Apple remains mum on Flipper Zero DoS attacks that render an iPhone unusable
Back in September, we told you about the little Flipper Zero device that is being used to attack iPhones through the Bluetooth Low Energy (BLE) protocol rendering all units with Bluetooth enabled unresponsive at first. Any Bluetooth devices connected to impacted iPhones are forced to disconnect. Finally, the iPhone reboots and the whole loop starts all over again in a journey that lasts three minutes each time.
Security researcher Jeroen van der Ham was on a train in the Netherlands two weeks ago when pop-ups started appearing on his iPhone. He described the attack by writing to ArsTechnica. "My phone was getting these popups every few minutes and then my phone would reboot," he wrote. "I tried putting it in lock down mode, but it didn't help. Your phone becomes almost unusable. You can still do stuff in between for a couple of minutes, so it's really annoying to experience. Even as a security researcher who had heard about this attack, it's really hard to realize that that is what's going on."
If you don't disable Bluetooth while out in public, your iPhone could be the target of a DoS attack
The good news is that no permanent damage is done to the phone although this denial of service (DoS) attack might lead those unaware of what is really going on to believe that their iPhone is broken. The easiest way to make sure that you don't get caught up in this DoS loop is to have Bluetooth disabled whenever you are out in public. Otherwise, if someone within Bluetooth range of you (approximately 30 feet) has the $169 Flipper Zero device they can either force your iPhone to crash or receive annoying pop-up messages.
The Flipper Zero device
To turn off your Bluetooth connection, go to Settings > Bluetooth and turn Bluetooth off. Using the Control Center to disable Bluetooth is apparently not good enough to stop the attacks. And after you go into Settings to toggle off the connectivity feature, it is recommended that you restart your device.
The Flipper Zero device can make it appear as though there are numerous devices nearby an iPhone overwhelming the handset. We should point out that while Android devices can also be attacked (more on that later), only iPhones running iOS 17 or later are affected. In other words, iPhones running iOS 16 or earlier are safe from this attack.
Apple has yet to issue a public statement about the Flipper Zero DoS attacks and did not include any kind of relief in iOS 17.1. We do expect Apple to release iOS 17.1.1 as soon as next week, but Apple's radio silence doesn't have us too hopeful that the next update will include some kind of protection from the DoS attack for iPhone users. Also on the schedule is iOS 17.2, expected to be disseminated sometime next month.
Android users can also find their phones under attack
As we said the attacks don't damage impacted iPhone units, and they can't steal your personal data or install malware, at least not yet. The only thing that a Flipper Zero attack can do is inconvenience and annoy you. Until Apple releases a fix for this "prank," you might want to disable Bluetooth whenever you're on a bus, train, ferry, or at the movies, attending a sporting event, or enjoying a concert.
Affected iPhone with a pop-up message asking to become a new user on an Apple TV
Anywhere there is a crowd of people, some joker with a Flipper Zero device could be just 30 feet away from you ready to create havoc. Android users are also at risk. On Android, look for Nearby Share in Settings (it is located in different places depending on the manufacturer and the version of Android being used). Toggle off "Show notification" before going out in public.
Regardless of which platform you are using, waiting until an attack starts to disable Bluetooth might not be such a great idea. That's because the attacks are so disruptive to users that it can be impossible to get to the Bluetooth toggle while an attack is in progress. No, you need to be proactive and disable Bluetooth before your phone is under attack or else you might not get a chance to use your phone thanks to that one person in a crowd who gets off by preventing you from using your handset.
Things that are NOT allowed: