Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups

Due to a well-liked and comparatively low cost hacking device, hackers can spam your iPhone with annoying pop-ups prompting you to connect with a close-by AirTag, Apple TV, AirPods, and different Apple gadgets.

A safety researcher who requested to be known as solely Anthony demonstrated this assault utilizing a Flipper Zero, a small system that may be programmed to carry out wi-fi assaults on gadgets in its vary, corresponding to iPhones, but in addition automobile keyfobs, contactless and RFID playing cards, and extra. Anthony’s assault is actually a denial-of-service. By pushing persistent pop-ups, somebody could make an iPhone practically unusable.

Anthony instructed TechCrunch that he known as it “a Bluetooth promoting assault.”

“It’s not only a minor inconvenience; it could possibly disrupt the seamless expertise that Apple customers are accustomed to,” he wrote in a weblog put up explaining the problem.

Anthony stated he tweaked the Flipper Zero firmware to broadcast what are known as Bluetooth Ads, a kind of transmissions within the Bluetooth Low Power protocol that Apple makes use of to provide iDevices house owners the flexibility to connect with an Apple Watch, different Apple gadgets, and ship photos to different iDevice house owners utilizing the Bluetooth file sharing system AirDrop.

As Anthony put it, these are “broadcast alerts that gadgets use to announce their presence and capabilities.”

Utilizing a Flipper Zero, TechCrunch was in a position to reproduce this assault on an iPhone 8 and a more moderen iPhone 14 Professional.

TechCrunch examined the exploit by compiling the proof-of-concept code from the safety researcher’s weblog right into a firmware software program file, which we then loaded right into a Flipper Zero system now we have. As soon as we changed the Flipper Zero’s firmware with our customized compiled code, merely switching on Bluetooth from the Flipper Zero system started broadcasting the pop-up alerts to the close by iPhones.

We used the proof-of-concept code to mimic a close-by AirTag, and the opposite code for transferring a telephone quantity. Each assessments labored, although we couldn’t instantly reproduce the barrage of notifications. Utilizing the proof-of-concept code, we tricked two close by iPhones into pondering they have been shut to 2 AirTags, however discovered that the Bluetooth vary was restricted to shut proximity, corresponding to tapping the iPhone with the Flipper Zero. We additionally efficiently examined the code designed to trick a close-by iPhone into displaying a telephone quantity switch dialog, however discovered that the Bluetooth vary was far larger and captured a number of iPhones on the similar time utilizing a Flipper Zero on the opposite aspect of a room.

The exploits labored on iPhones each when Bluetooth was enabled or switched-off within the Management Middle, however couldn’t reproduce the exploit when Bluetooth was absolutely switched off from the Settings.

Safety researchers have been specializing in highlighting how malicious hackers may abuse Bluetooth to harass iPhone house owners these days. In the course of the Def Con hacking convention in Las Vegas in August, a researcher scared and confused attendees by making alerts pop-up on their iPhones. The researcher used a $70 contraption manufactured from a Raspberry Pi Zero 2 W, two antennas, a Linux-compatible Bluetooth adapter, and a conveyable battery. Utilizing this system, the researcher was in a position to mimic an Apple TV and spam close by gadgets.

Anthony stated that he devised an assault that may work over “1000’s of toes,” utilizing an “amplified board” that may broadcast Bluetooth packets at the next vary than common Bluetooth Low Power gadgets. Anthony stated he’s not releasing particulars of that approach “as a result of main issues,” corresponding to giving others the flexibility to ship spam pop-ups “throughout huge distances, doubtlessly spanning miles.”

The researcher stated Apple may mitigate these assaults by making certain the Bluetooth gadgets connecting to an iPhone are reliable and legitimate, and in addition lowering the space at which iDevices can connect with different gadgets utilizing Bluetooth.

Apple didn’t reply to a request for remark.