Did iOS 17.1.1 fix Flipper Zero attack problem on iPhones? Not according to my tests

1 year ago 112
BOOK THIS SPACE FOR AD
ARTICLE AD
Flipper Zero is still a menace to iPhone users.

Flipper Zero is still a menace to iPhone users.

Adrian Kingsley-Hughes/ZDNET

The Flipper Zero is an amazing device, especially considering the $169 price tag, but as amazing as it is, I'm blown away by the fact that it could to crash an iPhone.

Several readers have contacted me wanting to know if the latest iOS 17.1.1 update fixes the denial of service (DoS) attack that was made possible using the Flipper Zero loaded with third-party software.

The answer, according to my tests, is still no, but something has changed.

Also: The Raspberry Pi 5 cracks passwords twice as fast as my Pi 4, but there's one issue

So, prior to iOS 17.1.1, you could use the Flipper Zero to flood an iPhone that was within Bluetooth range with popups and notifications, or you could choose an attack that would push so many popups and notifications that it would lock up the iPhone after a couple of minutes.

The Apple Device Popup attack that is part of the BLE Spam app on the Flipper Zero isn't supposed to crash the iPhone, but now it does.

The Apple Device Popup attack that is part of the BLE Spam app on the Flipper Zero isn't supposed to crash the iPhone, but now it does.

Adrian Kingsley-Hughes/ZDNET

Now things are different.

Based on testing that I've done, iOS now seems to throttle the number of popups that are displayed, making the attack less annoying and distracting. Popups still appear, but not at the frequency that they were previously displayed.

Also: Latest iOS 17 update stops BMW wireless chargers from destroying your iPhone 15

However, there's also bad news, and that is that despite the popups seemingly being throttled, now all the Bluetooth attacks the Flipper Zero can generate can lock up the attacked iPhone solid, requiring a reboot. Previously only an attack specifically designed to lock up an iPhone could achieve this.

iPhone 14 Pro Max running the latest iOS 17.1.1 locked up solid.

iPhone 14 Pro Max running the latest iOS 17.1.1 locked up solid.

Adrian Kingsley-Hughes/ZDNET

So, the Flipper Zero BLE (Bluetooth Low Energy) spam attack is both less annoying in that there are fewer popups, but it's also much more likely to crash the iPhone and lock it up to the point where it needs a reboot to come back to life. 

I'm still hopeful that Apple will still find a way to patch the iPhone to prevent these attacks.

Editorial standards
Read Entire Article