One of the reasons that many people buy one of the best iPhones over an Android phone is because Apple has positioned its smartphones as more secure and better for your privacy. In fact, the iPhone maker went as far as to call the best Android phones a “massive tracking device” back in 2013.
While we rarely see malicious apps and malware on iOS, there is a new threat that iPhone owners need to be on the lookout for as it can crash your phone and make it basically unusable.
As reported by Ars Technica, security researcher Jeroen van der Ham was recently traveling by train in the Netherlands when his iPhone suddenly became filled with pop-ups which made using the device quite difficult. To make matters worse, following these pop-ups, his phone would reboot on its own. Although van der Ham tried putting his iPhone in lock down mode, even that didn’t stop the pop-ups and the reboot loop.
In the end, van der Ham realized it wasn’t hackers or cybercriminals online that were to blame for his iPhone troubles but another passenger on the train. You see, just like at this year’s Def Con hacking conference where another security researcher bombarded vulnerable iPhones with unwanted messages, the passenger had pulled off a similar attack.
Instead of creating a custom gadget to pull off this feat though, they actually used an off-the-shelf hacking device that’s beginning to be a real thorn in the side for both iPhone and Android users: the Flipper Zero.
From a tool for geeks to a menace for everyone
For those unfamiliar, the Flipper Zero is a “portable multi-tool for pentesters and geeks in a toy-like body,” according to the description on Flipper Devices’ website. Basically, it can interact with all sorts of different kinds of radio signals like RFID, FNC, Bluetooth, and Wi-Fi.
While the Flipper Zero was first released back in 2020, up until now, it’s mainly been used to do low-level tasks like cloning hotel key cards, opening and closing garage doors, reading RFID chips implanted in pets and changing the channels on TVs in public. During the past few months though, this hacking tool has gained some new features and abilities that make it possible to launch attacks like the one described above.
This is done by loading the Flipper Xtreme custom firmware onto the Flipper Zero which van der Ham was able to download from a Discord channel about the device. With it installed, anyone with a Flipper Zero can send a constant stream of messages to any Bluetooth low energy (BLE) device nearby. However, there’s another setting in the Flipper Xtreme firmware called “iOS 17 attack” which is what the passenger on the train did to flood van der Ham’s iPhone with pop-ups.
If you’re in the middle of doing something important or need access to your phone in an emergency, these kinds of unwanted Bluetooth pairing request messages can be dangerous in addition to just being a nuisance.
There’s a workaround but you’re not going to like it
While Apple is no doubt aware that these kinds of attacks are taking place, the company has yet to roll out a fix even with its recently released iOS 17.2 update. In the meantime though, there is a workaround, though it’s less than ideal for Apple Watch and AirPod owners.
To stop these kinds of attacks from rendering your iPhone useless, you’re going to have to turn off Bluetooth, which means you won’t be able to use your headphones, smartwatch and other Bluetooth devices.
It’s also worth noting that, just like with Wi-Fi on your iPhone, you’re going to want to do this from the Settings menu instead of from Control Center. In fact, during its own testing, TechCrunch discovered that turning off Bluetooth iOS’ Control Center doesn’t stop these notifications from appearing.
Losing Bluetooth functionality could be a deal breaker for some iPhone users but I guarantee that Apple is looking into fixing this issue right now. However, whether or not the Flipper Zero will see a ban anytime soon remains to be seen.