If you ever find yourself sitting in a coffee shop, library, or train station and your iPhone suddenly goes haywire with a stream of pop-ups and reboots, then look around for a small USB stick-like device, as that could be the culprit.
The device in question is the Flipper Zero device, a hacking gadget that is described as a “multi-tool device for geeks” to interact with wireless communications. The device’s website notes it can be used for all manner of functions, such as acting as a remote key or being used to aid in cyber security penetration testing. But Ars Technica points out the Flipper Zero has been used for more nefarious means, from flipping TV channels in public places for cheap laughs to being used to clone hotel keys or open automatic garage doors. And now the tool can mess with iPhones.
As Ars reports, this was noted by security researcher Jeroen van der Ham who on a train trip in the Netherlands found that his iPhone suddenly threw up a mass of pop-up windows and then rebooted which made it virtually impossible to use.
“Your phone becomes almost unusable. You can still do stuff in between for a couple of minutes, so it's really annoying to experience. Even as a security researcher who had heard about this attack, it's really hard to realize that that is what's going on,” van der Ham said. He then discovered the culprit was a passenger using the Flipper Zero, which was sending out Bluetooth requests to all iPhones within range, constantly pinging them with connection requests and thus rendering them all but unusable.
The antidote to this, as flagged by TechCrunch, is to turn off Bluetooth in an iPhone's Settings app but that’s easier said than done when an iPhone is constantly throwing up pop-ups and then rebooting. For affected Android devices more can be done like finding the ‘nearby share’ option and toggling off notifications.
Hacked off
While we've heard of devices like the Flipper Zero wreaking havoc before, what’s concerning here is its capabilities appear to be expanding, as it can now affect iPhones and iPads.
There’s an argument that security on RF enabler tech was never really that strong, and their security was more a result of people not putting in the effort to hack them. But when devices like Flipper Zero seemingly trivialize the process – Flipper’s website notes: “Flipper is designed with the convenience of everyday usage in mind—it has a robust case, handy buttons, and shape, so there are no dirty PCBs or scratchy pins.”
So with this, RF systems become a more viable attack vector for garden-variety hackers and hobbyists, even if it’s just to cause chaos and disruption for the average smartphone user.
As it stands, there's not a lot you can do to prevent this other than be aware of your surroundings and sometimes turn Bluetooth off. But what is clear is that more robust security is needed for RF-enabled devices as the hacking tools get ever more capable.
