Apple's iOS 17.2 Update Safeguards iPhones and iPads from Flipper Zero Attacks
The update effectively prevents the pen-testing tool, when modified with Xtreme firmware, from crashing devices with overwhelming Bluetooth notifications.
- Apple has implemented safeguards in iOS 17.2 to prevent Flipper Zero devices from sending nearby iPhones and iPads into never-ending denial of service (DoS) loops.
- Flipper Zero is a pen-testing tool that can be modified with third-party firmware (Xtreme) to provide a Bluetooth Low-Energy (BLE) spam app, which exploits a flaw in the BLE pairing sequence to send overwhelming Bluetooth connection notifications.
- Malicious Flipper Zero devices have been used to pull off undetected DoS attacks on trains, coffee shops, and concert venues.
- While the new iOS update still allows a few popups to appear from Flipper Zero devices, it effectively stops the device from crashing iPhones and iPads.
- The Xtreme firmware is not available from Flipper's own third-party app store, but it is still easily downloadable and installable on NFC-replicating devices.