Devious Device Can Crash People's iPhones Just by Being Near Them

The only defense: disabling Bluetooth.

Bluetooth-ache

Watch out, iPhone users. There's a little device out there that can hijack the wireless Bluetooth standard to crash your smartphone — and the only way to protect yourself against it is to turn off Bluetooth completely.

Known as the Flipper Zero, the gadget is a jack-of-all-trades when it comes to attacking short range wireless communications devices using standards like Bluetooth, WiFi, RFID, and NFC. Any devices using these — from smartphones to hotel keys to garage doors to TVs — are potentially at its mercy.

Though it's been around since 2020, Ars Technica reports the handheld device has recently started to cause a stir once again because of an extremely annoying hack it can easily perform: spamming Bluetooth-enabled iPhones — and potentially other smartphones — with so many popups that they become unusable, and eventually shut down.

One security researcher recalled how his iPhone was hacked while commuting by train: "My phone was getting these pop-ups every few minutes and then my phone would reboot," Jeroen van der Ham, a cybersecurity expert at the University of Twente in the Netherlands, told Ars.

Hacking For All

The Flipper Zero is perfectly legal, mind you. It's sold, for a bargain price of $169, as a "portable multi-tool for pentesters," referring to penetration testing, a practice in cybersecurity in which hackers attack a computer system to evaluate and improve its security.

Yet for something supposedly intended for Serious Experts, the Flipper Zero looks a lot like a toy, featuring an Gameboy-like interface with a pixelated cyberpunk dolphin mascot — see: Johnny Mnemonic — cheering you on as you commit acts of dubious legality.

To be clear, the ability to hack wireless communications isn't new — but as Ars notes, having a cheap device that requires little expertise to perform them available to the mass market, is. Put another way: the script kiddies have their new weapon slash plaything.

"The jig is up: software radios have made previously inaccessible attacks available to many more people than before, and work on them will continue," Dan Guido, CEO of security firm Trail of Bits, told Ars.

"People who are casually interested in technology can now easily clone most hotel or office keycards," he added. "They don't need any knowledge of signals or have to mess with open source code or Linux."

Slacking Security

There's another way of looking at this. If such a gimmicky device can defeat these systems, then the companies behind them aren't making their tech's security protocols strong enough in the first place. And if there's a silver lining to be found, it's that this publicity could push them to get their act together.

So far, Apple hasn't commented on whether it intends to patch out the attack in a future iOS update. Android and Windows devices are also reportedly vulnerable.

As of now, the best way to protect yourself is to disable Bluetooth. For iPhone users, that means shutting it off in your settings, and not through the Control Center, according to TechCrunch.

More on cybersecurity: Casinos Shut Down Amid Hacker Intrusions