Apple has apparently fixed a bug that could cause the Flipper Zero multi-tool to crash iPhones in iOS version 17.2. This was done by flooding the phones with Bluetooth pop-ups.
The Flipper Zero, with the external firmware Flipper Xtreme, was able to use the built-in Bluetooth radio to quickly send a barrage of Bluetooth connection notifications to devices within a radius of approximately 10 meters. Due to the large number of pop-ups, iPhones froze, after which they restarted automatically. The attack also worked on Android and Windows devices, but they were more resistant to such a pop-up tsunami. In recent months, several people have reported such a denial of service attack. This also took place in the Netherlands, evidenced by an article by ArsTechnica in which iPhone user Jeroen van der Ham was interviewed. According to him, the Flipper Zero attack was used several times on the train.
The only way iPhone users could prevent such an attack was to completely disable Bluetooth functionality. From tests by Zdnet and 9to5Mac now appears to have resolved this issue with the iOS 17.2 update, released earlier this week. A mechanism has been added to eliminate the ability to send a flood of pop-ups to the device in a short period of time. Now, when users run the Flipper Zero attack, only a few pop-ups appear and the iPhone does not crash. Apple itself has not announced that it has resolved this bug.
Flipper Zero is a multi-tool for pen testers and geeks. The device supports various radio protocols and can be used for examinations or testing of devices. The device can read, write and emulate RFID and infrared signals, among other things. Until recently, the tool was still available at bol.com and Amazon, but the Flipper Zero is now available at both web shops removed from the market.
