The iPhone makes it easy to connect to Bluetooth devices , such as AirTags or AirPods . However , a hacker has discovered a way to hijack your iPhone and flood it with prompt to connect to twist , making it difficult to use the iPhone .
A certificate researcher called Techryptic ( identified as “ Anthony ” byTechCrunch ) wrote ablog postand made avideo demonstrationon how aFlipper Zerocan be used to flood an iPhone with the connective notifications that you unremarkably see with Bluetooth gadget . As Techrypticputs it , an attacker can “ effectively launch a DDOS [ distributed denial - of - service ] notification attack on any iOS gadget . ” The onslaught of notifications would make it much impossible for anyone to use the iPhone .
Flipper Devices , the company behind the Flipper Zero , transport a statement to Macworld , pronounce that this functionality is not potential to do on the default Flipper Zero hardware . “ We have taken necessary precautions to see to it the gadget ca n’t be used for nefarious intention , ” enounce a Flipper Devices representative . “ Since the firmware is open germ , individuals can aline it and use the equipment in an unintended means , but we do n’t promote this and excuse the practice if the goal is to behave maliciously . ”
Techryptic states that this attack can be used just as a japery or for security department research . Techryptic also noted that a succeeding web log post will excuse how it can be used maliciously . Techryptic ’s blog post says the Flipper Zero has a limited cooking stove , so an assaulter needs to be within close proximity of the target . But TechCrunch was told that a Flipper Zero could be outfitted with an “ amplified board ” to extend the compass to “ thousands of feet . ”
Macworld received an electronic mail claiming that Techryptic ’s work is base on a project calledAppleJuice , which is post to the GitHub chronicle of ECTO-1A and includes “ scripts [ that ] are an observational PoC [ proof of concept ] that employ Bluetooth Low Energy ( BLE ) to get off proximity pairing message to Apple devices . ” The AppleJuice labor was make on GitHub on August 24 and was revolutionise by ademonstration of lasting iPhone Bluetooth pop - ups at Def Conlast calendar month .
ZDNetreports that there is another firmware update that can be applied to the Flipper Zero calledXtreme - Firmware . After it is installed , an app called Apple BLE Spam has a mapping cry Lockup Crash that can be used to perform a denial of service of process attack on an iPhone . ZDNet ’s examination showed that Xtreme - Firmware can be successfully used against iPhones running Io 17 , but Io 16 was not affect .
How to protect yourself from fake Bluetooth notifications
Techryptic , the AppleJuice project , or the Xtreme - Firmware project do not state if Apple has been notified of the security fix . deliberate the tone of the Techryptic post – it was title , “ Annoying Apple Fans”–Apple likely did not receive bill from Techryptic prior to the post . Typically , security research worker do not reveal their findings until Apple has released a repair .
TechCrunch describe that Apple can extenuate the attack “ by ensuring the Bluetooth devices connecting to an iPhone are legitimate and valid , and also reduce the distance at which iDevices can link to other devices using Bluetooth . ” With that in mind , the way Apple would carry out a fix is through an iOS update , so it ’s important to keep your iPhone up - to - date .
The only pragmatic way a user can protect themselves is to twist off Bluetooth , which is n’t ideal . So until Apple cut a fix , it ’s important to keep in mind that this attack is rarified . If you get an unfamiliar telling to link up to a gimmick , be cautious and take precautions – turn down the request if you’re able to . Since this attack could inundate your iPhone with notice , you may have to try leaving the arena and exclude down your phone to stop over the blast .
