Flipper Zero: this little box can spam an iPhone until it restarts

2023-11-03 14:31:30

Although Apple products have a reputation for being reliable and secure, they are not immune to all types of attacks. ArsTechnica noted a new technique not intended to hijack user data, but simply to crash their iPhone by spamming it with requests. Operation does not require sophisticated equipment given that it works using a small box costing $200.

The Flipper Zero case.

This gadget is a Flipper Zero, presented as a Swiss army knife for tinkerers that can read and emulate RFID, NFC, Bluetooth and Wi-Fi signals. The accessory is open source and can, for example, be used to discreetly change the channels on a TV or to clone the beep of your garage door. In the wrong hands, however, this kind of super universal remote control can do damage.

Cybersecurity researcher Jeroen van der Ham explains that it is possible to flash a Pinball Zero using modified firmware. This can then send a constant stream of messages announcing the availability of a Bluetooth device nearby. On an iPhone, this results in multiple pop-ups inviting you, for example, to connect to an Apple TV, to write on the tvOS keyboard or to pair AirPods.

The phone then becomes difficult to use because of windows appearing constantly. This is a denial of service attack, which can in some cases cause a device to restart. Surprisingly, the researcher explains that he was unable to crash an iPhone running a version prior to iOS 17.

The solution in the event of an attack is simple: turn off Bluetooth and Wi-Fi in iOS Settings. Going through the Control Center does not always work since iOS will sometimes keep some active features (AirDrop, AirPlay etc.). Unfortunately, the process can be quite complicated as constant pop-up spam can make it difficult to simply switch apps.

This type of attack also appears to work on Windows and Android. A researcher estimated that Apple might plug this loophole by ensuring that devices connecting to the iPhone are valid before displaying an alert, while reducing the connection distance between two objects.

1699022730
#Flipper #box #spam #iPhone #restarts

Leave a Replay