 Pro Max +**Discovery Date:** 2025-06-24 +**Author:** Joseph Goydish II +**Severity:** High + +--- + +## Key Vulnerabilities + +| ID | Component | Description | +|--------|---------------------------|------------------------------------------------------------| +| VF-001 | `audioaccessoryd` | Exposes previously trusted Bluetooth metadata | +| VF-002 | `SPCBPeripheralManager` | Triggers silent BLE scans | +| VF-003 | `locationd` | Activates GPS location harvesting without consent | +| VF-004 | `tccd` | Bypasses TCC privacy framework via `preflight=yes` | +| VF-005 | `bluetoothd` | Continues trust logic despite cryptographic failures | + + + +--- + +## Attack Flow (Observed) + +```plaintext +1. audioaccessoryd → Accesses Bluetooth IRKs & trust metadata +2. SPCBPeripheralManager → Starts silent BLE scan +3. locationd → Triggers GPS data harvesting silently +4. tccd → Bypasses TCC permissions using undocumented parameter +5. bluetoothd → Trust proceeds despite crypto/keychain failure