A concerning vulnerability in iPhones has emerged, allowing hackers to flood devices with irritating pop-up notifications or phishing attacks, disrupting the user experience and security. This exploit utilises a relatively inexpensive hacking tool, the Flipper Zero, capable of executing wireless attacks on various devices, including iPhones, car keyfobs, contactless and RFID cards.
The attacker aims to launch a denial-of-service attack, rendering the targeted iPhone nearly unusable. The security researcher behind this discovery, who goes by the alias ‘Anthony’, referred to the attack as a ‘Bluetooth advertising assault’, reported TechCrunch.
By manipulating Fipper Zero’s firmware to broadcast Bluetooth advertisements, which are part of the Bluetooth Low Energy protocol, Anthony exploited a weakness in Apple’s system.
“When a device like Flipper Zero mimics the advertising packets of legitimate devices or services, it can create a plethora of phantom devices in the vicinity of an iOS user. Imagine searching for a device to connect to and being presented with dozens, if not hundreds, of fake device names. Or attempting an AirDrop and being flooded with fictitious recipients. It’s not just a minor inconvenience; it can disrupt the seamless experience that Apple users are accustomed to,” Anthony said in a blog post detailing the attack.
Bluetooth advertisements are signals devices use to announce their presence and capabilities, enabling them to connect with other Apple devices and share data through features like AirDrop. Anthony’s modified firmware allowed the Flipper Zero to broadcast deceptive signals, tricking iPhones into believing they were near Apple devices like AirDrop, Apple TV, or AirPods.
However, the range of this attack varied. For the AirTag simulation, the Bluetooth range was limited to proximity, requiring physical contact. In contrast, the phone number transfer dialogue could be triggered from a greater distance, simultaneously affecting multiple iPhones in a room.
Crucially, the exploit worked regardless of whether Bluetooth was enabled or disabled via the Control Center, but it failed when Bluetooth was fully turned off in the iPhone’s settings.
Security researchers have been shedding light on malicious actors’ potential misuse of Bluetooth technology. At the Def Con hacking conference in August, a researcher demonstrated how alerts could be triggered on iPhones using a Raspberry Pi Zero 2 W-based device.
Anthony also revealed the possibility of an amplified attack that could span vast distances but opted not to disclose details to prevent potential misuse. He suggested that Apple could address these vulnerabilities by verifying the legitimacy of Bluetooth devices connecting to iPhones and reducing the distance over which iDevices can connect to others via Bluetooth.
In the News: 3.7 billion email addresses were compromised in the last 20 years