In September, 9to5Mac reported that Flipper Zero, a popular and cheap hacking tool, was being used to wreak havoc on nearby iPhones and iPads, spamming them with fake Bluetooth pop-ups until they eventually crashed.
Despite many iOS 17 updates since, including last week’s release of new iOS 17.2 betas, Apple has yet to implement safeguards to prevent the attack. So, what gives?
Flipper Zero attack using iPhone Bluetooth exploit
Out of the box, you’ll find that Flipper Zero can be a pretty harmless device. It’s sold as a portable multi-tool for penetration testers and hobbyists that can be programmed to control multiple radio protocols.
However, since the firmware is open source, it can be modified with new software that turns it into a low-orbiting ion cannon for bad actors to point at unsuspecting victims.
First pointed out by security researcher Techryptic, Ph.D., when additional software is loaded onto the Flipper Zero, it can then perform Denial of Service (Dos) attacks, spamming iPhones and iPads with an overwhelming amount of Bluetooth connection notifications that cause the devices to freeze up for minutes and then reboot.
The attack uses a Bluetooth Low-Energy (BLE) pairing sequence flaw. Apple uses several BLE technologies in its ecosystem, including AirDrop, HandOff, iBeacon, HomeKit, and plenty to do with Apple Watch.
A prominent feature of BLE is its ability to send advertising packets, or ADV packets, to identify local devices on iPhones and iPads. It’s thanks to these packets, that activities such as pairing new AirPods are done with a slick animated pop-up on the bottom half of the device.
Unfortunately, these ADV packets can be spoofed, and this is what hackers are taking advantage of…with the help of a Flipper Zero.
Protecting against Flipper Zero attack
Flipper Zero has an okay-ish Bluetooth radio range of about 50 meters (~164 feet), which means pulling off DoS attacks will require hackers to be close but far enough to wreak havoc on coffee shops and sporting events without being detected.
What’s alarming about this attack is there’s no realistic way to protect devices yet.
The only thing users can do is disable Bluetooth in Settings (Airplane Mode won’t work). I wouldn’t consider this a solution by any stretch. It would obviously limit functionality, and Apple will simply reenable it every time you update to the latest version of iOS.
What is Apple doing?
For a company with one of the best security track records, Apple has yet to acknowledge the BLE flaw that’s being exploited. The reason could be technical, but many believe Apple is not taking the exploit seriously as it doesn’t pose a big enough threat yet to users and/or user privacy.
Let us know what you think in the comments below.
FTC: We use income earning auto affiliate links. More.