© Flipper Zero
In this attack, there is on the one hand the Flipper Zero, a Swiss army knife of hacking which is making the buzz at the moment: this small compact device allows you to carry out various advanced actions in various wave ranges radio. For example, it can reproduce the signal from cards, fobs, and RFID accessories, record and replay the signal from your garage remote control, and much more.
With special firmware, it is even possible to handle more complex protocols, notably Bluetooth. On the other hand there are the iPhones running iOS 17, devices which use various wireless technologies, managed by a handful of so-called “software radio” chips, and which are not. to their first security breach.
iPhones running iOS 17 seem to handle Bluetooth BLE requests differently
We have learned several times that it is possible to hack nearby iPhones simply by sending corrupted Bluetooth packets. But these flaws are usually quickly plugged when discovered, usually via a simple software update.
The funny thing about this new attack is that the latest version of iOS, iOS 17, appears to allow an attack that didn't work with earlier versions of the mobile operating system. According to independent tests, the attack, called Bluetooth BLE Spam, only works under iOS 17, and not on iOS 16 for example.
Its operation is disarmingly simple: it is basically a denial of service attack, with the difference that this DoS attack does not consist of saturating a device with IPv4/IPv6 packets but rather BLE connection pings. Devices that fall victim to it are likely to crash and quickly find themselves blocked and completely unusable.
Fortunately, this attack does not do more than cause a bug on the targeted devices. No exfiltration of data, or installation of persistent malware is possible via this process which simply blocks the device, unable to correctly interpret this tsunami of Bluetooth requests.
We can imagine that the new features of AirDrop in particular are potentially involved in this behavior. Since iOS 17, it is possible to simply approach a recent iPhone to another, to initiate the transfer of an image, video, application, link or any other content. It is also possible that iOS 17 listens more to BLE requests to more easily connect compatible accessories.
Not having a Flipper Zero, however, we have not been able to verify whether deactivating AirDrop is sufficient to end the problem. Most sources suggest a more radical solution to protect yourself: completely disable Bluetooth, whether via the settings of your iPhone or the Control Center.
We imagine that an update update will be quickly proposed by Apple to put an end to the problem. In the meantime, let's just hope you don't run into too many Pinball Zero owners wanting to play with this potentially annoying bug.