Apple is known for integrating handy technologies into its gadgets, making it a breeze to connect with Bluetooth accessories like AirPods and AirTags. But it seems that not everyone is using these features for good. Hackers have found a way to exploit these user-friendly technologies to mess with iPhone users. Armed with a fairly affordable gadget called Flipper Zero, they’re sending a barrage of fake Bluetooth pop-up notifications, effectively rendering the targeted iPhones unusable.
It’s a frustrating development that highlights the downside of making devices too easy to pair. So, while the convenience of quick Bluetooth connections is great for everyday use, it appears there’s a potential drawback that Apple may need to address.
Faking iPhone/iPad Bluetooth Connections
If you’re not familiar with Flipper Zero, it’s a small, relatively inexpensive gadget that can be programmed to control various radio protocols. According to a recent TechCrunch article, a security researcher showed how this device could be used to launch wireless attacks on Apple devices like iPhones and iPads. The researcher describes the attack as a “Bluetooth advertising assault,” and it’s as annoying as it sounds.
Read More: How to use Google Messages?
Here’s how it works: The hacker programs the Flipper Zero to impersonate a legitimate Bluetooth accessory, such as a pair of AirPods. This is made easy by a feature in Bluetooth technology called “Bluetooth Advertisements,” which essentially announces the presence of a Bluetooth device to any nearby gadgets.
Taking it a step further, the hacker injects code into Flipper Zero to keep sending out this ‘pairing’ signal. The end result? A barrage of Bluetooth pop-up notifications on any nearby Apple device, making it almost impossible to use your iPhone or iPad. This vulnerability was showcased a few weeks ago at Def Con 2023, and let’s just say, it’s a real headache for Apple device owners, as there’s currently no way to stop these incessant pop-ups.
So, while Apple’s user-friendly pairing technology is convenient for everyday use, it looks like there might be a chink in the armor that needs addressing.
iOS is Still Susceptible to these Attacks
The security researcher who revealed this vulnerability to TechCrunch wasn’t doing it to stir up trouble; rather, it was a “proof of concept.” The idea was to give Apple a heads-up that they might want to include an option to ignore Bluetooth connections from unfamiliar devices. Sure, you can close the pop-up, but it’ll just reappear as long as the ‘intruding’ device (in this case, the Flipper Zero) is nearby.
What’s even more concerning is that this annoying attack isn’t stopped by switching your iPhone to Airplane Mode. Turns out, toggling Airplane Mode on doesn’t actually disable Bluetooth. So, your phone remains susceptible to the assault. The only way to bring the pop-up spam to a halt is to dive into the Settings app and manually turn off Bluetooth. Of course, doing so also means you’ll lose the connection with any Bluetooth accessories you were using.
Read Also: How to Uninstall Apps from Apple CarPlay?
So, the bottom line? While Apple’s seamless pairing tech is generally a good thing, this latest discovery suggests there’s room for improvement in ensuring users aren’t bombarded with unwanted connections.
The security researcher suggests that Apple could make a couple of changes to thwart these kinds of attacks. First off, Apple could implement checks to ensure that Bluetooth devices trying to connect to an iPhone are actually legitimate. Basically, make sure it’s a pair of real AirPods trying to connect and not a rogue device like Flipper Zero. Secondly, Apple could also limit the range at which iPhones and other iDevices can connect via Bluetooth.
Example of ‘DDOS: pic.twitter.com/5FGhK7QYoG
— Techryptic, Ph.D. (@tech) September 4, 2023
As of now, it’s up in the air whether Apple is taking steps to address this issue. The company hasn’t made any public statements, and they didn’t respond when asked for a comment. So, we’ll just have to wait and see if they roll out any updates to fend off this kind of Bluetooth vulnerability.