Millions of iPhone users who have updated to iOS 17 face a potential threat from a widely available “multi-tool device for geeks.” The $169 Flipper Zero can crash an iPhone by flooding it with connection requests. Currently, the only way to prevent an attack is to completely switch off Bluetooth.
First reported by security researcher Jeroen van der Ham, the attack uses a Flipper Zero. According to its manufacturer, this software-controlled radio can be used to “[hack] digital stuff, such as radio protocols, access control systems, hardware, and more.” It is available directly from the manufacturer for $169. Thanks to its open-source design, it can be flashed with custom firmware, opening up many possibilities.
One of these firmware options is Flipper Xtreme. One setting allows a Flipper Zero to announce the availability of a Bluetooth Low Energy device close to an iPhone, an annoyance but no more. Another setting—the setting that triggers the denial of service attack—is simply labelled “iOS 17 attack.”
Van der Ham’s experience of the attack can be read on Ars Technica: “Your phone becomes almost unusable. You can still do stuff in between for a couple of minutes, so it’s really annoying to experience. Even as a security researcher who had heard about this attack, it’s really hard to realize that that is what’s going on.”
The DoS attack can also be targeted at Android and Windows devices. However, these can be more easily blocked as both of these operating systems provide a toggle in settings to turn off notifications for “Fast Pair” (Android) and “Swift Pair” (Windows).
As the labelling suggests, this iPhone attack appears to be tailored towards iOS 17. Van der Ham could not replicate a crash on iPhones running versions of iOS prior to iOS 17.
For users who have updated to iOS 17, the attack can be blocked by turning the iPhone’s Bluetooth off in the Settings app—toggling Bluetooth in the Control Centre panel is insufficient. Unfortunately, key peripherals such as Apple Watch and Air Pods rely on Bluetooth to connect to a user’s iPhone, so this protection may not be practical for many.
Apple has been approached for comment. This story will be updated with any response.
Now read the latest iPhone, iMac, and MacBook Pro news in Forbes weekly Apple digest…
Read the full article here
