Bluetooth Low Energy denial of service attacks

The Bluetooth Low Energy denial of service attacks are a series of denial-of-service attacks against mobile phones and iPads via Bluetooth Low Energy that can make it difficult to use them.^[1]

iPhone and iPad attacks[edit]

DEFCON proof of concept attack[edit]

At DEF CON 31 in 2023, a demonstration was given using equipment made with a Raspberry Pi, a Bluetooth adapter and a couple of antennas.^[1] This attack used Bluetooth advertising packets, hence did not require pairing.^[1] The demonstration version claimed to be an Apple TV and affected iOS 16.^[1]

Flipper Zero attack[edit]

This attack also uses Bluetooth advertising packets to repeatedly send notification signals to iPhones and iPads running iOS 17.^[1]^[2] It uses a Flipper Zero running third-party Xtreme firmware.^[1]^[3]^[2] It can still affect the phone even if the phone is in airplane mode and requires Bluetooth to be shut down from device settings or running the phone in Lockdown mode.^[1]^[3]^[2]

The attack can cause the phone to crash.^[3] It also affects iOS 17.1.^[4]

The release of iOS 17.2 made the iPhone more resistant to the attack, reducing the flood of popup messages.^[5]

An app to perform these attacks was written for Android.^[6]

Interference with a medical device[edit]

An attendee of Midwest FurFest 2023 tweeted that the Android device they used to control their insulin pump had been crashed by a BLE attack and that if they hadn't been able to fix it they would have had to go to a hospital.^[6]

Wall of Flippers[edit]

The Wall of Flippers project has written a Python script that can scan for BTLE attacks.^[6] It can run on Linux or Microsoft Windows.^[6]

Android attack[edit]

The Flipper Zero version of the attack has been adapted to attack Android and Microsoft Windows systems.^[7]^[2]

References[edit]

^ ^a ^b ^c ^d ^e ^f ^g Winder, Davey (2023-09-06). "New iPhone iOS 16 Bluetooth Hack Attack—How To Stop It". Forbes. Retrieved 2023-11-13.
^ ^a ^b ^c ^d Goodin, Dan (2023-11-02). "This tiny device is sending updated iPhones into a never-ending DoS loop". Ars Technica. Retrieved 2023-11-13.
^ ^a ^b ^c Kingsley-Hughes, Adrian (2023-10-16). "Flipper Zero can be used to crash iPhones running iOS 17, but there's a way to foil the attack". ZDNET.
^ Kingsley-Hughes, Adrian (2023-10-30). "iOS 17.1 update still no defense against Flipper Zero iPhone crashes". ZDNET.
^ Kingsley-Hughes, Adrian (2023-12-15). "iOS 17.2 update puts an end to Flipper Zero's iPhone shenanigans". ZDnet. Retrieved 2023-12-16.
^ ^a ^b ^c ^d Toulas, Bill (2023-12-23). "'Wall of Flippers' detects Flipper Zero Bluetooth spam attacks". Bleeping Computer. Retrieved 2024-01-05.
^ Kingsley-Williams, Adrian (2023-10-24). "Now Android and Windows devices aren't safe from Flipper Zero either". ZDNET.

[forbes-iphone-ios-16-1] ^ ^a ^b ^c ^d ^e ^f ^g Winder, Davey (2023-09-06). "New iPhone iOS 16 Bluetooth Hack Attack—How To Stop It". Forbes. Retrieved 2023-11-13.

[ars-technica-this-tiny-device-2] Goodin, Dan (2023-11-02). "This tiny device is sending updated iPhones into a never-ending DoS loop". Ars Technica. Retrieved 2023-11-13.

[zdnet-flipper-zero-can-be-used-to-crash-iphones-3] Kingsley-Hughes, Adrian (2023-10-16). "Flipper Zero can be used to crash iPhones running iOS 17, but there's a way to foil the attack". ZDNET.

[4] Kingsley-Hughes, Adrian (2023-10-30). "iOS 17.1 update still no defense against Flipper Zero iPhone crashes". ZDNET.

[5] Kingsley-Hughes, Adrian (2023-12-15). "iOS 17.2 update puts an end to Flipper Zero's iPhone shenanigans". ZDnet. Retrieved 2023-12-16.

[bc-wall-of-flippers-detects-6] Toulas, Bill (2023-12-23). "'Wall of Flippers' detects Flipper Zero Bluetooth spam attacks". Bleeping Computer. Retrieved 2024-01-05.

[7] Kingsley-Williams, Adrian (2023-10-24). "Now Android and Windows devices aren't safe from Flipper Zero either". ZDNET.

[1]

[2]

[3]

[4]

[5]

[6]

[7]