This Tiny Device Renders iPhones Useless In A Nonstop DoS Attack Over Bluetooth

A tiny device that's well known amongst the hacking community, known as the Flipper Zero, is wreaking havoc for some iPhone users. The device can be utilized for DoS (Denial of Service) attacks and spam all nearby iPhones.

Infosec user Jeroen Van der Ham noticed while on a train ride that his and other people's iPhones were receiving the same stream of pop-ups, rendering the smartphones useless. After observing for a while longer, he realized that one person in the train car was working on an app on his MacBook. That person also had their iPhone connected to the MacBook via USB so they could continue working while everyone else around with an iPhone suffered constant rebooting.

"This is weird: on the train and my mobile Apple devices are rebooting, showing a possible connection to an Apple TV beforehand," Van der Ham posted. "And then I look around and notice I'm not the only one. Turned on lockdown mode, and even then it's showing the same alert, and crashing."

In an interview, Van der Ham explained that it took him a bit to pinpoint the attack because "as a security researcher who had heard about this attack, it's really hard to realize that that is what's going on."

It turned out that the attack was conducted using a Flipper Zero, a device that can send Bluetooth pairing requests to all iPhones within radio range (among many other feautres). The handy dandy device is used for all sorts of wireless communications. It is able to interact with radio signals, including RFID, NFC, Bluetooth, Wi-Fi, or standard radio. While the small device can be used for many helpful things, it can also be used as an annoyance as well, such as changing the channel on a TV, opening a garage door, and causing havoc for nearby iPhones. 

The company that produces the Flipper Zero describes the device as a "portable multi-tool for pentesters and geeks in a toy-like body. It loves researching digital stuff like radio protocols, access control systems, hardware, and more." The device is also open-source and customizable so that owners can use it for "whatever" they like.

Van der Ham was later able to recreate the attack on the train. What he found was that he was unable to crash iPhones that were running iOS versions before 17.0, which should give anyone who is still on iOS 16 or earlier some solace.

However, those who have updated to iOS 17 should be on the lookout for anyone who might have a Flipper Zero around them if their device should come under a similar DoS attack. An example is Zack Shutt, CEO of Meta PCs, who shared a picture of his recent purchase on X. While pranksters like Zack are only out for a friendly laugh, others may have more nefarious intentions. As of right now, Apple has not responded to the reports.

The Flipper Zero can be purchased online for $169. Potential buyers can also purchase a silicone case for the device, screen protectors, a Wi-Fi Devboard, and a Prototyping Board, among a myriad of third-party add-ons.