In September, 9to5Mac reported that Flipper Zero, a popular and cheap hacking tool, was being used to wreak havoc on nearby iPhones and iPads, spamming them with fake Bluetooth pop-ups until they eventually crashed.
Despite many iOS 17 updates since, including last week’s release of new iOS 17.2 betas, Apple has yet to implement safeguards to prevent the attack. So, what gives?
Flipper Zero attack using iPhone Bluetooth exploit
Out of the box, you’ll find that Flipper Zero can be a pretty harmless device. It’s sold as a portable multi-tool for penetration testers and hobbyists that can be programmed to control multiple radio protocols.
However, since the firmware is open source, it can be modified with new software that turns it into a low-orbiting ion cannon for bad actors to point at unsuspecting victims.
First pointed out by security researcher Techryptic, Ph.D., when additional software is loaded onto the Flipper Zero, it can then perform Denial of Service (Dos) attacks, spamming iPhones and iPads with an overwhelming amount of Bluetooth connection notifications that cause the devices to freeze up for minutes and then reboot.
The attack uses a Bluetooth Low-Energy (BLE) pairing sequence flaw. Apple uses several BLE technologies in its ecosystem, including AirDrop, HandOff, iBeacon, HomeKit, and plenty to do with Apple Watch.
A prominent feature of BLE is its ability to send advertising packets, or ADV packets, to identify local devices on iPhones and iPads. It’s thanks to these packets, that activities such as pairing new AirPods are done with a slick animated pop-up on the bottom half of the device.
Unfortunately, these ADV packets can be spoofed, and this is what hackers are taking advantage of…with the help of a Flipper Zero.
Protecting against Flipper Zero attack
Flipper Zero has an okay-ish Bluetooth radio range of about 50 meters (~164 feet), which means pulling off DoS attacks will require hackers to be close but far enough to wreak havoc on coffee shops and sporting events without being detected.
What’s most alarming about this attack is there’s no realistic way to protect yourself yet. The only thing users can do to not fall victim is to disable Bluetooth in Settings. Obviously, this extremely limits functionality and would be reenabled by Apple every time you update to the latest version of iOS.
What is Apple doing?
For a company with one of the best security track records, Apple has yet to acknowledge the BLE flaw that’s being exploited. The reason could be technical, but many believe Apple is not taking the exploit seriously as it doesn’t pose a big enough threat to users and/or user privacy. What do you think?
In my testing, this attack still works against iPhones running iOS 17.2.
Follow Arin: Twitter (X), LinkedIn
FTC: We use income earning auto affiliate links. More.
