At every protest, there’s one or two that are waving “I’m here for the violence” posters. This is exactly the type of people that should never ever get a Flipper Zero – a $169 multi-tool for penetration testers and hobbyists that is capable of interacting with the Bluetooth Low Energy (BLE) protocol which enables wireless data transfers between devices.
As we’ve told you, this Flipper Zero midge has been recently used to annoy the living hell out of iPhone users, and more: to render their devices unusable for periods of time.
Now, 9to5Mac reports that not even the latest beta version of iOS 17 (iOS 17.2 beta 2 for developers) is capable of dealing with this problem and preventing it.
The Flipper Zero was not created with that purpose in mind, but since its firmware is open source, it was quickly modified into a digital pest for iPhone users. It can perform Denial-of-Service (DoS) attacks, spamming iPhones and iPads with an overwhelming amount of Bluetooth connection notifications. All these notifications cause the device(s) to freeze up for minutes and then reboot.
The attack uses a Bluetooth Low-Energy (BLE) pairing sequence flaw. Apple uses several BLE technologies in its ecosystem, including AirDrop, HandOff, iBeacon, HomeKit, and plenty to do with Apple Watch.
The worst part is that one doesn’t even have to be near to their “victim” for the attack to occur, as the cursed gadget has a range of about 50 meters (~164 feet).
What can I do to prevent this from happening?
At this point, the only solution is to turn Bluetooth off, but not from the Control Center. You’ve got to disable Bluetooth from the Settings, that’s the only time the attack can’t penetrate your device. Airplane mode doesn’t work, keep that in mind.