December could very well be security month at Apple with the launch of Stolen Device Protection, the shuttering of Beeper Mini, and now, the stealthy fix to a Bluetooth exploit that has been wreaking havoc for iPhone and iPad users since its discovery in September.
Flipper Zero is no match for iOS 17.2
First pointed out by ZDNet, 9to5Mac can confirm that Apple has finally implemented safeguards in iOS 17.2 to prevent Flipper Zero devices from sending nearby iPhones and iPads into never-ending denial of service (DoS) loops.
Out of the box, Flipper Zero is a pretty harmless pen-testing tool. However, since the device is open source, it can be modified with third-party firmware (in this case, Xtreme) that provides a Bluetooth Low Energy (BLE) spam app.
Using a flaw in the BLE pairing sequence, the app can send nearby devices an overwhelming amount of Bluetooth connection notifications, causing them to freeze up and reboot. It’s a process that takes about five minutes, or what I can imagine feels like an eternity for an unsuspecting victim.
With a radio range of about 50 meters (~164 feet), threat actors have reportedly used malicious Flipper Zero devices to pull off undetected DoS attacks on trains, coffee shops, and concert venues.
What could iOS 17.2’s new safeguards be? When running a Flipper Zero against my own devices, I’ve found a few pesky popups still appear before completely stopping. This could point to a new send advertising packets (ADV) request timeout Apple has implemented. However, we may never know.
To update your iPhone or iPad to iOS 17.2, head to Settings > tap General > Software Update.
FTC: We use income earning auto affiliate links. More.