The Flipper Zero hacker can spam nearby iPhones using Bluetooth pop-ups

Image credits: Zack Whitaker / TechCrunch

Thanks to this popular and relatively cheap hacking tool, hackers can spam your iPhone with annoying pop-ups asking you to connect to your nearby AirTag, Apple TV, AirPods, and other Apple devices.

A security researcher who asked to be referred to only as “Anthony” demonstrated this attack using Flipper Zero, a small device that can be programmed to perform wireless attacks on devices in its range, such as iPhones, but also car key fobs, wireless cards and SIM cards. RFID, and more. Anthony’s attack is basically a refusal to serve. By pushing constant pop-ups, anyone can make your iPhone almost unusable.

Anthony told TechCrunch he called it a “Bluetooth ad assault.”

“It’s not just a minor inconvenience; it can disrupt the smooth experience Apple users have become accustomed to,” he wrote in a blog post explaining the problem.

Anthony said he modified the Flipper Zero firmware to broadcast so-called Bluetooth ads, a type of transmission in the Bluetooth Low Energy protocol that Apple uses to give owners of iDevices the ability to connect to their Apple Watch and other Apple devices and send photos to other iDevice owners using a file sharing system. Bluetooth AirDrop.

In the words of Anthony, these are the “broadcast signals that devices use to announce their presence and capabilities.”

Using Flipper Zero, TechCrunch was able to reproduce this attack on iPhone 8 and later iPhone 14 Pro.

TechCrunch tested the vulnerability by compiling proof-of-concept code from the Security Researcher blog into a firmware file, which we then loaded into our Flipper Zero device. Once we replaced the Flipper Zero’s firmware with our custom bundled code, the Bluetooth from the Flipper Zero started broadcasting a popup to nearby iPhones.

We used a proof-of-concept code to mimic a nearby AirTag, and the other code to transfer a phone number. Both tests worked, although we couldn’t immediately reproduce the barrage of notifications. Using a proof-of-concept code, we fooled two nearby iPhones into thinking they were close to AirTags, but found that Bluetooth range was limited at a close distance, such as by tapping an iPhone with the Flipper Zero. We also successfully tested code designed to trick a nearby iPhone into displaying a phone number transfer dialog, but we found the Bluetooth range to be much greater and we captured multiple iPhones at the same time using Flipper Zero on the other side of the room.

These vulnerabilities worked on iPhones when Bluetooth was enabled or turned off in Control Center, but were unable to reproduce these vulnerabilities when Bluetooth was turned off completely from Settings.

Security researchers focused on shedding light on how malicious hackers have been abusing Bluetooth technology to annoy iPhone owners recently. During the Def Con hacking conference in Las Vegas in August, a researcher scared and confused the attendees by creating pop-up alerts on their iPhones. The researcher used a $70 contraption made from a Raspberry Pi Zero 2 W, two antennas, a Linux-compatible Bluetooth adapter, and a portable battery. Using this device, the researcher was able to simulate an Apple TV and spam nearby devices.

Anthony said he created an attack that could work “thousands of feet”, using an “amplified board” that could broadcast Bluetooth packets at a higher range than regular Bluetooth Low Energy devices. Anthony said he does not release details of the technology “because of significant concerns,” such as giving others the ability to send unwanted pop-ups “over vast distances, potentially for miles.”

The researcher said Apple can mitigate these attacks by ensuring that Bluetooth devices connected to an iPhone are legitimate and valid, as well as reducing the distance that iDevices can connect to other devices using Bluetooth.

Apple did not respond to a request for comment.