iOS 17 Users Are Vulnerable to Bluetooth Flipper Zero SPAM Flood Attacks – Week 11

TL;DR – The only method to avoid this attack, while on iOS 17, is to disable Bluetooth per https://www.theverge.com/2023/11/3/23944901/apple-iphone-ios-17-flipper-zero-attack-bluetooth The good news is that previous versions of iOS, such as 16, have not been demonstrated to be vulnerable.

The Flipper Zero, touted as a Swiss Army knife for radio attacks, has demonstrated that with a custom firmware on the Flipper Zero, it can attack unsuspecting iOS 17 users.

Van der Ham discovered that the attacker, another passenger on the train, was using a Flipper Zero device with custom firmware to send a combination of Bluetooth low energy (BLE) alerts to nearby iPhone handsets running iOS 17

The Flipper Zero is “a small orange and white plastic gadget with a 1.4-inch display that looks like it could be a child’s toy. The Flipper Zero is a multi-tool for hacking, as it talks to sub-1GHz devices like old garage doors, RFID devices, NFC cards, infrared devices, and of course, Bluetooth devices.”

Although the article is geared toward awareness of iOS users, Android and Windows laptop users can also experience a similar issue; however, Android and Windows users are less likely to require a restart. “On Android, head to Settings → Google → Nearby Share, and turn the toggle on Show notification to the ‘Off‘ position.”