A Microsoft app that helps people use their Windows PC and iPhone or Android phone at the same time could be misused by cyber stalkers to obtain personal information. In a report released on Thursday, software maker Serto outlines how Microsoft’s Phone Link app can be used against iPhone owners and how they can protect themselves from such threats.
How a Cyberstalker Was Able to Access an iPhone Via Phone Link
How the Windows Phone Link app works
Windows Phone Link is a free Microsoft app that allows people to view and access phone calls, text messages and notifications from their smartphone directly on their Windows 10 or 11 PC. In the past, the app only supported Android phones, but a recent update from Microsoft allows Windows 11 users to set up Phone Link to work with certain iPhone models.
Phone link setup requires physical access to the phone and Windows computer. The risk here is that a person who temporarily hijacks someone else’s phone can enable Phone Link on their own Windows PC and snoop on the victim’s phone calls and text messages without their knowledge or permission. You can use the app to do this.
Activating Phone Link is a relatively simple process, even with an iPhone. In Windows 11, the person launches the app and then scans their phone’s QR code to automatically connect and pair the phone and PC. If you zoom into the phone’s Bluetooth settings, you can sync contacts and notifications from your phone to Windows (Image A,
Once a person has set up a phone link on their computer and someone else’s phone, they no longer need the phone. But now they will be able to view sent and received messages, send new messages to contacts, view phone call history, make phone calls and see all notifications. In addition to accessing personal information, someone may be able to view work information, putting the victim and the victim’s organization at risk.Figure B,
In such a situation, how can the Android phone be taken advantage of?
Android phones can also be exploited in this way; However, there are some differences between Android and iOS devices.
“This method can also be used against Android phones, and you can even see more data from the phone, for example photos,” says Simon Lewis, co-founder of Serto. “However, it’s much easier to spot on Android for a number of reasons. The first is the installation of the Link to Windows app from the Play Store. Second, a notification is shown on the phone when a connection to a computer is active.
To be clear, this is not a process that can be executed remotely – it requires a person to have physical access to the victim’s phone. So it is not a threat from anonymous cyber criminals. Rather, it is something a stalker might do, i.e. a family member, spouse or partner who wants to spy on someone they know.
What Apple and Microsoft Can and Should Do
While the Phone Link app for both Windows and iOS is designed to assist users, there is potential for misuse. With that in mind, Certo suggests several steps that both Apple and Microsoft can take to warn users of the potential threat.
With iOS 14 and later, your iPhone displays a green or orange dot at the top of the screen when your microphone or camera is being used. Apple could develop a similar visual signal that would tell people when notifications or messages are being shared with Bluetooth devices. Microsoft’s options are more limited, but the company could add a warning to the Phone Link app that it should only be used with your own devices and not other people’s.
Note: I’ve contacted Microsoft and Apple for comment, but have not received a response from either company prior to publication.
What steps should iPhone users take?
Anyone concerned about this potential misuse of the PhoneLink app can take steps to protect themselves.
One way is to turn off Bluetooth when you’re not using it. If you need to keep Bluetooth on, check for an unknown device. Follow these steps to do so on your iPhone:
- Go to Settings and then Bluetooth.
- In the My devices section, look for devices you don’t recognize, especially a Windows computer.
- Tap the About icon to see if the device is set to show notifications or sync contacts.
- Tap the Forget this device link to disconnect.
Another step is to make sure that your iPhone is protected with a secure passcode and Touch ID or Face ID.
If someone else has added face or fingerprint recognition to your phone and you want to remove that person, you can always reset both options so that only your own face or fingerprint is recognized and verified.
Stay connected with us on social media platforms for instant updates, Click here to join us Facebook