In a concerning revelation, hackers have found a way to annoy iPhone users with incessant pop-up prompts, urging them to connect to nearby Apple devices like AirTags, Apple TV, and AirPods.
This nefarious technique has become possible thanks to an affordable hacking tool called Flipper Zero.
How Flipper Zero Disrupts iPhone Users
Hackers can easily spam pop-up attacks on your AirTag and iPhone with this multi-tool device.
According to TechCrunch, the mastermind behind this disruptive attack is a security researcher who goes by the alias Anthony. He harnessed the power of the Flipper Zero, a versatile device designed for executing wireless attacks on various targets within its range.
What's the purpose of posting this? It has the capability to effectively launch a DDOS notification attack on any iOS device, rendering it nonfunctional. Even if the device is in airplane mode, it's still susceptible. Apple should consider implementing safeguards to mitigate.
— Techryptic, Ph.D. (@tech) September 4, 2023
While iPhones were the primary focus, the geeky tool can also target car key fobs, contactless cards, RFID cards, and more. This particular assault is essentially a form of denial-of-service, rendering an iPhone nearly unusable.
Bluetooth Advertising Assault
Anthony aptly termed this assault a "Bluetooth advertising assault" because it doesn't merely inconvenience users; it can severely disrupt the seamless Apple experience that users have come to expect.
Example of 'DDOS: pic.twitter.com/5FGhK7QYoG
— Techryptic, Ph.D. (@tech) September 4, 2023
The technique revolves around exploiting Bluetooth Advertisements, a form of transmission in the Bluetooth Low Energy protocol extensively used by Apple.
These advertisements serve to facilitate connections between iDevices and enable functions like connecting to an Apple Watch, linking with other Apple devices, and sharing images through AirDrop.
Related Article: This Tiny Gadget Hacks Device by Sending Keyboard Commands to Laptops and PCs; This Is How Flipper Zero Works
Simulating the Attack Using Flipper Zero
To validate this alarming vulnerability, TechCrunch replicated the attack using proof-of-concept code derived from Anthony's research.
This code was integrated into the Flipper Zero device, allowing the broadcasting of pop-up signals to nearby iPhones. The attack successfully imitated an AirTag and even initiated a phone number transfer dialog. However, the barrage of notifications was not immediately replicated.
TechCrunch writes that the effectiveness of the attack varied based on the proximity of the Flipper Zero device. Close-range interactions, like tapping the iPhone with the Flipper Zero, had a limited Bluetooth range.
In contrast, the code designed for the phone number transfer dialog exhibited a significantly broader range, capturing multiple iPhones simultaneously when the Flipper Zero was placed on the other side of a room.
Concerns of Extended-Range Attacks
Anthony hinted at the possibility of even more potent attacks with extended ranges, spanning thousands of feet, using an "amplified board." However, he refrained from disclosing further details, citing major concerns about enabling spam pop-ups to travel vast distances, potentially covering miles.
Despite these concerns, Apple has not yet left a comment regarding the matter. However, security experts suggest that the Cupertino giant should validate the legitimacy of devices that connect to iPhones for added security layers.
In late 2022, a viral TikTok video showed how Flipper Zero works. At that time, the creator behind the tool sold 150,000 devices.
It appears to look like a child's toy at first, but don't get fooled by its design. It quickly became a subject of controversy following the TikTok clip.
Read Also: Google Unveils Fresh Logo, Features for Android: Here's What to Expect
