Jeroen van der Ham’s iPhone Hijack: Public Space Tech Threats Unveiled
In early October, an incident occurred that raised concerns about the security of using modern gadgets in public spaces. Security researcher Jeroen van der Ham fell victim to an attack on his iPhone while traveling by train in the Netherlands. His smartphone began to receive a deluge of Bluetooth connection notifications that rendered the device virtually inoperable, leading to its reboot. The scenario recurred during a second journey, with the same notifications plaguing not just the researcher but also other passengers.
Van der Ham associated these malfunctions with the presence of a certain passenger who was working on a MacBook connected to an iPhone via USB. This individual continued his work, seemingly oblivious to the disruption caused as surrounding passengers’ devices rebooted. Ultimately, the researcher deduced that this passenger was the source of the disturbance.
A fully updated iPhone (left) after being force-crashed by a Flipper Zero (right)
Image Credit: Jeroen van der Ham
Upon further investigation, van der Ham discovered that the attacks were facilitated by a device known as Flipper Zero, capable of interfacing with various types of wireless communications, including RFID, NFC, Bluetooth, Wi-Fi, and standard radio frequencies.
Van der Ham replicated the attack within a controlled environment, and it functioned just as it had during his train travel. He programmed his device with a special firmware called Flipper Xtreme, which he acquired through a Discord channel dedicated to Flipper Zero. This firmware enabled the transmission of a continuous stream of Bluetooth Low Energy (BLE) packets, masquerading as various devices attempting to connect via Bluetooth, thereby causing the iPhone malfunctions.
It is noteworthy that the attack did not induce malfunctions in iPhones operating on iOS versions before 17.0. Representatives from Apple have not responded to inquiries regarding plans to release updates to prevent such attacks.
Currently, to ward off such attacks on iOS, users may disable Bluetooth in their settings; however, this may be challenging or even impossible during an attack. Similar Denial-of-Service (DoS) attacks can be executed against Android and Windows-based devices using the Flipper Xtreme firmware.
Via: Arstechnica
