Security researcher Anthony has discovered a new Bluetooth-based attack that could potentially render iPhones useless. Using a device called Flipper Zero, which costs $169, hackers can interact with the Bluetooth Low Energy (BLE) protocol to carry out this attack.
BLE protocol relies on advertising packets to establish connections between devices. These packets can be detected by any device with Bluetooth capabilities, without the need for pairing. Given that Apple devices heavily rely on BLE, they are particularly vulnerable to this type of attack.
Flipper Zero has the ability to mimic the advertising packets of legitimate devices and create phantom devices. This means that an iPhone could be tricked into believing that there are multiple devices in its vicinity.
While this attack could simply be utilized for harmless pranks by confusing iPhone users with fake devices, it can also be exploited by hackers to carry out phishing attacks by spoofing trusted notifications.
By flooding an iPhone with a constant stream of pop-ups, the hacker can prompt the user to connect to nearby devices like AirTags or AirPods. This could result in a denial-of-service attack, rendering the iPhone nearly unusable.
TechCrunch was able to replicate the attack on both an iPhone 8 and an iPhone 14 Pro. By using the proof-of-concept code provided on Anthony’s website, they successfully deceived the iPhones into believing that there were two AirTags in close proximity.
It’s worth noting that this exploit only works when Bluetooth is enabled or disabled via the Control Center. Disabling Bluetooth from the Settings seems to mitigate the attack. However, Anthony warns that even when an iPhone is in airplane mode, it remains susceptible to this type of attack.
Furthermore, Anthony suggests that with the use of an amplified board, the attack could potentially cover a range of thousands of feet, increasing the reach of Bluetooth packet transmission.
Given the severity of this attack and the potential implications for iPhone users, Anthony has advised Apple to take appropriate measures to enhance the security of its devices and protect its users from such attacks.
