Protecting against Flipper Zero attackįlipper Zero has an okay-ish Bluetooth radio range of about 50 meters (~164 feet), which means pulling off DoS attacks will require hackers to be close but far enough to wreak havoc on coffee shops and sporting events without being detected. Unfortunately, these ADV packets can be spoofed, and this is what hackers are taking advantage of…with the help of a Flipper Zero. It’s thanks to these packets, that activities such as pairing new AirPods or connecting to an Apple TV are done with a slick animated pop-up. Apple uses several BLE technologies in its ecosystem, including AirDrop, HandOff, iBeacon, HomeKit, and plenty to do with Apple Watch.Ī prominent feature of BLE is its ability to send advertising packets, or ADV packets, to identify local devices on iPhones and iPads. The attack uses a Bluetooth Low-Energy (BLE) pairing sequence flaw. It takes about 5 minutes to gain full functionality again.Įxample of 'DDOS: /5FGhK7QYoG- Techryptic, Ph.D. However, since the firmware is open source, it can be modified with new software that turns it into a low-orbiting ion cannon for bad actors to point at unsuspecting victims.įirst pointed out by security researcher Techryptic, Ph.D., when additional software is loaded onto the Flipper Zero, it can then perform Denial of Service (Dos) attacks, spamming iPhones and iPads with an overwhelming amount of Bluetooth connection notifications that cause the device(s) to freeze up and then reboot. It’s sold as a portable multi-tool for penetration testers and hobbyists that can be programmed to control multiple radio protocols. Out of the box, Flipper Zero can be a pretty harmless device. So, what gives? Flipper Zero attack using iPhone Bluetooth exploit In September, 9to5Mac reported that Flipper Zero, a popular and cheap hacking tool, was being used to wreak havoc on nearby iPhones and iPads, spamming them with fake Bluetooth pop-ups until they eventually crashed.ĭespite many iOS 17 updates since, including last week’s release of new iOS 17.2 betas, Apple has yet to implement safeguards to prevent the attack.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |