Illustration by Lille Allen / The Verge
Security researchers have discovered that iPhones updated to iOS 17 are susceptible to a Bluetooth attack using a Flipper Zero device that can crash the phone. Ars Technica reports that security researcher Jeroen van der Ham fell victim to the exploit on a train journey last month, with his phone displaying multiple pop-up windows before rebooting.
Van der Ham discovered that the attacker, another passenger on the train, was using a Flipper Zero device with custom firmware to send a combination of Bluetooth low energy (BLE) alerts to nearby iPhone handsets running iOS 17.
The Flipper Zero is a very powerful device that we described as the Swiss Army knife of antennas last year. It’s a small orange and white plastic gadget with a 1.4-inch display that looks like it could be a child’s toy. The Flipper Zero is a multi-tool for hacking, as it talks to sub-1GHz devices like old garage doors, RFID devices, NFC cards, infrared devices, and of course, Bluetooth devices.
TechCrunch first reported on the Bluetooth pop-up attacks last month. These can also affect iPad devices, but it appears there’s now a special “iOS 17 Lockup Crash” in the custom Flipper Xtreme firmware that can actually overwhelm an iPhone and crash it. The attack doesn’t affect iPhones that are running older iOS versions (like iOS 16), so it appears Apple has changed something in its latest OS update to make iPhones susceptible to this form of attack.
A similar attack can also be used on Android devices and Windows laptops. BleepingComputer reported last week that the Bluetooth spam attacks can be used on Samsung Galaxy phones to generate a never-ending amount of pop-ups. You can protect against this on Android by disabling the nearby share notification, and the attack doesn’t appear to crash Android devices.
If you have an iPhone running iOS 17, then the only reliable way to protect against the pop-ups and crash attack is by disabling Bluetooth. That’s not practical if you use an Apple Watch or Bluetooth headphones regularly, but if you’re in a location where someone might use a Flipper Zero, it’s worth thinking about until Apple is able to update iOS 17 to protect against these attacks. Apple’s latest iOS 17.1 update hasn’t fixed the issue.
We’ve reached out to Apple to comment on the Flipper Zero attack, and we’ll update you if the company responds.