Malicious attackers can flood iPhone users with endless popups using a $170 tool
Devices like the Flipper Zero can send out pre-programmed radio signals that can cause an iPhone to open a disruptive interface, effectively being attacked into temporary uselessness.
Not Your AirPods
Apple products like the iPhone have various communication tools like Wi-Fi, Bluetooth, NFC, and Ultra Wideband to make pairing and using accessories easier. These tools are what make systems like AirDrop and fast AirPods pairing possible.
According to a report from TechCrunch, a security researcher asking to be identified as Anthony described an iPhone attack that could be described as a denial-of-service. By using something called a Flipper Zero, false radio signals can be sent out to nearby devices like iPhones to render them effectively useless.
Such an attack is possible for a number of products like Android, but the report focuses on iPhone. The attack is described as a mere annoyance to the user but could be used as a broader attack vector to push scams and other fraudulent pop-ups.
TechCrunch was able to reproduce the attack, but not the frequency of pop-ups that would render a device useless. Anthony also described a situation where an attacker could use an "amplified board" to project signals across "thousands of feet."
Right now, there isn't any mitigation for such an attack beyond shutting off the device or using airplane mode. The stakes are currently low -- the embedded video below refers to this as a "prank" -- but having the ability to broadcast a malicious signal to interrupt device usage could easily be abused.
The provided example imagines sending malicious pop-ups with scam links to users. One could also imagine a situation where an attacker could interrupt device use in a public area where propaganda is distributed over AirDrop.
Anyone who has been near someone fidgeting with their AirPods case may have encountered something similar previously -- incessant pop-ups of "Not Your AirPods" taking over your device display because of your proximity.
In testing, users stopped this attack by shutting off Bluetooth from the Settings app, not Control Center. However, Bluetooth isn't the only signal that could be abused.
Anthony suggests Apple needs to rethink its protocols around wireless signals. Instead of accepting any broadcast signal, Apple should have a verification system for confirming an incoming signal is valid while also shrinking the distance allowed for such communication.
Devices like the Flipper Zero aren't built and marketed as hacking devices or attack tools. However, since the code they run on is open source, skilled coders can rewrite them to perform different functions, even malicious ones.
While this is an interesting proof of concept, it isn't something general users need to defend themselves against actively. As always, users are the first line of defense and should be wary of unexpected pop-ups.
Read on AppleInsider
Comments
Speaking of tools, that guy sounds like one.
So make wireless, less useful. Bluetooth is already short range, but they think it is a good idea to reduce it further?. How do you verify how far the device is, signal strength? Like that is reliable. Maybe a mode that allows only Apple devices or devices that were already connected, I wouldn't mind that. Then you could have a search mode for so many minutes, to allow for new devices.