Hacker spam iPhone users with fake Bluetooth pop-ups


Apple has implemented a lot of useful technologies in its devices to make it easier to pair them with certain Bluetooth accessories, such as AirPods and AirTags. However, some hackers are now using these same technologies to annoy iPhone users. With a relatively inexpensive tool called Flipper Zero, they can spam iPhones with fake Bluetooth pop-ups, making the device “unusable.”

Faking Bluetooth connections to an iPhone or iPad

For those unfamiliar, a Flipper Zero is a small, affordable device that can be programmed to control multiple radio protocols.

As reported by TechCrunch, a security researcher recently demonstrated how to use a Flipper Zero to perform wireless attacks on Apple devices such as an iPhone or iPad. The hacker says the attack is “a Bluetooth advertising assault” because it basically causes the device to show several Bluetooth connection pop-ups to the user, making it difficult to use the iPhone or iPad.

More specifically, what the hacker does is program the Flipper Zero to act as an official Bluetooth accessory, like a pair of AirPods. This is made possible because these accessories rely on a protocol called Bluetooth Advertisements, which informs another Bluetooth device nearby of their existence.

In addition, code injected into Flipper Zero forces the device to repeatedly send the pairing signal. As a result, any Apple device nearby will show the connection pop-up non-stop. As shown a few weeks ago during Def Con 2023, this can be used to annoy iPhone and iPad owners since there’s no way to ignore these pop-ups.

Apple AirPods and other Bluetooth accessories

iOS is still susceptible to these attacks

According to the security researcher who spoke to TechCrunch, he developed this attack as a “proof of concept” to warn that Apple should provide an option to ignore Bluetooth connections with unknown devices. While iOS lets you close the pop-up, it will keep showing up as long as the accessory (or Flipper Zero) is nearby.

More alarmingly, the attack works even when the iPhone is in Airplane Mode since the Control Center toggle doesn’t disable Bluetooth. The only way to stop the attack is by manually turning off Bluetooth in the Settings app (which will also interrupt the connection with the iPhone owner’s accessories).

The researcher said Apple could mitigate these attacks by ensuring the Bluetooth devices connecting to an iPhone are legitimate and valid, and also reducing the distance at which iDevices can connect to other devices using Bluetooth.

It’s unclear at this point whether Apple is already working on a way to prevent this type of attack, as the company didn’t respond to a request for comment.

FTC: We use income earning auto affiliate links. More.



Source link

Previous articleCentral District of California | Bitcoin-for-Cash Exchange Business Owner Agrees to Plead Guilty to Failing to Maintain an Effective Anti-Money Laundering Program
Next articleBit Digital's bitcoin production rises 5% in August as hash rate … – Seeking Alpha