 Who do you think would win? A multi-trillion dollar company with one of the best security track records in the corporate world? Or a little plastic hacking tool? Well it turns out the Flipper Zero, the hot new hacking device that every script kitty knows about, is able to execute a kind of denial of service attack against iPhones and other iOS devices after you load some additional software onto it. It's able to do this through a flaw in the Bluetooth low energy pairing sequence. So we all know about Bluetooth, right? It's probably responsible for removing more wires from our lives than any other wireless protocol. But it's also likely responsible for more battery drain than anything else on our wireless devices. That's where Bluetooth low energy or BLE comes in. It was introduced with the Bluetooth 4.0 standard and it was developed to cater to applications that require minimal power consumption and it's supposed to allow for more seamless communication between devices without killing your battery too quickly. Now of course, Apple, being the innovative company it is, has integrated several BLE technologies into their ecosystem including AirDrop, Handoff, Apple Watches, Use BLE, HomeKit, and iBeacon. Now one of the main features of BLE is the ability for devices to make their presence known through advertising packets, commonly known as ADV packets. These ADV packets make their pairing and communications of new devices to your iPhone seamless but these packets can also be spoofed by a hacker in order to create an experience on your iPhone that isn't so fun, that some people are basically calling a DDoS attack because you constantly get this notifications popping up on your phone and it makes your phone kind of difficult to use. I mean imagine trying to send a file to someone nearby over AirDrop and then you're seeing hundreds of fake recipients for the file or imagine trying to pair a new Apple Watch or AirPods to your phone and hundreds of each of those devices are popping up. Sure, if you're a more tech savvy person, you're probably going to be able to scroll through the device list or maybe use NFC or something else to pair your device more easily and so this security exploit it only ends up being a more minor inconvenience to you but for others, I think this could be a realistic attack vector for a hacker to exfiltrate sensitive data or possibly even get a foothold on a device to pivot to hacking other devices. How many people in the corporate world with iPhones do you think send sensitive company data to one another over AirDrop? Oh, just AirDrop me, that expense report. During the hustle of a busy day in the office, an overcaffeinated employee rushing to a pre-merger meeting could easily select a hacker's flipper zero or some similar device that's spoofing an AirDrop alert to look like another employee's phone and intercept that sensitive data. Now granted, there are probably more ways to pull off corporate espionage, more effective ways to pull it off usually having an inside guy or finding a flaw in the company's app to let you get a persistent foothold inside their network that lets you slowly leak out data over an encrypted channel and ultimately you're probably going to get more data out and more sensitive data out but there aren't easy guides on YouTube for you to do that unlike there are with this flipper zero BLE handshake spam attack after you load some custom software on the flipper zero and that's something that these companies need to be more aware of. I mean over the years I've noticed with these big tech companies like Apple or Microsoft that have these bug bounty programs where they pay you to find a bug that they can patch before it ends up becoming a serious problem they have a tendency to brush off these I guess low severity exploits tech cryptic the security researcher who initially discovered this flaw and made the video doing it with a flipper zero he actually first discovered it back in November of 2022 and I would imagine reported it to Apple around the same time or sooner because they actually have some of the higher rewards in their bug bounty program but I didn't see any specific mention on his blog about when he disclosed the issue to Apple or if he actually did disclose it to Apple but anyway you can see on his Twitter and YouTube history videos from nine months ago showing this exploit with a flipper zero so you would think that Apple would be aware of it and there's probably been other videos that people have posted doing similar exploits with different types of hardware because even though the flipper zero is really popular right now it's more of a consumer grade hacking tool with a relatively weak Bluetooth radio which means pulling off any data exfiltration or denial of service attacks like this against an iPhone user is going to require you to be in pretty close proximity to them but who's to say that this can't be done with more powerful hacking tool by someone who knows what they're doing and is able to fabricate something like that with some more powerful Bluetooth antennas now let's talk about some ways that this exploit can be mitigated obviously if you just disable the Bluetooth radio on your phone then you're not going to be able to get any messages that rogue devices are requesting to pair to you but disabling Bluetooth is really going to limit the functionality of your iPhone of course Apple was the first popular mobile phone vendor to remove the headphone jack from their phone so that they could push their AirPods on their customers although there are some headphones and sound equipment that's designed to use the lightning port or I guess soon it's going to be the USB C port or wired connectivity and you can probably find another adapter to let you charge your device and listen to music on it at the same time and then you know you don't really need to use an Apple watch you could just wear a regular watch and you don't really need to use airdrop you could just email those files to your co-worker as an attachment like the good old days but even if you decided to take this extreme step to stop using Bluetooth altogether on your iPhone Apple does not want to make that transition easier for you so on iOS you have to actually go through your settings app to turn off Bluetooth you can't just swipe down to that quick control and actually turn it off and put in your iPhone in airplane mode actually doesn't fully disable Bluetooth it doesn't disable BLE on at least the newer iPhones either and even if you do disable Bluetooth fully on your iPhone it's going to be re-enabled by Apple after every single iOS update so now that I really think about it mitigating this kind of security vulnerability with that approach is pretty much going to be a no-go beyond just paying attention to what devices you accept paying requests from to prevent any malicious activity but if somebody wants to troll you with this and you actually use Bluetooth like 99% of iPhone users then you're really just going to have to take it until the hacker man in his black hoodie gets bored or Apple issues a security patch to fix this issue in this security researchers blog post where he says that he already submitted the concern to Apple research team so that actually answers that question as of whether or not he reported it he goes on to talk about some of the differences between BLE 4.0 and BLE 5.0 in 4.0 you only have 31 bytes to work with which means you can't add meaningful checksums to your packets but I'm pretty sure iPhones have been using Bluetooth 5 since the iPhone 12 personally I think a good way to fix this is to just give iPhone users more fine-green control over their Bluetooth setting instead of generating a pop-up to connect to new devices in range automatically let people disable new pairing request on their iPhones without disabling Bluetooth altogether this would solve the Bluetooth DDoS problem but it might also make the air tag mesh network less robust which is probably why this option doesn't exist in iOS already of course this point has to be made when you choose Apple's devices when you choose their walled garden experience the Apple ecosystem you're completely at their mercy to fix bugs or implement their software and settings in a way that lets you mitigate it yourself like we see here with the way that Bluetooth is set up on iOS clearly Apple doesn't want you to turn that off so that they can provide the so-called seamless Bluetooth experience but really I think they do that so that most people are going to have Bluetooth always on even when airplane mode is enabled so that air tags that are within 30 to 40 feet of an iPhone are going to be able to ping their location off of it the Bluetooth setting on iPhone probably makes the air tag network 10 times more effective than if you could just easily disable it from the settings tray like on Android so because of all this I don't think Apple will actually fix this bug anytime soon they're gonna say that it's a feature and not a bug social engineering in close proximity is required for anything truly malicious to be done with it so it's not a bug no bug bounty continue to use Bluetooth and continue to support the air tag network just be cautious about what pairing request you accept because it could be a hacker man trying to take over your heck and iPhone