The hacker is spamming iPhone users with fake Bluetooth pop-ups

Apple has implemented a lot of useful technologies into its devices to make it easier to pair them with certain Bluetooth accessories, like AirPods and AirTags. However, some hackers are now using the same techniques to annoy iPhone users. Using a relatively inexpensive tool called Flipper Zero, they can spam iPhones with fake Bluetooth pop-ups, rendering the device “unusable”.

Fake Bluetooth connections with your iPhone or iPad

For those unfamiliar, the Flipper Zero is a small, affordable device that can be programmed to control multiple radio protocols.

As reported TechcrunchRecently, a security researcher showed how to use Flipper Zero to carry out wireless attacks on Apple devices such as the iPhone or iPad. The hacker says the attack is a “Bluetooth ad attack” because it basically causes the device to display a lot of Bluetooth connection pop-ups to the user, making it difficult to use the iPhone or iPad.

More specifically, what the hacker does is program the Flipper Zero to act as an official Bluetooth accessory, like a pair of AirPods. This is made possible because these accessories rely on a protocol called Bluetooth Announcements, which notifies another nearby Bluetooth device of their presence.

In addition, the code entered into the Flipper Zero forces the device to repeatedly send the pairing signal. As a result, any nearby Apple device will show the connection popup non-stop. And as it was shown a few weeks ago during Def Con 2023, this can be used to annoy iPhone and iPad owners since there is no way to ignore these pop-ups.

iOS is still vulnerable to these attacks

According to what the security researcher said TechcrunchHe developed this attack as a “proof of concept” to warn that Apple should provide an option to ignore Bluetooth connections with unknown devices. While iOS allows you to close the popup, it will continue to appear as long as the extension (or Flipper Zero) is nearby.

What’s even more disturbing is that the attack works even when the iPhone is in Airplane mode since toggling the Control Center does not disable Bluetooth. The only way to stop the attack is to manually turn off Bluetooth in the Settings app (which will also interrupt the connection to the iPhone owner’s accessories).

The researcher said Apple can mitigate these attacks by ensuring that Bluetooth devices connected to an iPhone are legitimate and valid, as well as reducing the distance that iDevices can connect to other devices using Bluetooth.