Crashing iPhones With a Flipper Zero
Dan Goodin (via Bruce Schneier):
To van der Ham’s surprise and chagrin, the same debilitating stream of pop-ups hit again on the afternoon commute home, not just against his iPhone but the iPhones of other passengers in the same train car. He then noticed that one of the same passengers nearby had also been present that morning. Van der Ham put two and two together and fingered the passenger as the culprit.
[…]
The culprit, it turned out, was using a Flipper Zero device to send Bluetooth pairing requests to all iPhones within radio range. This slim, lightweight device has been available since 2020, but in recent months, it has become much more visible. It acts as a Swiss Army knife for all kinds of wireless communications. It can interact with radio signals, including RFID, NFC, Bluetooth, Wi-Fi, or standard radio. People can use it to covertly change the channels of a TV at a bar, clone some hotel key cards, read the RFID chip implanted in pets, open and close some garage doors, and disrupt the normal use of iPhones.
[…]
Despite its multifaceted capabilities, the Flipper Zero seems best known in recent weeks for its iPhone DoSing capabilities. The way Bluetooth works on iPhones and iPads makes them especially susceptible. Van der Ham flashed his device with custom firmware called Flipper Xtreme, which he acquired on a Discord channel devoted to the Flipper Zero. One firmware setting sends a constant stream of messages announcing the availability of a BLE (Bluetooth low energy) device nearby. This constant stream can be annoying for users of any device, but it doesn’t crash phones. A separate setting, labeled “iOS 17 attack,” is the one the train prankster used.
Turning off Bluetooth is an unappealing workaround.
With the launch of iOS 17.2, Apple has fixed an exploit that allowed the Flipper Zero electronic multi-tool to lock up iPhones, reports ZDNET.
Jo DeVoe (via Hacker News):
“The preliminary investigation indicates that between 10:45 a.m. and 1:30 p.m. on November 29, a student inside Washington Liberty High School utilized an electronic device that caused nearby iPhones to turn off,” she said.
[…]
ACPD did not provide additional details, such as what kind of device might have been used, citing the need to preserve the integrity of the ongoing investigation. A cybersecurity expert contacted by ARLnow declined to speculate on how a student might have turned off nearby iPhones.
Previously:
Ah, another reason to hate Bluetooth!