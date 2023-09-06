Summary: Hackers are using a device called Flipper Zero to launch wireless attacks on iPhones and iPads, flooding the devices with fake Bluetooth connection pop-ups and rendering them nearly unusable. By programming the Flipper Zero to act as an official Bluetooth accessory, like AirPods, the device continuously sends a pairing signal, causing the iPhone or iPad to display connection pop-ups incessantly. The attack works even when the device is in Airplane Mode, as the Control Center toggle does not disable Bluetooth. The only way to stop the attack is by manually turning off Bluetooth in the Settings app. A security researcher suggests that Apple should provide an option to ignore Bluetooth connections with unknown devices as a mitigation measure.

Apple has implemented various technologies to simplify the pairing process of Bluetooth accessories with its devices, but these same technologies are being exploited by hackers for malicious purposes. The Flipper Zero, a relatively inexpensive programmable device, is being used to launch wireless attacks on iPhones and iPads.

The hacker programs the Flipper Zero to imitate an official Bluetooth accessory and continuously sends the pairing signal, resulting in a barrage of Bluetooth connection pop-ups on the target device. This flood of pop-ups renders the iPhone or iPad difficult to use. The attack even works when the device is in Airplane Mode, as Bluetooth is not disabled by the Control Center toggle.

The security researcher who conducted the attack recommends that Apple provide an option for users to ignore Bluetooth connections from unknown devices to prevent such attacks. Additionally, the researcher suggests that Apple should implement stricter validation measures to ensure that Bluetooth devices connecting to iPhones are legitimate. Lastly, reducing the distance at which iDevices can connect to other devices via Bluetooth could also mitigate these attacks.

It is unknown whether Apple is actively working on a solution to this issue, as the company did not respond to requests for comment.

Source: TechCrunch (link removed)