Apple Fixes Bug Allowing Flipper Zero to Lock Up iPhones

[MacRumors]

With the launch of iOS 17.2, Apple has fixed an exploit that allowed the Flipper Zero electronic multi-tool to lock up iPhones, reports ZDNET.

Image via ZDNET​

The Flipper Zero is a device that can interact with other electronics. It can emulate, read, and copy RFID and NFC tags, digital access keys, remotes, and more. Its capabilities allow it to unlock cars, skim RFID chips, and do other nefarious things, such as spamming iPhones.

Running third-party firmware from Xtreme, the Flipper Zero was able to use a BLE Spam app to create a huge number of Apple TV Keyboard popups on an iPhone, causing the device to lock up. As ZDNET puts it, Flipper Zero was able to perform a denial of service (DoS) attack on all iPhones in a 30-foot radius of the attacker.

Restarting the iPhone was able to fix the issue, but it was still an annoyance. Following the iOS 17.2 update, ZDNET found that an iPhone running the software was not able to be exploited by the Xtreme firmware. Popups still appear, but not a deluge of popups capable of disabling an iPhone.

iOS 17.2 was released earlier this week and is recommended for all devices capable of running iOS 17. It includes the Journal app and multiple new features for Messages, Apple Music, Weather, and other apps.

Article Link: Apple Fixes Bug Allowing Flipper Zero to Lock Up iPhones

 

[t0rqx]

Where do you buy this flipper

 

[Think|Different]

Where do you buy this flipper

Just search for it? LOL.

 

[t0rqx]

Just search for it? LOL.

Usually with these articles they put a ad-link for some revenue.

 

[WiiDSmoker]

Best flipper was in the GameCube

 

[gbf]

Ironically they still have their mobile app in the apple app store

 

[VisceralRealist]

Wow, this device could be really useful for my crimes hobbies. 🤔

 

[Monotremata]

Usually with these articles they put a ad-link for some revenue.

I highly doubt MR wants to get blamed considering idiots are using these to steal cars and break into things..

 

[Porco]

Ch-ch-ch-chkkk

- What’s that Flipper? You love USB-C?

Ch-ch-ch-chkkk-Chhkkk

- Oh, because you’re faster than lightning… right!

 

[crisss1205]

Ironically they still have their mobile app in the apple app store

Why wouldn’t it be? This “hack” actually requires you to install non official firmware into the flipper zero.

 

[Havalo]

Where can I get one of these for educational purposes, folks?

 

[CarAnalogy]

Good. I tried it and it worked shockingly well. Can’t even do a normal reboot. You have to do the force reboot button sequence. Crashed two phones instantly. Completely frozen up, not even showing a lot of pop ups, just completely unresponsive.

Interestingly a nearby iPad I was using was completely unaffected.

Edit: to clarify, these were all my devices and this was done for testing. I didn’t do this to anyone else.

 

[CarAnalogy]

Ironically they still have their mobile app in the apple app store

The mobile app is just an accessory to the device. Without a connection to the physical device, the app doesn’t do anything. Even then it doesn’t actually do anything itself, it just lets you update and transfer files and remote control the device.

 

[Polinsky]

Where do you buy this flipper

Not at all surprised by this question. When you get it, please stay away from the western US.

 

[Polinsky]

Good. I tried it and it worked shockingly well. Can’t even do a normal reboot. You have to do the force reboot button sequence. Crashed two phones instantly. Completely frozen up, not even showing a lot of pop ups, just completely unresponsive.

Why would you want to make people's lives unpleasant?

 

[CarAnalogy]

Why would you want to make people's lives unpleasant?

I didn’t do it to anyone else. All devices involved belong to me.

Also the device is useful for other things. It can be easily used for abuse but it can also be used for lots of cool stuff for personal, non abusive uses. It can be used as a remote shutter for the iPhone camera via Bluetooth, for example.

 

[macduke]

Wow, this device could be really useful for my crimes hobbies. 🤔

I highly doubt MR wants to get blamed considering idiots are using these to steal cars and break into things..

People need to understand something: This device puts into one device technology that has been used by everyone from criminals to governments (is there a difference? lol), in some instances for decades. This device existing and being so easy to use and combining so many tools together will be better for all of us in the long-run, because manufacturers will patch security holes and update their hardware over time to prevent these exploits. There is a lot of lax security out there that relies on simple radio communication.

By taking it from the hands of the few and putting it into the hands of the many, we all become safer because companies are actually forced to do something about this. This is no different than someone like The Lock Picking Lawyer, who sells lock picking kits through his business Covert Instruments and has a popular YouTube channel where he shows the flaws in various locks. Consumers are empowered to buy things that are more secure in the long run, and penetration testing has always been a thing since the invention of the door and extends to all modern devices.

At the end of the day bad guys are always gonna bad guy. People thought they were secure because they didn't know they weren't until now. We shouldn't penalize the company making these tools, we should penalize the companies selling garbage systems that are so easy to hack into or overload. Someone will always make these tools, whether in their basement, or in some NSA lab or corporate espionage operation.

 

[Lucas Curious]

someone used something like this to get into my building, steal packages and break into my cars. caused thousands $$ of damage and weeks of not having cars because he busted the windows and damaged the doors.

 

[knightsabre7]

I didn’t do it to anyone else. All devices involved belong to me.

Also the device is useful for other things. It can be easily used for abuse but it can also be used for lots of cool stuff for personal, non abusive uses. It can be used as a remote shutter for the iPhone camera via Bluetooth, for example.

You can remote shutter an iPhone camera via Apple Watch as well.

 

[Apple Fan 2008]

I have a friend who went crazy with one of these things. He even hacked a screen at one place to display his name. The staff was extremely confused. 😂

 

[RalfTheDog]

It's not a bug. It's movie theater mode.

 

[roar08]

Where do you buy this flipper

I bought one earlier this year to play around with it. It's pretty amazing.

 

[Skyscraperfan]

It should not even be illegal do open the doors of cars with this device, because car manufactures neglected security in exchange for convenience for years and many still do.

The worst kinds of electronic car keys are the ones that open the door when you are close to the car without pressing a button. Thieves do no longer have to hack those devices. They just have to amplify the signal of the key to make the car "think" that the key is close by. So the thieves sneak to the house and if the key if close to an outer wall of the house, they can amplify the key signal enough to open the door of the car that parks outside and sometimes even start the car and drive away.

Some things simply should not be wireless. Some houses even use wireless options to open and close the window shutters and those often are not secured by any kind of encryption. So a thieve just had to know the right frequency - which very often is 433 MHz - and then he can open the window shutters of a house.

Wireless light switches are also a dangerous thing. A thieve could turn the lights inside a house on and off multiple times and if there is no reaction, the owners are likely sleeping or not at home at all.

Many wireless cameras still have no encryption at all. Thieves and other curious people are still able to access the video and even audio of many of those cameras. Very convenient. They can look into the homes of other people and even blackmail them with what those cameras recorded.

If an insecure wireless device helped a thieve break into your home, your insurance company likely will not pay a single penny.

 

[firewood]

If I see someone with one of these, I may express my alternative personality.

That's probably a good sized percentage of all electronics engineers and EE students, as you can do pretty much similar stuff with most BLE and various SDR radio development kits available from most major electronics distributors. ST Micro, Analog Devices, TI (et.al.) make these dev systems for students and engineering labs. All Flipper did was put these technologies in a small tomagichi-like package. Anyone can use tools, or misuse them.

 

[Boeingfan]

Oh good, another tool for criminals.