Hacking system Flipper Zero can spam close by iPhones with Bluetooth pop-ups

Due to a preferred and comparatively low-cost hacking software, hackers can spam your iPhone with annoying pop-ups prompting you to connect with a close-by AirTag, Apple TV, AirPods, and different Apple units.

A security researcher who requested to be known as solely Anthony demonstrated this assault utilizing a Flipper Zero, a small system that may be programmed to carry out wi-fi assaults on units in its vary, comparable to iPhones, but additionally automotive keyfobs, contactless and RFID playing cards, and extra. Anthony’s assault is basically a denial-of-service. By pushing persistent pop-ups, somebody could make an iPhone almost unusable.

Anthony advised information.killnetswitch that he referred to as it “a Bluetooth promoting assault.”

“It’s not only a minor inconvenience; it may disrupt the seamless expertise that Apple customers are accustomed to,” he wrote in a weblog put up explaining the problem.

Anthony mentioned he tweaked the Flipper Zero firmware to broadcast what are referred to as Bluetooth Ads, a sort of transmissions within the Bluetooth Low Power protocol that Apple makes use of to offer iDevices homeowners the flexibility to connect with an Apple Watch, different Apple units, and ship photos to different iDevice homeowners utilizing the Bluetooth file sharing system AirDrop.

As Anthony put it, these are “broadcast indicators that units use to announce their presence and capabilities.”

Utilizing a Flipper Zero, information.killnetswitch was capable of reproduce this assault on an iPhone 8 and a more recent iPhone 14 Professional.

information.killnetswitch examined the exploit by compiling the proof-of-concept code from the security researcher’s weblog right into a firmware software program file, which we then loaded right into a Flipper Zero system we’ve got. As soon as we changed the Flipper Zero’s firmware with our customized compiled code, merely switching on Bluetooth from the Flipper Zero system started broadcasting the pop-up indicators to the close by iPhones.

We used the proof-of-concept code to mimic a close-by AirTag, and the opposite code for transferring a cellphone quantity. Each checks labored, although we couldn’t instantly reproduce the barrage of notifications. Utilizing the proof-of-concept code, we tricked two close by iPhones into considering they have been shut to 2 AirTags, however discovered that the Bluetooth vary was restricted to shut proximity, comparable to tapping the iPhone with the Flipper Zero. We additionally efficiently examined the code designed to trick a close-by iPhone into displaying a cellphone quantity switch dialog, however discovered that the Bluetooth vary was far higher and captured a number of iPhones on the identical time utilizing a Flipper Zero on the opposite facet of a room.

Safety researchers have been specializing in highlighting how malicious hackers may abuse Bluetooth to harass iPhone homeowners these days. In the course of the Def Con hacking convention in Las Vegas in August, a researcher scared and confused attendees by making alerts pop-up on their iPhones. The researcher used a $70 contraption made from a Raspberry Pi Zero 2 W, two antennas, a Linux-compatible Bluetooth adapter, and a transportable battery. Utilizing this system, the researcher was capable of mimic an Apple TV and spam close by units.

Anthony mentioned that he devised an assault that may work over “hundreds of toes,” utilizing an “amplified board” that may broadcast Bluetooth packets at the next vary than common Bluetooth Low Power units. Anthony mentioned he’s not releasing particulars of that method “as a consequence of main considerations,” comparable to giving others the flexibility to ship spam pop-ups “throughout huge distances, doubtlessly spanning miles.”

The researcher mentioned Apple may mitigate these assaults by making certain the Bluetooth units connecting to an iPhone are reliable and legitimate, and likewise decreasing the space at which iDevices can hook up with different units utilizing Bluetooth.

Apple didn’t reply to a request for remark.