Thought your iPhone was safe from interference? The latest discovery related to Pinball Zero risks upsetting this confidence.
The Pinball Zero, which we have already talked about on Frandroid, is a device with multiple capabilities. Featuring a lightweight ARM chip, Flash memory and SRAM memory, this device also has a monochrome LCD screen and various buttons, including a back button. Powered by a rechargeable battery, the Pinball Zero is equipped with wireless features, ranging from NFC, infrared emitter, RFID chip and many more.
Thanks to its capabilities, Pinball Zero can read, copy and emulate RFID and NFC tags, remote controls and digital keys. Although it is completely open source, it is complex to reproduce its functions without solid knowledge in electronics. It has malicious potential, but it has limitations, for example, it cannot copy encrypted NFC data. However, this device is perfectly legal and was designed primarily to help security professionals perform tests.
New Pinball Zero exploit floods iPhones with pop-ups
A security researcher has discovered how to use Pinball Zero to disrupt nearby iPhones. By modifying the firmware of Pinball Zero, it was able to emit special signals via the protocol Bluetooth Low Energy (BLE), rendering nearby iPhones nearly unusable by flooding them with pop-ups. The experiment was described at the Def Con conference in Las Vegas in August 2023.
The researcher used the Flipper Zero, with a 2 W Raspberry Pi Zero, two antennas, a Linux-compatible Bluetooth adapter and a portable battery. Thanks to this kit, the researcher was able to imitate an Apple TV and spam nearby devices.
These signals are commonly used for connections between Apple devices or file transfers via AirDrop. The identified attack leverages this protocol to send connection requests to various Apple devices. In short, a malicious user could saturate an iPhone with pop-ups, rendering the device nearly unusable, a form of denial of service attack.
Techcrunch was able to reproduce the attack, demonstrating that it works regardless of whether Bluetooth is enabled or not. The only solution to avoid these pop-ups was to completely disable Bluetooth. The researcher also suggested that with the right equipment, this attack could be carried out over a considerable distance, he conjures up several thousand meters.
Is it worrying?
The effectiveness of this attack raises serious concerns. Although Flipper Zero was designed as a tool for security professionals, its misuse for malicious purposes shows how important it is for device manufacturers and software developers to remain vigilant and actively seek out such vulnerabilities. .
The potential scale of the attack, especially with amplified Bluetooth signals, is worrying. If exploited by large-scale malicious actors, it could cause major disruptions. The researcher carefully chose not to give all the details of the technique used, aware of the potential dangers. Apple will certainly make changes to how iPhones work.
Apple has already taken steps to counter inappropriate uses of AirDrop. Indeed, following incidents where individuals used AirDrop to randomly send photos to nearby strangers – often with the intention of disturbing or shocking, or simply for advertising campaigns – the Cupertino company has modified how AirDrop works. It thus introduced an option allowing users to completely deactivate this service or to limit it only to their contacts, thus offering additional protection.
Despite the controversies and debates surrounding the Pinball Zero, it seems that the demand for this device remains intact. Surprisingly, or perhaps not so much, the device is still available for purchase on platforms like Amazon. With a price flirting with 200 euros.
Some links in this article are affiliated. We’ll explaine everything here.
To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.