If you find yourself in a cafe or train station and your iPhone suddenly starts flashing and restarting, look around for a small device that looks like a USB drive, because it might be the culprit.
One morning two weeks ago, security researcher Jeroen van der Ham was traveling by train in the Netherlands when his iPhone suddenly displayed a series of pop-ups that made using his device almost impossible. To Mr van der Ham’s surprise and dismay, the same debilitating stream of pop-ups recurred during the afternoon drive home, not only on his iPhone, but also on the iPhones of other passengers in the same car.
Van der Ham discovered that the culprit, another passenger on the train, was using a Flipper Zero device with custom firmware to send a combination of Bluetooth low energy (BLE) alerts to phones iPhone running iOS 17 that were nearby.
Also read – Hackers exploit this App Store flaw to install malware on iPhones
What is Pinball Zero?
The Flipper Zero is a very handy little tool and, at first glance, you will certainly mistake it for a Tamagotchi toy from around ten years ago. The latter costs just under 200 euros, and allows you to read and emulate RFID, NFC, Bluetooth and Wi-Fi signals.
Flipper Zero’s portability, which allows testing of a large number of radio frequencies at short range, has made it a device of choice for malicious actors, who frequently use it to clone hotel cards or read RFID chipsand now crashing iPhones.
Using custom firmware, the device would be able to send a constant stream of Bluetooth messages to nearby iPhones. These Bluetooth messages keep appearing on your iPhone as a request to pair with a Bluetooth accessory.
Obviously, you can’t click on these connection requests, since they’re a phantom signal coming from a device that doesn’t exist. On the victim’s iPhone, these messages may look like a request to connect to a TV, which repeats until the phone eventually reboots.
If you have an iPhone running iOS 17, the only reliable way to protect yourself from pop-ups and crash attack is to turn off Bluetooth. Apple’s latest iOS 17.1 update did not fix the problem, and Apple currently has no solution to fix the flaw.