Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,428
30,613


With the launch of iOS 17.2, Apple has fixed an exploit that allowed the Flipper Zero electronic multi-tool to lock up iPhones, reports ZDNET.

zdnet-flipper-zero-iphone-attack.jpg
Image via ZDNET

The Flipper Zero is a device that can interact with other electronics. It can emulate, read, and copy RFID and NFC tags, digital access keys, remotes, and more. Its capabilities allow it to unlock cars, skim RFID chips, and do other nefarious things, such as spamming iPhones.

Running third-party firmware from Xtreme, the Flipper Zero was able to use a BLE Spam app to create a huge number of Apple TV Keyboard popups on an iPhone, causing the device to lock up. As ZDNET puts it, Flipper Zero was able to perform a denial of service (DoS) attack on all iPhones in a 30-foot radius of the attacker.

Restarting the iPhone was able to fix the issue, but it was still an annoyance. Following the iOS 17.2 update, ZDNET found that an iPhone running the software was not able to be exploited by the Xtreme firmware. Popups still appear, but not a deluge of popups capable of disabling an iPhone.

iOS 17.2 was released earlier this week and is recommended for all devices capable of running iOS 17. It includes the Journal app and multiple new features for Messages, Apple Music, Weather, and other apps.

Article Link: Apple Fixes Bug Allowing Flipper Zero to Lock Up iPhones
 

CarAnalogy

macrumors 601
Jun 9, 2021
4,184
7,711
Good. I tried it and it worked shockingly well. Can’t even do a normal reboot. You have to do the force reboot button sequence. Crashed two phones instantly. Completely frozen up, not even showing a lot of pop ups, just completely unresponsive.

Interestingly a nearby iPad I was using was completely unaffected.

Edit: to clarify, these were all my devices and this was done for testing. I didn’t do this to anyone else.
 
Last edited:

CarAnalogy

macrumors 601
Jun 9, 2021
4,184
7,711
Why would you want to make people's lives unpleasant?

I didn’t do it to anyone else. All devices involved belong to me.

Also the device is useful for other things. It can be easily used for abuse but it can also be used for lots of cool stuff for personal, non abusive uses. It can be used as a remote shutter for the iPhone camera via Bluetooth, for example.
 

macduke

macrumors G5
Jun 27, 2007
13,125
19,643
Wow, this device could be really useful for my crimes hobbies. 🤔
I highly doubt MR wants to get blamed considering idiots are using these to steal cars and break into things..
People need to understand something: This device puts into one device technology that has been used by everyone from criminals to governments (is there a difference? lol), in some instances for decades. This device existing and being so easy to use and combining so many tools together will be better for all of us in the long-run, because manufacturers will patch security holes and update their hardware over time to prevent these exploits. There is a lot of lax security out there that relies on simple radio communication.

By taking it from the hands of the few and putting it into the hands of the many, we all become safer because companies are actually forced to do something about this. This is no different than someone like The Lock Picking Lawyer, who sells lock picking kits through his business Covert Instruments and has a popular YouTube channel where he shows the flaws in various locks. Consumers are empowered to buy things that are more secure in the long run, and penetration testing has always been a thing since the invention of the door and extends to all modern devices.

At the end of the day bad guys are always gonna bad guy. People thought they were secure because they didn't know they weren't until now. We shouldn't penalize the company making these tools, we should penalize the companies selling garbage systems that are so easy to hack into or overload. Someone will always make these tools, whether in their basement, or in some NSA lab or corporate espionage operation.
 

knightsabre7

macrumors newbie
Jun 7, 2022
29
44
I didn’t do it to anyone else. All devices involved belong to me.

Also the device is useful for other things. It can be easily used for abuse but it can also be used for lots of cool stuff for personal, non abusive uses. It can be used as a remote shutter for the iPhone camera via Bluetooth, for example.
You can remote shutter an iPhone camera via Apple Watch as well.
 

Skyscraperfan

macrumors 6502a
Oct 13, 2021
760
2,118
It should not even be illegal do open the doors of cars with this device, because car manufactures neglected security in exchange for convenience for years and many still do.

The worst kinds of electronic car keys are the ones that open the door when you are close to the car without pressing a button. Thieves do no longer have to hack those devices. They just have to amplify the signal of the key to make the car "think" that the key is close by. So the thieves sneak to the house and if the key if close to an outer wall of the house, they can amplify the key signal enough to open the door of the car that parks outside and sometimes even start the car and drive away.

Some things simply should not be wireless. Some houses even use wireless options to open and close the window shutters and those often are not secured by any kind of encryption. So a thieve just had to know the right frequency - which very often is 433 MHz - and then he can open the window shutters of a house.

Wireless light switches are also a dangerous thing. A thieve could turn the lights inside a house on and off multiple times and if there is no reaction, the owners are likely sleeping or not at home at all.

Many wireless cameras still have no encryption at all. Thieves and other curious people are still able to access the video and even audio of many of those cameras. Very convenient. They can look into the homes of other people and even blackmail them with what those cameras recorded.

If an insecure wireless device helped a thieve break into your home, your insurance company likely will not pay a single penny.
 

firewood

macrumors G3
Jul 29, 2003
8,107
1,344
Silicon Valley
If I see someone with one of these, I may express my alternative personality.
That's probably a good sized percentage of all electronics engineers and EE students, as you can do pretty much similar stuff with most BLE and various SDR radio development kits available from most major electronics distributors. ST Micro, Analog Devices, TI (et.al.) make these dev systems for students and engineering labs. All Flipper did was put these technologies in a small tomagichi-like package. Anyone can use tools, or misuse them.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.