Making iPhones and iPads crash with a Flipper Zero

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Making iPhones and iPads crash with a Flipper Zero

Want to crash someone’s iPhone or iPad? Turns out it’s not that tricky, if you have a Flipper Zero.

The Flipper Zero, a “Swiss Army knife” tool for geeks and penetration testers, can be used to bombard devices with bogus Bluetooth connection requests, which – if they’re running iOS 17 – can crash them.

One early victim was researcher Jeroen van der Ham, who posted on Mastodon about his experiences on a train journey, where he was surrounded by people whose devices were “rebooting constantly.”

Sign up to our free newsletter.
Security news, advice, and tips.

“Your phone becomes almost unusable. You can still do stuff in between for a couple of minutes, so it’s really annoying to experience,” van der Ham told Ars Technica. “Even as a security researcher who had heard about this attack, it’s really hard to realize that that is what’s going on.”

The same Bluetooth Low Energy (BLE) spam message attack can be attempted against Android and Windows devices, although – unlike iOS 17 – it doesn’t appear to cause them to crash.

Right now, all you can do to stop your iPhone or iPad being victim of the attack is to disable Bluetooth – something, obviously, that many users will be unwilling to do.

Although Apple pushed out an iOS update (version 17.1.1) in the last 24 hours which fixes a number of bugs, it looks like iPhone and iPad users will have to remain patient if they don’t want to have a Flipper Zero launching a denial-of-service against their devices.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.