Security researcher Anthony has recently showcased a new Bluetooth-based attack that can render iPhones nearly unusable. Using a small hacking device called Flipper Zero, which costs $169, hackers can exploit the Bluetooth Low Energy (BLE) protocol to flood an iPhone with pop-up notifications, making it difficult to use.

The BLE protocol utilizes advertising packets to establish device presence, and these packets can be detected by any Bluetooth-enabled device without the need for pairing. Since Apple’s ecosystem heavily relies on BLE, this makes iPhones particularly vulnerable to this attack. Flipper Zero can imitate the advertising packets of legitimate devices, creating phantom devices that an iPhone will detect.

While this attack can initially be used as a prank to confuse iPhone users with fake devices, it can also be employed for more malicious purposes, such as carrying out phishing attacks by spoofing trusted notifications. The constant barrage of pop-ups can overwhelm the iPhone and disrupt its normal functionality, essentially making it unusable.

TechCrunch tested the attack on both an iPhone 8 and an iPhone 14 Pro and confirmed its effectiveness. The attack can be executed when Bluetooth is enabled or when it is switched off via the Control Center, but it does not work when Bluetooth is disabled from the Settings. Interestingly, the attack can even be executed when an iPhone is in airplane mode, highlighting the vulnerability of these devices.

Anthony has alerted Apple to this potential security threat and has urged the company to take steps to protect its users. He also noted that with an amplified board, the attack could be extended to cover larger distances, potentially impacting iPhones over thousands of feet.

In summary, this Bluetooth-based attack, demonstrated by security researcher Anthony, shows the vulnerabilities of iPhones to manipulation through the BLE protocol. By flooding iPhones with deceptive pop-up notifications, hackers can incapacitate these devices, raising concerns for user privacy and functionality. Apple is advised to address this issue promptly to safeguard its users.

Definitions:

– Bluetooth Low Energy (BLE): A wireless communication protocol designed for short-range communication between devices with low power consumption.

– Phishing Attack: A cyber attack in which fraudsters deceive individuals into disclosing sensitive information by posing as a trustworthy entity.

– Denial-of-Service Attack: An attack that aims to disrupt the normal functioning of a network or system, rendering it inaccessible to its intended users.

Sources:

– TechCrunch (www.techcrunch.com)

– Anthony’s website (source not provided)