At present, the only method to shield your iPhone from irritating pop-ups or potentially dangerous breaches that could result in crashing it is to turn off Bluetooth.
Security experts have found an issue with iPhones upgraded to iOS 17. This makes it vulnerable to Bluetooth attack that is carried out using a Flipper Zero gadget. The malicious attack could cause the phone to collapse. Ars Technica reports an incident that involved the security expert Jeroen van der Ham who was able to spot this vulnerability while traveling by train in the last month. The iPhone was filled with numerous popping-up windows that culminated in a sudden restart.
An investigation found that the perpetrator was a fellow traveler on the train, and used a Flipper Zero device equipped with specific firmware. The perpetrator strategically broadcasts an array of Bluetooth Low Energy (BLE) warnings to iPhones operating iOS 17 within proximity.
It’s the Flipper Zero, a diminutive and powerful device that was once hailed for being”the “Swiss Army knife of antennas.” The small white and orange gadget, with its 1.4-inch display, could appear to be a kid’s toy. It is, however, an instrument that can be used for hacking and enables communication between devices that operate at less than 1GHz, including old-fashioned Garage doors, RFID gadgets NFC devices, and Infrared devices particularly, Bluetooth devices.
Many forms of attacks can be launched at iPhones using the Flipper Zero-like device. TechCrunch first highlighted Bluetooth pop-ups that can impact iPad devices, too. It appears, however, that the customized Flipper Xtreme firmware now includes the “iOS 17 Lockup Crash” capable of flooding the iPhone with a heavy load and leading to an unintentional crash. This vulnerability does not impact iPhones that are running earlier iOS versions like iOS 16. The evidence suggests that Apple changed its approach within its most recent operating system upgrade, making iPhones more vulnerable to this particular attack.
Android devices as well as Windows laptops also are susceptible to similar attacks. BleepingComputer last week reported the fact that Bluetooth spam attacks could flood Samsung Galaxy phones with an incessant stream of notifications. Android users can counter this problem by turning off sharing notifications in the vicinity as well and the threat does not appear to be crashing Android devices.
For iPhone users using iOS 17, the best defense against pop-ups and crash attacks is to disable Bluetooth. Though this isn’t practical for those who regularly use the Apple Watch or Bluetooth headphones it’s that is worth taking into account, particularly in areas that have Flipper Zero devices that may be in use. Apple hasn’t yet addressed the issue in its most recent iOS 17.1 upgrade.
We’ve contacted Apple to ask for feedback on this Flipper Zero attack, and we’ll provide updates as Apple replies.