Apple urged to take action on Flipper Zero attack that can make iPhones non-functional
Security researcher Anthony has demonstrated a new Bluetooth-based attack that ranges in severity from a mild annoyance to an offensive one and can make an iPhone useless.
For this attack, all a hacker would need is a small hacking device called Flipper Zero which costs $169. It is capable of interacting with the Bluetooth Low Energy (BLE) protocol which enables wireless data transfers between devices.
The BLE protocol uses advertising packets to help devices make their presence known and can be picked up by any device that has Bluetooth enabled without pairing. Since Apple's ecosystem consists of numerous interconnected gadgets, it relies heavily on BLE.
Flipper Zero can mimic the BLE advertising packets of legitimate devices and create phantom devices. In such a scenario, an iPhone would get the impression that there are numerous devices around.
While a prankster could use the Flipper Zero to poke some fun at iPhone users by confusing them with fake devices, hackers can use it to carry out a phishing attack by spoofing trusted notifications.
The hacking tool can flood an iPhone with a barrage of pop-ups, asking them to connect to nearby devices such as an AirTag or AirPods. It can become a denial-of-service attack and the constant disruptions can make an iPhone almost unusable.
Example of 'DDOS: pic.twitter.com/5FGhK7QYoG
— Techryptic, Ph.D. (@tech) September 4, 2023
TechCrunch was able to replicate the attack on an iPhone 8 and an iPhone 14 Pro. The outlet was able to use the proof-of-concept code shared on Anthony's website to deceive two iPhones into thinking that two AirTags were close by.
The exploit only seems to work when Bluetooth is on or switched off only in the Control Center. The attack doesn't seem to work when Bluetooth is disabled from the Settings. That said, Anthony says that an iPhone is susceptible even when it's in airplane mode and has advised Apple to take measures to protect its users from such attacks.
Anthony says that it's possible to carry out an attack that would work over thousands of feet using an amplified board for increasing the range of Bluetooth packet transmission.
Things that are NOT allowed: