The latest iOS 17.2 update seems to have taken steps to prevent a security issue reported by ZDNet. This issue involved the Pen-Testing tool Flipper Zero bombarding iPhones and iPads with an excessive number of Bluetooth connection requests, causing them to crash.
The problem stemmed from a flaw in the Bluetooth Low Energy (BLE) pairing sequence, which was exploited to flood nearby Apple devices with notifications, leading to continuous restarts.
Those close by received prompts on their iPhones to link with nearby Apple gadgets like Airtags or Apple TV. The attacker, using Flipper Zero, could repeatedly trigger these notifications, essentially making the targeted iPhones unusable—a form of a DoS (Denial of Service) attack. Interestingly, whether Bluetooth was on in the control center didn’t matter; only disabling it in settings provided security.
Reports suggest that attackers used Flipper-Zero’s Xtreme firmware to execute unnoticed DoS attacks in public places, like trains, cafes, and concerts, within a range of around 50 meters. And here’s the kicker—it’s not limited to Apple devices; Android gadgets are vulnerable too.
Apple hasn’t given specifics on how iOS 17.2 tackles this BLE exploit. However, there are indications that the security measures might involve a pause introduced by Apple for Advertising Packets (ADV requests) over BLE. This pause became evident through annoying pop-ups before a test device completely blocked new pairing attempts from a modified Flipper Zero.
