Cybercriminals are taking advantage of a vulnerability to specifically target iPhone models running iOS 17 by using a ‘notification attack’.
Macworld
Revised on 10/18/23, this article now includes a mention of Xtreme-Firmware. It was initially published on 9/6/23.
The iPhone offers a convenient way to pair with Bluetooth devices like AirTags or AirPods. Unfortunately, a hacker has found a method to take control of your iPhone and inundate it with requests to connect to devices, causing disruptions in its functionality.
A blogger and security expert known as Techryptic (referred to as “Anthony” by TechCrunch) published a blog entry and created a video tutorial showcasing how a Flipper Zero device can be utilized to overwhelm an iPhone with connection notifications typically associated with Bluetooth devices. As Techryptic explains, a malicious individual could essentially initiate a DDOS (distributed denial-of-service) notification attack on any iOS device. The flood of notifications would render the iPhone nearly unusable.
The Flipper Zero website states that a Flipper Zero is a gadget priced at $169 which can be utilized to “investigate various access control systems, RFID, radio protocols, and troubleshoot hardware by utilizing GPIO pins.” Techryptic utilized the Flipper Zero to transmit Bluetooth Advertisements, which are utilized by Apple devices to enable users to establish connections.
According to Flipper Devices, the makers of Flipper Zero, they have informed Macworld that it is not feasible for their default hardware to perform this function. A representative from Flipper Devices stated, “We have implemented measures to prevent the device from being used for unethical purposes.” They also mentioned that while the firmware is open source, it is possible for individuals to modify it for unintended purposes. However, Flipper Devices does not encourage or support such actions if they are intended to be harmful.
According to Techryptic, this method of attack can be utilized as a harmless joke or for the purpose of studying security. They also mentioned that a forthcoming blog entry will elaborate on its potential for malicious use. Techryptic’s blog post mentions that the Flipper Zero has a restricted reach, requiring an attacker to be in close proximity to the intended target. However, TechCrunch was informed that a Flipper Zero can be equipped with an “amplified board” to extend its range to “thousands of feet.”
According to an email received by Macworld, Techryptic’s work is supposedly derived from a project called AppleJuice, which can be found on the GitHub page of ECTO-1A. This project includes scripts that serve as a proof of concept (PoC) and use Bluetooth Low Energy (BLE) to send pairing messages to Apple devices based on proximity. The project was created on GitHub on August 24 and was inspired by a presentation at Def Con last month, where persistent Bluetooth notifications on iPhones were demonstrated.
According to ZDNet, there is a new firmware update available for the Flipper Zero called Xtreme-Firmware. Once installed, the Apple BLE Spam app includes a feature called Lockup Crash, which can be used to launch a denial of service attack on an iPhone. Testing conducted by ZDNet revealed that Xtreme-Firmware was effective in targeting iPhones with iOS 17, but had no impact on devices running iOS 16.
One way to safeguard against fraudulent Bluetooth notifications is to be cautious and vigilant when receiving them.
It is unclear if Techryptic, the AppleJuice project, or the Xtreme-Firmware project have informed Apple about the security vulnerability. Based on the title of the Techryptic post, “Annoying Apple Fans”, it is likely that Apple was not notified before the post was made. Usually, security researchers wait until Apple has addressed the issue before making their findings public.
According to TechCrunch, Apple has the ability to lessen the impact of these attacks by verifying the authenticity of Bluetooth devices connecting to an iPhone and limiting the range at which iDevices can connect to other Bluetooth devices. This solution would be implemented through an iOS update, highlighting the importance of regularly updating your iPhone.
The most effective method for a user to safeguard themselves is to disable Bluetooth, although this is not an optimal solution. Therefore, until Apple resolves the issue, it is crucial to remember that this type of attack is uncommon. If you receive a notification to connect to an unfamiliar device, be careful and take preventive measures by declining the request if possible. As this attack can overwhelm your iPhone with notifications, you may need to leave the area and power off your phone to stop it.