How To Stop New iPhone iOS 16 Bluetooth Hack Attack

A security researcher caused quite a stir during the Def Con 2023 hacking conference in Las Vegas last month. At the event, some attendees who owned iPhones were taken aback when an Apple pop-up notification prompted them to connect to a nearby Apple TV device using their Apple ID credentials. This was surprising, especially for some of the hackers who were under the impression that their Bluetooth was disabled. However, as it turns out, they were mistaken. Now, another security researcher has demonstrated a similar hack that utilizes a readily available hacking device to inundate nearby iPhones with pop-up notifications, effectively executing a denial of service attack.

In the case of the iPhone Def Con hacker, they assembled a makeshift device using a Raspberry Pi, a couple of antennas, and a Bluetooth adapter. This ingenious setup allowed them to trick any nearby iPhones into believing that it was an Apple TV, enabling them to transmit what are referred to as Bluetooth advertising packets. What’s crucial to note here is that these packets do not necessitate Bluetooth pairing, making them readily available to appear on iPhones.

This isn’t an isolated incident. Another researcher has recently pulled off a similar proof-of-concept attack using a hacker gadget known as a Flipper Zero. This multifunctional device can, among other things, impersonate the aforementioned advertising packets using Bluetooth Low Energy protocols. The Flipper Zero hack continuously sends the notification signal, causing the pop-up to persistently display on iPhones.

The individual behind this discovery, who goes by the name Techryptic, emphasized in a blog post that this mimicry can be more than just an annoyance for iOS users. Potential uses for this form of Bluetooth spamming attack include bombarding someone with an overwhelming number of device notification pop-ups, testing BLE (Bluetooth Low Energy) implementations for vulnerability detection purposes, and, most alarmingly, employing it for malicious intents.

However, it’s essential to clarify that this misuse is not possible with the default Flipper Zero hardware. A spokesperson for Flipper Zero stated, “We have taken necessary precautions to ensure the device can’t be used for nefarious purposes.” They also noted that since the firmware is open source, individuals could potentially modify it to use the device in unintended ways, but this is discouraged and not condoned if the aim is to act maliciously. They further pointed out that someone could potentially repurpose an Android phone with custom firmware to achieve similar results. This underscores the importance of Apple implementing safeguards to address the core problem.

Interestingly, this hack still functions even when Bluetooth has been disabled via airplane mode from the control panel, which may come as a surprise to many users. In such cases, disabling Bluetooth directly from your device settings or running your iPhone in Lockdown Mode becomes necessary to prevent these advertising pop-ups from being received.

The silver lining in this situation is that an attacker would need to be in close proximity for the Flipper Zero hack to be effective, as it has a rather limited Bluetooth range. However, it’s worth noting that Techryptic didn’t disclose all the details, but TechCrunch reported the development of an amplified board capable of transmitting the necessary signals across vast distances, potentially spanning miles.

Efforts to obtain a statement from Apple regarding this issue had been made at the time of publication, although no response had been received. Hopefully, Apple will heed the advice from Techryptic to ensure that Bluetooth device connections in iOS 17 are “legitimate and valid,” and they might also consider reducing the workable distance for such connections to enhance security.