Currently, the only solution is to disable Bluetooth to safeguard your iPhone from irritating pop-ups or potential attacks that could crash it.
This Small Tool Can Cause an iPhone Running iOS 17 to Crash
Security researchers found that iPhones updated to iOS 17 are vulnerable to a Bluetooth attack using a Flipper Zero device, causing the phone to crash. As reported by Ars Technica, security researcher Jeroen van der Ham experienced this exploit during a train journey last month, where his phone showed multiple pop-up windows and eventually rebooted.
Van der Ham identified the attacker, another passenger on the train, who used a Flipper Zero device with customized firmware to transmit a series of Bluetooth low energy (BLE) alerts to nearby iPhone devices running iOS 17.
The Versatile Flipper Zero: A Multi-Tool for Hacking
The Flipper Zero, which we previously referred to as the Swiss Army knife of antennas, is a highly versatile device. It appears as a compact orange and white plastic gadget with a 1.4-inch display, resembling a child’s toy. This multi-tool for hacking can communicate with various devices, including old garage doors, RFID devices, NFC cards, infrared devices, and, naturally, Bluetooth devices.
Regarding the Bluetooth pop-up attacks from last month, it’s worth noting that these can also impact iPad devices. However, it seems there’s now a unique feature in the custom Flipper Xtreme firmware called “iOS 17 Lockup Crash,” which has the capability to overwhelm an iPhone, leading to a crash. Importantly, this specific attack does not impact iPhones running older iOS versions, such as iOS 16. Therefore, it appears that Apple may have made certain changes in its latest OS update that render iPhones vulnerable to this type of attack.
A comparable attack method is applicable to Android devices and Windows laptops as well. As reported by BleepingComputer last week, these Bluetooth spam attacks can be employed on Samsung Galaxy phones to generate a continuous stream of pop-up notifications. To guard against this on Android, you can disable the nearby share notification. Fortunately, it seems that this attack doesn’t result in crashes on Android devices.
If your iPhone is running iOS 17, the most effective method to shield yourself from the pop-ups and crash attack is by turning off Bluetooth. However, this might not be feasible if you frequently use devices like an Apple Watch or Bluetooth headphones. Still, it’s a precaution to consider, especially in areas where a Flipper Zero may be used, until Apple releases an update to iOS 17 to enhance protection against these attacks. It’s worth noting that Apple’s recent iOS 17.1 update hasn’t resolved the problem.
We’ve contacted Apple to request a statement regarding the Flipper Zero attack, and we’ll provide updates if they respond.