Flipper Zero is a small and cheap hacking device that can perform wireless attacks on various devices, including iPhones. One of the attacks that Flipper Zero can do is to spam nearby iPhones with pop-ups that ask them to connect to fake Apple devices, such as AirTag, Apple TV, or AirPods. This can create a denial-of-service situation, where the iPhone becomes unusable due to the constant notifications.
A security researcher named Anthony discovered this attack and demonstrated it using a modified Flipper Zero firmware. He called it “a Bluetooth advertising assault”. He was able to trick two iPhones, an iPhone 8 and an iPhone 14 Pro, into thinking that they were close to two AirTags and a phone number transfer dialog. The attack worked even when Bluetooth was switched off from the Control Center, but not when it was fully disabled from the Settings.
Anthony said that he could also create a more powerful attack that could broadcast signals over longer distances and spam millions of devices at once. However, he did not reveal the details of this attack, as it could be abused by malicious hackers. He published his research and exploit code on GitHub, where he explained how the attack works and how Apple could mitigate it. He suggested that Apple should verify the integrity of the Bluetooth devices connecting to the iPhones and reduce the distance at which they can connect.
This is not the first time that researchers have exposed the vulnerabilities of Bluetooth on iPhones. In August, a researcher showed how to spoof AirDrop requests and send arbitrary images to nearby iPhones. These attacks exploit the features of Bluetooth Low Energy protocol that Apple uses for enabling iDevice users to connect to other Apple devices and share files.
Flipper Zero is a versatile cybersecurity gadget that can also emulate RFID cards, car keyfobs, NFC tags, infrared remotes, and other devices. It was funded through a Kickstarter campaign in 2020 and has been shipped to more than 30,000 backers. It is also available for purchase online for around $120.