Want to crash someone’s iPhone or iPad? Turns out it’s not that tricky, if you have a Flipper Zero.
The Flipper Zero, a “Swiss Army knife” tool for geeks and penetration testers, can be used to bombard devices with bogus Bluetooth connection requests, which – if they’re running iOS 17 – can crash them.
One early victim was researcher Jeroen van der Ham, who posted on Mastodon about his experiences on a train journey, where he was surrounded by people whose devices were “rebooting constantly.”
“Your phone becomes almost unusable. You can still do stuff in between for a couple of minutes, so it’s really annoying to experience,” van der Ham told Ars Technica. “Even as a security researcher who had heard about this attack, it’s really hard to realize that that is what’s going on.”
The same Bluetooth Low Energy (BLE) spam message attack can be attempted against Android and Windows devices, although – unlike iOS 17 – it doesn’t appear to cause them to crash.
Right now, all you can do to stop your iPhone or iPad being victim of the attack is to disable Bluetooth – something, obviously, that many users will be unwilling to do.
Although Apple pushed out an iOS update (version 17.1.1) in the last 24 hours which fixes a number of bugs, it looks like iPhone and iPad users will have to remain patient if they don’t want to have a Flipper Zero launching a denial-of-service against their devices.