One Bad Apple

Installing the latest software updates on your smartphone is a good practice, but is not necessarily enough to keep it secure. While updates often contain crucial security patches to address known vulnerabilities, smartphones face an ever-evolving threat landscape. Cybercriminals continuously develop new techniques and tactics to exploit weaknesses in both operating systems and apps.

With smartphones being ubiquitous, and often storing a wealth of personal information, such as contact lists, financial information, and location data, the lure is too great for would-be hackers to be easily deterred. And being essentially small computers that are constantly connected to wireless networks, these devices provide large attack surfaces.

New malware and phishing attacks are constantly being developed, and it can be difficult for smartphone users to stay up-to-date on the latest threats. In addition, many smartphone users are not aware of the security risks associated with their devices, and they may not take the necessary precautions to protect themselves. These factors only make a hacker’s job easier.

Of course it is not always the user’s fault, however. Device manufacturers and developers of commercial applications are frequently caught off guard, with exploits that they had never dreamed of being discovered on a regular basis. One such exploit, affecting Apple’s iPhones, was recently exposed by a security researcher named Anthony (true to his profession, his last name remains a mystery).

Anthony describes his finding as mainly a way to annoy Apple fans, but it does also open the door to malicious purposes. The exploit takes advantage of a feature of Bluetooth Low Energy (BLE) communications called an advertising packet. These packets are intended to broadcast the presence of a device, and perhaps some information about its capabilities.

The problem lies in the fact that iPhones accept these packets without validating the authenticity of the sender. That makes it possible to send a slew of, for example, fake requests to transfer one’s phone number to another phone. A steady stream of these requests will render the phone virtually unusable, acting as a denial-of-service attack.

There are more nefarious possibilities as well, like launching a phishing attack by mimicking a trusted device. BLE packets play a crucial role throughout Apple’s ecosystem, enabling features like AirDrop, allowing Apple Watches to connect to a phone, and much more, so there are still a lot of unexplored possibilities. It is important to note, however, that the range of BLE is limited, so the attacker needs to be near the target devices. This exploit cannot be carried out across the globe.

Anthony demonstrated his work using the open-source Flipper Zero, which is described as a multi-tool for pentesters and geeks. In a blog post, Anthony walks through the process of modifying the Flipper Zero’s firmware to allow it to spoof legitimate BLE advertising packets from the Apple ecosystem. Once the updated firmware is loaded onto the Flipper Zero, you are set to annoy iPhone users to no end. You will need to be in the same general area as the people you are driving nuts, though, so you might want to consider wearing your running shoes.

If you want to avoid this attack, reports indicate that switching Bluetooth off in the Control Center is not good enough, but fully switching it off in Settings seems to do the trick. Keep in mind that doing this will disable many of the features that make devices in the Apple ecosystem work together so well.