With a small, affordable device and a bit of expertise, a researcher has found a way to drive iPhone users crazy. We take stock of the trick of this computer security expert, which consists in diverting the possibilities offered by Bluetooth.
A computer security researcher has discovered a very effective way to annoy iPhone users. Asked by TechCrunchthe expert, who calls himself Anthony or Techryptic, explains that it is possible to use a Pinball Zero, a very affordable hacking tool, to spamming iPhones with Bluetooth connection requests.
Sold for only 169 dollars, the Pinball Zero is a small open source tool intended for computer hackers. It can interact with radio protocols, access control systems and most digital systems. Above all, it can communicate through the Bluetooth Low Energy protocol, which the hacker rightly considers to be “the cornerstone of modern wireless communication”.
As part of his experiment, the researcher modified the firmware of the Pinball Zero. As Flipper Devices, the company behind the gadget, explained to 01Net, it’s impossible to deploy an attack like this without modifying the Flipper Zero:
“We have taken the necessary precautions to ensure that the device cannot be used for nefarious purposes. Since the firmware is open source, individuals can tweak it and use the device unintentionally, but we do not promote it and condemn this practice if the purpose is to act maliciously”.
When the Apple ecosystem becomes hell
Armed with this little toy-like device, Anthony was able toloop messages prompting to connect to an AirTag, Apple TV, or AirPods on nearby iPhones. Just turn on the Flipper Zero, with its tampered firmware, and a rain of windows floods the iPhones within Bluetooth range.
Concretely, the accessory will “create a plethora of ghost devices near an iOS user”. The messages then continuously pop up on the smartphone’s touch screen similar to an intrusive pop-up advertisement, which ruins the user experience of iOS.
“Imagine searching for a device to connect to and receiving a list of dozens, if not hundreds, of fake device names. Or attempt an AirDrop transfer and be inundated with bogus recipients. […] This can disrupt the seamless experience that Apple users are used to”explains Anthony in a blog post.
The researcher recalls that Apple relies heavily on the possibilities offered by Bluetooth technology to animate its ecosystem. The manufacturer uses it in particular for AirDrop, Handoff, the pairing of Apple Watch and the addition of a HomeKit accessory.
According to the researcher, pranksters could use this technique to trick their loved ones… or deploy phishing attacks. By displaying bogus Bluetooth connection messages, malicious individuals could coerce an iPhone into download malware, hidden in documents. For the expert, the risk of an attack remains very theoretical. Indeed, the Flipper Zero cannot communicate with an iPhone at a great distance. It must be within the range of Bluetooth, which does not exceed 15 meters.
Nevertheless, he recommends that Apple think about a way to mitigate the risk of attacks in this way. The expert advises the manufacturer to include an option in iOS that blocks all Bluetooth communication from unknown devices. According to him, Apple should also add a verification system to confirm that an incoming signal is valid. He also believes that Apple could reduce the distance in which it is possible to receive requests in Bluetooth. Flipper Devices agrees, and adds a simple Android smartphone with “custom firmware” could serve as an attack vector instead of Pinball Zero:
“That’s why we agree with the researcher that Apple should implement protective measures and eliminate the problem at the root.”
For now, iOS only allows you to close the window that is displayed… but it will come back constantly as long as the accessory is nearby. To block requests, you have to go through the deactivation of Bluetooth in the settings.
In the interview given to TechCrunchAnthony reveals that he imagined a solution to spread intrusive messages for miles. Fearing that malicious individuals would hijack his innovations, the researcher preferred to keep the details of his technique secret.