The Flipper Zero is an amazing device, especially considering the $169 price tag, but as amazing as it is, I’m blown away by the fact that it could to crash an iPhone.
Several readers have contacted me wanting to know if the latest iOS 17.1.1 update fixes the denial of service (DoS) attack that was made possible using the Flipper Zero loaded with third-party software.
The answer, according to my tests, is still no, but something has changed.
So, prior to iOS 17.1.1, you could use the Flipper Zero to flood an iPhone that was within Bluetooth range with popups and notifications, or you could choose an attack that would push so many popups and notifications that it would lock up the iPhone after a couple of minutes.
Now things are different.
Based on testing that I’ve done, iOS now seems to throttle the number of popups that are displayed, making the attack less annoying and distracting. Popups still appear, but not at the frequency that they were previously displayed.
However, there’s also bad news, and that is that despite the popups seemingly being throttled, now all the Bluetooth attacks the Flipper Zero can generate can lock up the attacked iPhone solid, requiring a reboot. Previously only an attack specifically designed to lock up an iPhone could achieve this.
So, the Flipper Zero BLE (Bluetooth Low Energy) spam attack is both less annoying in that there are fewer popups, but it’s also much more likely to crash the iPhone and lock it up to the point where it needs a reboot to come back to life.
I’m still hopeful that Apple will still find a way to patch the iPhone to prevent these attacks.