How can a handheld device permanently disable your iPhone?
At the beginning of October, an incident took place that made people wonder if it was safe to use their smartphones in public. On a train in the Netherlands, security researcher Jeroen van der Ham had his iPhone hacked. His smartphone suddenly became inundated with pop-up messages about new Bluetooth connections, making it impossible to use. On the return flight, not only the researcher but also other passengers received the same notifications, indicating that the problem was not isolated to just that flight.
The failures were traced by Van der Ham to a specific passenger who was using a MacBook with an iPhone plugged into it. The man ignored the passengers around him as they rebooted their devices and continued working. Therefore, the researcher concluded that this particular passenger was the root of all the issues.
Research by van der Ham pinpointed the source of the attacks to a device called Flipper Zero, which is capable of interacting with radio frequency identification (RFID), near field communication (NFC), Bluetooth, Wi-Fi, and standard radio.
Van der Ham replicated the attack in a safe setting, and it proceeded just as it had during the train ride. After purchasing the Flipper Xtreme custom firmware from the Flipper Zero Discord channel, Van der Ham flashed his device with it. The iPhone crashed because the firmware permits a constant stream of Bluetooth Low Energy (BLE) packets to be sent to devices under the guise of different devices wanting to connect via Bluetooth.
It's worth noting that iPhones running iOS versions prior to 17.0 were not affected by the attack. When asked if Apple had any updates planned to prevent these attacks, a representative did not respond.
iOS users can currently prevent these attacks by disabling Bluetooth in the settings, but doing so during an attack may be difficult or impossible. DoS attacks using Flipper Xtreme firmware are possible against both Android and Windows devices.
Comments 0