This little tool can crash an iPhone running iOS 17

Share via:

Illustration by Lille Allen / The Verge

Security researchers have discovered that iPhones updated to iOS 17 are susceptible to a Bluetooth attack using a Flipper Zero device that can crash the phone. Ars Technica reports that security researcher Jeroen van der Ham fell victim to the exploit on a train journey last month, with his phone displaying multiple pop-up windows before rebooting.

Van der Ham discovered that the attacker, another passenger on the train, was using a Flipper Zero device with custom firmware to send a combination of Bluetooth low energy (BLE) alerts to nearby iPhone handsets running iOS 17.

The Flipper Zero is a very powerful device that we described as the Swiss Army knife of antennas last year. It’s a small orange and white plastic gadget with a 1.4-inch display that looks like it could be a child’s toy. The Flipper Zero is a multi-tool for hacking, as it talks to sub-1GHz devices like old garage doors, RFID devices, NFC cards, infrared devices, and of course, Bluetooth devices.

There are multiple attacks that can be performed on iPhones from a Flipper Zero

TechCrunch first reported on the Bluetooth pop-up attacks last month. These can also affect iPad devices, but it appears there’s now a special “iOS 17 Lockup Crash” in the custom Flipper Xtreme firmware that can actually overwhelm an iPhone and crash it. The attack doesn’t affect iPhones that are running older iOS versions (like iOS 16), so it appears Apple has changed something in its latest OS update to make iPhones susceptible to this form of attack.

A similar attack can also be used on Android devices and Windows laptops. BleepingComputer reported last week that the Bluetooth spam attacks can be used on Samsung Galaxy phones to generate a never-ending amount of pop-ups. You can protect against this on Android by disabling the nearby share notification, and the attack doesn’t appear to crash Android devices.

If you have an iPhone running iOS 17, then the only reliable way to protect against the pop-ups and crash attack is by disabling Bluetooth. That’s not practical if you use an Apple Watch or Bluetooth headphones regularly, but if you’re in a location where someone might use a Flipper Zero, it’s worth thinking about until Apple is able to update iOS 17 to protect against these attacks. Apple’s latest iOS 17.1 update hasn’t fixed the issue.

We’ve reached out to Apple to comment on the Flipper Zero attack, and we’ll update you if the company responds.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

This little tool can crash an iPhone running iOS 17

Illustration by Lille Allen / The Verge

Security researchers have discovered that iPhones updated to iOS 17 are susceptible to a Bluetooth attack using a Flipper Zero device that can crash the phone. Ars Technica reports that security researcher Jeroen van der Ham fell victim to the exploit on a train journey last month, with his phone displaying multiple pop-up windows before rebooting.

Van der Ham discovered that the attacker, another passenger on the train, was using a Flipper Zero device with custom firmware to send a combination of Bluetooth low energy (BLE) alerts to nearby iPhone handsets running iOS 17.

The Flipper Zero is a very powerful device that we described as the Swiss Army knife of antennas last year. It’s a small orange and white plastic gadget with a 1.4-inch display that looks like it could be a child’s toy. The Flipper Zero is a multi-tool for hacking, as it talks to sub-1GHz devices like old garage doors, RFID devices, NFC cards, infrared devices, and of course, Bluetooth devices.

There are multiple attacks that can be performed on iPhones from a Flipper Zero

TechCrunch first reported on the Bluetooth pop-up attacks last month. These can also affect iPad devices, but it appears there’s now a special “iOS 17 Lockup Crash” in the custom Flipper Xtreme firmware that can actually overwhelm an iPhone and crash it. The attack doesn’t affect iPhones that are running older iOS versions (like iOS 16), so it appears Apple has changed something in its latest OS update to make iPhones susceptible to this form of attack.

A similar attack can also be used on Android devices and Windows laptops. BleepingComputer reported last week that the Bluetooth spam attacks can be used on Samsung Galaxy phones to generate a never-ending amount of pop-ups. You can protect against this on Android by disabling the nearby share notification, and the attack doesn’t appear to crash Android devices.

If you have an iPhone running iOS 17, then the only reliable way to protect against the pop-ups and crash attack is by disabling Bluetooth. That’s not practical if you use an Apple Watch or Bluetooth headphones regularly, but if you’re in a location where someone might use a Flipper Zero, it’s worth thinking about until Apple is able to update iOS 17 to protect against these attacks. Apple’s latest iOS 17.1 update hasn’t fixed the issue.

We’ve reached out to Apple to comment on the Flipper Zero attack, and we’ll update you if the company responds.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Flush With Funds, Zaggle Eyes 3 More Acquisitions By...

SUMMARY Zaggle will only acquire companies that are highly...

India IT hiring FY26: Mission FY26: IT’s time to...

India’s $254-billion software services industry, traditionally the biggest...

A comprehensive list of 2024 tech layoffs

The tech layoff wave is still going strong...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!