Hackers can spam your iPhone with annoying pop-ups urging you to connect to a nearby AirTag, Apple TV, AirPods, and other Apple devices using a popular and cheap hacking tool.
Anthony, a security researcher, demonstrated this attack using a Flipper Zero, a small device that can be programmed to wirelessly attack iPhones, car keyfobs, contactless and RFID cards, and more. Anthony’s attack is a DDoS. Someone can disable an iPhone with persistent pop-ups.
Anthony told it was “a Bluetooth advertising assault.”
“It’s not just a minor inconvenience; it can disrupt the seamless experience that Apple users are accustomed to,” he wrote in a blog post.
Example of 'DDOS: pic.twitter.com/5FGhK7QYoG
— Techryptic, Ph.D. (@tech) September 4, 2023
Anthony tweaked the Flipper Zero firmware to broadcast Bluetooth Advertisements, a type of Bluetooth Low Energy transmission that Apple uses to let iDevice owners connect to an Apple Watch, other Apple devices, and send pictures using AirDrop.
Anthony called these “broadcast signals that devices use to announce their presence and capabilities.”
Loaded the security researcher’s blog proof-of-concept code into a firmware software file on a Flipper Zero device to test the exploit. After replacing the Flipper Zero’s firmware with our custom code, turning on Bluetooth from the device broadcast pop-up signals to nearby iPhones.
The proof-of-concept code imitated a nearby AirTag, and the other code transferred a phone number. Both tests passed, but we couldn’t replicate the notifications. We used the proof-of-concept code to trick two nearby iPhones into thinking they were near two AirTags, but Bluetooth range was limited to close proximity, such as tapping the iPhone with the Flipper Zero. We also successfully tested the code to trick a nearby iPhone into displaying a phone number transfer dialog, but a Flipper Zero on the other side of a room had a much longer Bluetooth range and captured multiple iPhones at once.
The exploits worked on iPhones when Bluetooth was enabled or disabled in the Control Center, but not when Bluetooth was fully turned off in Settings.
Recent security research has focused on how hackers could use Bluetooth to annoy iPhone owners. At the August Def Con hacking conference in Las Vegas, a researcher scared and confused attendees with iPhone alerts. The researcher used a Raspberry Pi Zero 2 W, two antennas, a Linux-compatible Bluetooth adapter, and a portable battery for $70. This device allowed the researcher to mimic an Apple TV and spam nearby devices.
Anthony claimed to have created a “amplified board” that can broadcast Bluetooth packets over “thousands of feet” farther than Bluetooth Low Energy devices. Anthony said he won’t reveal that technique “due to major concerns,” such as allowing others to send spam pop-ups “across vast distances, potentially spanning miles.”
The researcher suggested Apple verify Bluetooth devices connecting to an iPhone and reduce the distance between iDevices and other Bluetooth devices to mitigate these attacks.