iPhone security warning issued over Flipper Zero attack that renders your iPhone useless
It could eventually work over ‘thousands of feet’
An iPhone security warning has been issued after it emerged that a tiny computer can be used to fool your iPhone into showing you fake popups. With nothing but a device called a Flipper Zero and some ingenuity, bad actors can use the little gadget to spoof Bluetooth notifications. This can build from a minor annoyance all the way up to entirely disrupting your phone, making it unusable.
On his YouTube account, Techryptic showed off the tech with a nearby iPhone and iPad. In this short clip, he placed the Flipper Zero next to his devices and they both attempted to connect. As of right now, this is a minor annoyance in a short proximity but Techryptic claimed to Tech Crunch that it could work over “thousands of feet”.
On its GitHub account, Techryptic said:
‘When a device like Flipper Zero mimics the advertising packets of legitimate devices or services, it can create a plethora of phantom devices in the vicinity of an iOS user’
Zero to sixty
When trying to test the results themselves, Tech Crunch was able to do so but could not replicate the notification spam present in Techryptic’s video tweet.
Though this Flipper Zero definitely seems to work, its effects are minimal right now due to its proximity. With code present on GitHub, you have to place it right next to your targeted device to produce a pop-up. Also, turning off Bluetooth from settings will negate this. Turning off Bluetooth from the navigation bar, however, will not.
That said, this is still a security concern for Apple and further advancements in this tech could entirely immobilize Apple iPhones. As you need to physically click away from notifications, it could essentially spam your iPhone with them, rendering it impossible to do anything else. The Flipper Zero retails for $169 — a fairly small investment for something that could be so damaging.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
On X, Techryptic likened it to a DDOS attack which is the process of flooding someone’s internet provider, service, or network with requests. As they are not prepared for the sheer volume of requests, this will send it offline. The notification spam operates on the same basic logic.
A representative on behalf of Flipper Zero has told iMore that such use of its devices is only possible by adapting its default firmware, which is open source:
'It’s important to highlight this is impossible on the default hardware. We have taken necessary precautions to ensure the device can’t be used for nefarious purposes. Since the firmware is open source, individuals can adjust it and use the device in an unintended way, but we don’t promote this and condone the practice if the goal is to act maliciously.
Potentially, one could repurpose an Android phone with a custom firmware or any Arduino-like device with BLE capabilities to do the same. This is why we agree with the researcher that Apple should implement safeguards and eliminate the problem at its core.'
iMore has reached out to Apple for comment.
James is a staff writer and general Jack of all trades at iMore. With news, features, reviews, and guides under his belt, he has always liked Apple for its unique branding and distinctive style. Originally buying a Macbook for music and video production, he has since gone on to join the Apple ecosystem with as many devices as he can fit on his person.
With a degree in Law and Media and being a little too young to move onto the next step of his law career, James started writing from his bedroom about games, movies, tech, and anything else he could think of. Within months, this turned into a fully-fledged career as a freelance journalist. Before joining iMore, he was a staff writer at Gfinity and saw himself published at sites like TechRadar, NME, and Eurogamer.
As his extensive portfolio implies, James was predominantly a games journalist before joining iMore and brings with him a unique perspective on Apple itself. When not working, he is trying to catch up with the movies and albums of the year, as well as finally finishing the Yakuza series. If you like Midwest emo music or pretentious indie games that will make you cry, he’ll talk your ear off.