New vulnerability in iOS 17 enables Bluetooth attacks

A new vulnerability has been discovered in iPhones that have been updated to iOS 17, making them susceptible to a Bluetooth attack. This attack, executed using a device known as Flipper Zero, can cause the phone to crash. The discovery of this vulnerability was made by security researcher Jeroen van der Ham, who himself fell victim to the exploit while on a train journey.

His phone began displaying multiple pop-up windows before eventually rebooting. Upon investigation, van der Ham found that the culprit was another passenger on the train, who was wielding a Flipper Zero device equipped with custom firmware. This device was used to send a barrage of Bluetooth Low Energy (BLE) alerts to nearby iPhones running on iOS 17.

The Flipper Zero is a compact, versatile device, often likened to the Swiss Army knife of antennas. Its innocuous appearance – a small orange and white plastic gadget with a 1.4-inch display – belies its capabilities. It could easily be mistaken for a child’s toy. However, this device is a multi-tool for hacking, capable of communicating with sub-1GHz devices such as old garage doors, RFID devices, NFC cards, infrared devices, and, notably, Bluetooth devices.

The potential attacks that can be launched from a Flipper Zero are numerous. TechCrunch reported on these Bluetooth pop-up attacks last month, revealing that they can also affect iPad devices. More worryingly, there is now a special “iOS 17 Lockup Crash” in the custom Flipper Xtreme firmware that can overwhelm an iPhone and cause it to crash. This attack does not affect iPhones running on older iOS versions, such as iOS 16, suggesting that Apple’s latest OS update has inadvertently made iPhones more vulnerable to this type of attack. This attack is not exclusive to Apple devices. Android devices and Windows laptops are also susceptible.

BleepingComputer reported last week that Bluetooth spam attacks can be used on Samsung Galaxy phones to generate an endless stream of pop-ups. However, Android users can protect themselves by disabling the nearby share notification, and unlike on iPhones, the attack does not appear to crash Android devices. For iPhone users running iOS 17, the only reliable way to protect against these pop-up and crash attacks is to disable Bluetooth. This might not be a practical solution for those who regularly use an Apple Watch or Bluetooth headphones, but if you find yourself in a location where a Flipper Zero might be in use, it’s a precaution worth considering. As of now, Apple’s latest iOS 17.1 update has not addressed this issue, leaving users waiting for a fix to protect against these attacks. In the meantime, it’s a stark reminder of the importance of vigilance in the digital age. As technology advances, so too do the methods and tools used by those with malicious intent. It’s a constant game of cat and mouse, with security researchers and tech companies working tirelessly to stay one step ahead.

John Biggs

John Biggs is an entrepreneur, consultant, writer, and maker. He spent fifteen years as an editor for Gizmodo, CrunchGear, and TechCrunch and has a deep background in hardware startups, 3D printing, and blockchain. His work has appeared in Men’s Health, Wired, and the New York Times.

View all posts by John Biggs →
%d bloggers like this: