\n<\/p>\n
Security researchers have discovered that iPhones updated to iOS 17 are susceptible to a Bluetooth attack using a Flipper Zero device that can crash the phone. Ars Technica <\/em>reports<\/a> that security researcher Jeroen van der Ham<\/a> fell victim to the exploit on a train journey last month, with his phone displaying multiple pop-up windows before rebooting.<\/p>\n<\/div>\n Van der Ham discovered that the attacker, another passenger on the train, was using a Flipper Zero device with custom firmware to send a combination of Bluetooth low energy (BLE) alerts to nearby iPhone handsets running iOS 17.<\/p>\n<\/div>\n The Flipper Zero is a very powerful device that we described as the Swiss Army knife of antennas<\/a> last year. It\u2019s a small orange and white plastic gadget with a 1.4-inch display that looks like it could be a child\u2019s toy. The Flipper Zero is a multi-tool for hacking, as it talks to sub-1GHz devices like old garage doors, RFID devices, NFC cards, infrared devices, and of course, Bluetooth devices.<\/p>\n<\/div>\n There are multiple attacks that can be performed on iPhones from a Flipper Zero<\/p>\n<\/div>\n<\/div>\n TechCrunch <\/em>first reported<\/a> on the Bluetooth pop-up attacks last month. These can also affect iPad<\/a> devices, but it appears there\u2019s now a special \u201ciOS 17 Lockup Crash\u201d in the custom Flipper Xtreme firmware that can actually overwhelm an iPhone and crash it. The attack doesn\u2019t affect iPhones that are running older iOS versions (like iOS 16), so it appears Apple has changed something in its latest OS update to make iPhones susceptible to this form of attack.<\/p>\n<\/div>\n A similar attack can also be used on Android devices and Windows laptops. BleepingComputer <\/em>reported<\/a> last week that the Bluetooth spam attacks can be used on Samsung Galaxy phones to generate a never-ending amount of pop-ups. You can protect against this on Android by disabling the nearby share notification, and the attack doesn\u2019t appear to crash Android devices.<\/p>\n<\/div>\n If you have an iPhone running iOS 17, then the only reliable way to protect against the pop-ups and crash attack is by disabling Bluetooth. That\u2019s not practical if you use an Apple Watch or Bluetooth headphones regularly, but if you\u2019re in a location where someone might use a Flipper Zero, it\u2019s worth thinking about until Apple is able to update iOS 17 to protect against these attacks. Apple\u2019s latest iOS 17.1 update hasn\u2019t fixed the issue<\/a>.<\/p>\n<\/div>\n