• btc = $66 548.00 2 576.46 (4.03 %)

  • eth = $3 489.04 89.43 (2.63 %)

  • ton = $7.33 0.03 (0.37 %)

  • btc = $66 548.00 2 576.46 (4.03 %)

  • eth = $3 489.04 89.43 (2.63 %)

  • ton = $7.33 0.03 (0.37 %)

5 Nov, 2023
1 min time to read

An attack using a Flipper Zero device with custom firmware can cause iPhones to crash, displaying multiple pop-up windows and forcing a reboot.

The attack involves sending a combination of Bluetooth low-energy (BLE) alerts to nearby iPhones running iOS 17.

The Flipper Zero device, described as a versatile hacking tool, communicates with various devices, including Bluetooth devices. This attack, often referred to as "Bluetooth pop-up attacks," can also affect iPad devices. It appears that the custom Flipper Xtreme firmware includes a specific "iOS 17 Lockup Crash" capability designed to overwhelm iPhones and cause crashes.

iPhones with older versions of iOS, such as iOS 16, are not vulnerable to this attack, suggesting a change in iOS 17 that makes them at risk.

Similar attacks can target Android devices and Windows laptops as well. However, these attacks do not typically crash Android devices. Android user can protect against this attach by disabling the nearby share notification, and the attack doesn’t appear to crash Android devices.

To protect an iPhone running iOS 17 from such attacks, the only reliable solution is to disable Bluetooth. While this may be inconvenient for users who regularly use Bluetooth accessories like Apple Watches or headphones, it can be a precautionary measure in situations where the Flipper Zero attack may be a concern.

Apple has not yet released an update to iOS 17 that addresses this vulnerability, despite the release of iOS 17.1. Researchers continue to investigate this issue, and it remains to be seen when Apple will provide a solution.