An attack that makes iPhone unusable is discovered with Amazon's overly high-performance wireless operation device ``Flipper Zero'', the only defense method is to turn off Bluetooth
'
This tiny device is sending updated iPhones into a never-ending DoS loop | Ars Technica
https://arstechnica.com/security/2023/11/flipper-zero-gadget-that-doses-iphones-takes-once-esoteric-attacks-mainstream/
Flipper Zero can now spam Android, Windows users with Bluetooth alerts
https://www.bleepingcomputer.com/news/security/flipper-zero-can-now-spam-android-windows-users-with-bluetooth-alerts/
Flipper Zero is a small device equipped with a wireless transmitting/receiving chip that supports a wide range of frequencies, a Bluetooth chip, an RFID antenna, an infrared module, etc. By using Flipper Zero's various wireless functions, you can perform operations such as ``using it as a remote control for home appliances'' and ``registering information for multiple card keys to unlock various locks with one device.'' The following article summarizes in detail what kind of device Flipper Zero is.
``Flipper Zero'' remote control device that supports a wide range of frequency bands, NFC, Bluetooth, and infrared rays - GIGAZINE
Flipper Zero is a very useful device, but because it can be used for so many different purposes, there are concerns about misuse, and there are regulatory moves such as Brazilian authorities seizing imported products and Amazon banning the sale of Flipper Zero. is expanding.
``Flipper Zero'' is now banned by Amazon, designated as a prohibited item as a ``card skimming device'' even though it does not have a skimming function - GIGAZINE
Meanwhile, security researcher Jorn van der Ham discovered that Flipper Zero can be used to ``continuously send Bluetooth pairing requests to the iPhone and force it to restart.''
The details of how Van der Ham discovered the attack by Flipper Zero are as follows. In October 2023, while Mr. Van der Ham was on a train, a phenomenon occurred in which ``Notifications requesting connection to Apple TV'' were continuously displayed on the iPhone, and the iPhone restarted after a while. Did. At this time, a similar phenomenon occurred on other passengers' iPhones. A similar phenomenon occurred on the return trip. At this time, Mr. Van der Ham discovered in the train ``a passenger who was on the same train on the outbound trip and had also experienced the iPhone restart phenomenon''. Van der Ham then questioned the passenger and found that the passenger had been checking in the car to see if the DoS attack was effective.
According to Van der Ham, the attack in question was executed on Flipper Zero, which had a custom ROM called Flipper Xtreme . Flipper Xtreme is equipped with a function called ``Bad Keyboard & BLE Spam'' that sends ``notifications indicating that Bluetooth devices are available'' to nearby devices, which prevents continuous notifications from being sent to PCs and smartphones. Masu.
Below is an example of the notification displayed by 'Bad Keyboard & BLE Spam'.
'Bad Keyboard & BLE Spam' affects not only iPhones but also Android smartphones. In the movie below, you can see how notifications are displayed continuously on Samsung Galaxy.
If you use 'Bad Keyboard & BLE Spam', your device will usually only display annoying notifications on the screen and will not restart your device. However, it has been revealed that Flipper Xtreme also has a feature called ``iOS 17 attack'' that will force restart iPhones running iOS 17.0 or later.
At the time of article creation, the only way to prevent Flipper Zero's continuous notification display attack is to disable Bluetooth. In addition, Apple has not responded to an email asking, ``Do you have any plans to release an update to prevent continuous notification display attacks by Flipper Zero?''
Related Posts:
