Hackers Spam iPhone Users With Fake Bluetooth Pop-Ups: Here’s How?


Silicon giant, Apple has implemented several useful technologies in its devices so that they can easily pair with certain Bluetooth accessories, such as AirPods and AirTags. The point worth mentioning here is that some hackers are using the same technologies to spam iPhone users. They are using a relatively inexpensive tool called Flipper Zero to spam iPhones with fake Bluetooth pop-ups, making the device “unusable.”

Flipper Zero Is Helping Hackers Fake Bluetooth Connections to an iPhone or iPad

Just for your information, a Flipper Zero is a small cheap device that can be programmed to control multiple radio protocols. A security researcher recently explained how to use a Flipper Zero to perform wireless attacks on Apple devices including iPhones or iPads. The attack dubbed “a Bluetooth advertising assault” actually forces the device to show several Bluetooth connection pop-ups to the user, making it difficult to use the iPhone or iPad.

Hackers usually program the Flipper Zero to act as an official Bluetooth accessory, like a pair of AirPods. These accessories depend on a protocol called Bluetooth Advertisements, which informs another Bluetooth device nearby of their presence. What happens is that the code injected into Flipper Zero compels the device to repeatedly send the pairing signal. As a result, any Apple device nearby will show the connection pop-up continuously. It can be used to annoy iPhone and iPad owners since there’s no way to ignore these pop-ups.

Apple needs to provide an option to ignore Bluetooth connections with unknown devices. While iOS allows you to close the pop-up, it will keep showing up as long as the accessory (or Flipper Zero) is nearby. The most alarming thing is that this attack works even when the iPhone is in Airplane Mode. It is because the Control Center toggle doesn’t disable Bluetooth even in Airplane Mode. The only way to prevent the attack is by manually turning off Bluetooth in the Settings app. We are still not sure if Apple is already working on a way to prevent this type of attack or not.


Source link

vaibhav palhade