Security researchers have discovered a concerning vulnerability in iPhones updated to iOS 17. It has been found that these iPhones are susceptible to a Bluetooth attack using a device called Flipper Zero, which can cause the phone to crash. Reported by Ars Technica, security researcher Jeroen van der Ham fell victim to this exploit during a train journey last month, experiencing multiple pop-up windows before his phone rebooted.
Upon investigation, van der Ham discovered that the attacker was using a Flipper Zero device with custom firmware to send a combination of Bluetooth low energy (BLE) alerts to nearby iPhone handsets running iOS 17. The Flipper Zero is a powerful device known as the “Swiss Army knife of antennas.” It is a small orange and white plastic gadget with a 1.4-inch display that may resemble a child’s toy. However, the Flipper Zero is a multi-tool for hacking as it can communicate with various devices like old garage doors, RFID devices, NFC cards, infrared devices, and of course, Bluetooth devices.
Last year, The Verge described the Flipper Zero as a versatile tool, capable of performing various functions. However, this recent attack on iPhones reveals a new capability of the device. TechCrunch initially reported on the Bluetooth pop-up attacks last month, stating that these attacks can also affect iPad devices. However, a special “iOS 17 Lockup Crash” in the custom Flipper Xtreme firmware specifically overwhelms an iPhone and crashes it. Interestingly, older iPhone models running iOS 16 or earlier are not affected, suggesting that Apple made changes in its latest OS update that made iPhones vulnerable to this form of attack.
It is important to note that this type of attack is not limited to iPhones. Similar attacks can be used on Android devices and Windows laptops as well. BleepingComputer reported last week that Bluetooth spam attacks can be used on Samsung Galaxy phones to generate an endless number of pop-ups. Although disabling the nearby share notification can provide some protection on Android devices, the attack does not crash Android devices.
For iPhone users running iOS 17, the most reliable way to protect against the pop-ups and crash attack is by disabling Bluetooth. However, this may not be practical if users regularly use devices like Apple Watch or Bluetooth headphones. In situations where one suspects someone may use a Flipper Zero, it is worth considering temporarily disabling Bluetooth until Apple can release an update to iOS 17 that addresses this vulnerability. Despite the release of Apple’s latest iOS 17.1 update, it has not fixed the issue.
Efforts have been made to reach out to Apple for comment on the Flipper Zero attack, and further updates will be provided if the company responds.
In conclusion, the discovery of a Bluetooth vulnerability in iPhones running iOS 17 is a cause for concern. The Flipper Zero device, typically known for its versatile hacking capabilities, has exploited this vulnerability, resulting in iPhones crashing due to overwhelming pop-up windows. This attack highlights the need for users to be cautious and consider disabling Bluetooth in certain circumstances until Apple addresses this security flaw.