Security researchers have found that iPhones up to date to iOS 17 are prone to a Bluetooth assault using a Flipper Zero gadget that can crash the cellphone. Ars Technica studies that safety researcher Jeroen van der Ham fell sufferer to the exploit on a prepare journey final month, together with his cellphone displaying a number of pop-up home windows earlier than rebooting.Van der Ham found that the attacker, one other passenger on the prepare, was using a Flipper Zero gadget with customized firmware to ship a mixture of Bluetooth low power (BLE) alerts to close by iPhone handsets running iOS 17.The Flipper Zero is a very highly effective gadget that we described because the Swiss Army knife of antennas final 12 months. It’s a small orange and white plastic gadget with a 1.4-inch show that appears prefer it might be a youngster’s toy. The Flipper Zero is a multi-tool for hacking, because it talks to sub-1GHz units like outdated storage doorways, RFID units, NFC playing cards, infrared units, and naturally, Bluetooth units.There are a number of assaults that can be carried out on iPhones from a Flipper ZeroTechCrunch first reported on the Bluetooth pop-up assaults final month. These can additionally have an effect on iPad units, however it seems there’s now a particular “iOS 17 Lockup (*17*)” within the customized Flipper Xtreme firmware that can truly overwhelm an iPhone and crash it. The assault doesn’t have an effect on iPhones which are running older iOS variations (like iOS 16), so it seems Apple has modified one thing in its newest OS replace to make iPhones prone to this type of assault.The same assault can additionally be used on Android units and Windows laptops. BleepingComputer reported final week that the Bluetooth spam assaults can be used on Samsung Galaxy telephones to generate a unending quantity of pop-ups. You can defend towards this on Android by disabling the close by share notification, and the assault doesn’t seem to crash Android units.If you might have an iPhone running iOS 17, then the one dependable solution to defend towards the pop-ups and crash assault is by disabling Bluetooth. That’s not sensible if you happen to use an Apple Watch or Bluetooth headphones often, however if you happen to’re in a location the place somebody may use a Flipper Zero, it’s value eager about till Apple is ready to replace iOS 17 to guard towards these assaults. Apple’s newest iOS 17.1 replace hasn’t mounted the difficulty.We’ve reached out to Apple to touch upon the Flipper Zero assault, and we’ll replace you if the corporate responds.
https://www.theverge.com/2023/11/3/23944901/apple-iphone-ios-17-flipper-zero-attack-bluetooth
iPhones running iOS 17 can be crashed using a Flipper Zero
