source : www.forbes.com
Millions of iPhone users who have updated to iOS 17 are facing a potential threat from a widely available “multi-tool device for geeks.” The $169 Flipper Zero can crash an iPhone by flooding it with connection requests. Currently, the only way to prevent an attack is to disable Bluetooth completely.
First reported by security researcher Jeroen van der Ham, the attack uses a Flipper Zero. According to the manufacturer, this software-controlled radio can be used to “hack digital things such as radio protocols, access control systems, hardware and more.” It is available directly from the manufacturer for $169. Its open-source design allows it to be flashed with custom firmware, which opens up a lot of possibilities.
One of these firmware options is Flipper Xtreme. With one setting, a Flipper Zero can announce the availability of a Bluetooth Low Energy device near an iPhone, annoying but no more. Another setting (the setting that triggers the Denial of Service attack) is simply called “iOS 17 attack.”
Van der Ham’s experience with the attack can be read on Ars Technica: “Your phone becomes almost unusable. You can still do things for a few minutes in between, so it’s really annoying to experience. Even as a security researcher who had heard of this attack, it’s really hard to realize that this is what’s going on.”
The DoS attack can also target Android and Windows devices. However, these can be more easily blocked as both operating systems offer a toggle in the settings to disable notifications for “Fast Pair” (Android) and “Swift Pair” (Windows).
As the labeling suggests, this iPhone attack appears to be tailored to iOS 17. Van der Ham was unable to replicate a crash on iPhones running versions of iOS before iOS 17.
For users updated to iOS 17, the attack can be blocked by disabling iPhone Bluetooth in the Settings app. Switching Bluetooth in the Control Center panel is insufficient. Unfortunately, major peripherals like Apple Watch and Air Pods rely on Bluetooth to connect to a user’s iPhone, so this protection may not be practical for many.
Apple has been contacted for comment. This story will be updated with each response.
Read the latest iPhone, iMac and MacBook Pro news now in Forbes’ weekly Apple Digest…
Follow me Tweet or LinkedIn. Checking out my website.
source : www.forbes.com