The Flipper Zero can do a lot, but I wasn’t expecting it to be able to be able to lock up an iPhone using nothing more than Bluetooth.
But it turns out it can do just that.
Now, you can’t do this with a stock Flipper Zero. If you want to test this out, you’ll need to have a Flipper Zero and then load an early developer build of Xtreme third-party firmware onto it.
From there it’s a matter of firing up an app called Apple BLE Spam and choosing an attack called Lockup Crash.
And it does exactly what it says in the name – it’ll lock up and crash the iPhone.
Basically, it performs a denial of service (DoS) attack on iPhones.
ZDNET has tested this and can confirm that it can lock up an iPhone running the latest iOS 17.0.3. The issue does not appear to affect iPhones running iOS 16.
But the Apple BLE Spam app can do more. It can also initiate an array of pairing attacks that are more spammy than causing crashes, but are still annoying to the iPhone user, and at this point it’s unclear if they could be crafted into a different attack.
You’re probably wondering how best to protect yourself. I can only find one way — turn off Bluetooth, either by going into Control Center and disabling it there (this only stays off until the next day) or going Settings > Bluetooth and flipping the toggle there.