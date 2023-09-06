The Flipper Zero portable wireless pen-testing and hacking tool has the capability to aggressively spam Bluetooth connection messages to Apple iOS devices, including iPhones and iPads. This technique was developed by a security researcher known as ‘Techryptic’ and was shared in a YouTube video demonstration.

Apple devices that support Bluetooth Low Energy (BLE) technology use advertising packets (ADV packets) to broadcast their presence to other devices. ADV packets play a crucial role in various scenarios such as data exchange via AirDrop, connecting the Apple Watch or AppleTV, and activating Handoff.

By spoofing ADV packets and transmitting them according to the BLE protocol, the Flipper Zero can confuse a target device, making it challenging to differentiate between legitimate and fake requests. This opens up opportunities to spam the device with bogus requests or mimic trusted devices to carry out phishing attacks.

The impact of this attack can extend beyond annoyance. It can cause confusion, disrupt workflows, and potentially pose security concerns for iOS users. Techryptic emphasizes the importance of being aware of the devices around us and understanding the vulnerabilities of wireless communications.

To perform this attack, Flipper Zero’s firmware needs to be updated to enable Bluetooth functionality, and modifications to the ‘gap.c’ file are required to generate the fake notifications. Techryptic has created and shared code that can generate various types of notifications, including AirTag and Apple Keyboard connection requests, transfer number notifications, and notifications related to setting up a new iPhone or joining an Apple TV.

While most attacks require close proximity between the Flipper Zero and the target iOS device, Techryptic has also developed a technique that can work over long distances using an amplifier. However, this method will not be publicly released to prevent potential abuse.

It is worth noting that the attack can still be successful even if the target device is in airplane mode, as Apple has no mitigations or safeguards in place for this scenario.

