The Future Is Here
We may earn a commission from links on this page

Apple Shuts Down Flipper Zero’s Ability to Shut Down iPhones

IOS 17.2 cut off Flipper Zero users running the Xtreme third-party firmware from mass-spamming popups at iPhones.

We may earn a commission from links on this page.
Boxes of Flipper Zeros on plastic pallets getting ready to ship.
The Flipper Zero is billed as a fun tool for tech enthusiasts, but it has also been used to perpetrate annoying and more serious attacks on various devices.
Photo: Flipper

Apple silently fixed an exploit that let Flipper Zero devices mass-bombard nearby iPhones with popup notifications, so much so they would essentially disable users’ phones requiring a restart.

Flipper Zero is a small multi-tool able to mimic NFC, RFID, or other radio signals. Billed as a toy-like device for “pentesters and geeks,” the device has come under fire for being an easy-to-use tool for hackers or other ne’er-do-wells.

Advertisement

Still, Flipper Zeros natively doesn’t have this unique denial of service (DOS) capability. Instead, it requires the Xtreme third-party firmware, which comes with the BLE Spam app used to hit devices with spam Bluetooth messages. With that, a Flipper Zero user could stand in a busy intersection and hit all iPhones in a 30-foot radius with popup notifications, enough to make the Apple device lock up and require a restart. The attack also hits other operating systems, including Android and Windows, but—while annoying—the attack could only effectively shut down Apple devices. Still, connected to a bigger antenna, a user could send out these spam messages at a range of 50 feet or more.

Advertisement

ZDNet went ahead and tested the latest Extreme firmware against the iOS 17.2 update. Tests showed that while the phone would still get a range of annoying popups, they wouldn’t crash the phone. Gizmodo has been unable to confirm the exploit is totally fixed independently. We reached out to Apple for confirmation, and we’ll update this story if we hear back.

Advertisement

You can’t get the Xtreme firmware from Flipper’s own third-party app store, but it is still easy for anybody to download and install it on their NFC-replicating device. The Flipper Zero has been knocked down as a hacking tool and was even banned from the Amazon store page. The devices have yet to receive any more widespread ban, but Flipper devices have become notorious among law enforcement circles.

The latest iOS update added a number of handy features like the Journal app, but as usual, Apple doesn’t expand on all its security fixes in its release notes. Notably, iOS 17.3 is supposed to add a heap of anti-theft features, but we’ll need to wait and see whether Apple or any other device maker can put a stop to these annoying Bluetooth messages altogether.