The Bluetooth Low Energy denial of service attacks are a series of denial-of-service attacks against mobile phones and iPads via Bluetooth Low Energy that can make it difficult to use them.[1]
At DEF CON 31 in 2023, a demonstration was given using equipment made with a Raspberry Pi, a Bluetooth adapter and a couple of antennas.[1] This attack used Bluetooth advertising packets, hence did not require pairing.[1] The demonstration version claimed to be an Apple TV and affected iOS 16.[1]
Flipper Zero attackedit
This attack also uses Bluetooth advertising packets to repeatedly send notification signals to iPhones and iPads running iOS 17.[1][2] It uses a Flipper Zero running third-party Xtreme firmware.[1][3][2] It can still affect the phone even if the phone is in airplane mode and requires Bluetooth to be shut down from device settings or running the phone in Lockdown mode.[1][3][2]
The attack can cause the phone to crash.[3] It also affects iOS 17.1.[4]
The release of iOS 17.2 made the iPhone more resistant to the attack, reducing the flood of popup messages.[5]
An app to perform these attacks was written for Android.[6]
Interference with a medical deviceedit
An attendee of Midwest FurFest 2023 tweeted that the Android device they used to control their insulin pump had been crashed by a BLE attack and that if they hadn't been able to fix it they would have had to go to a hospital.[6]
Wall of Flippersedit
The Wall of Flippers project has written a Python script that can scan for BTLE attacks.[6] It can run on Linux or Microsoft Windows.[6]
^ abcdefgWinder, Davey (2023-09-06). "New iPhone iOS 16 Bluetooth Hack Attack—How To Stop It". Forbes. Retrieved 2023-11-13.
^ abcdGoodin, Dan (2023-11-02). "This tiny device is sending updated iPhones into a never-ending DoS loop". Ars Technica. Retrieved 2023-11-13.
^ abcKingsley-Hughes, Adrian (2023-10-16). "Flipper Zero can be used to crash iPhones running iOS 17, but there's a way to foil the attack". ZDNET.
^Kingsley-Hughes, Adrian (2023-10-30). "iOS 17.1 update still no defense against Flipper Zero iPhone crashes". ZDNET.
^Kingsley-Hughes, Adrian (2023-12-15). "iOS 17.2 update puts an end to Flipper Zero's iPhone shenanigans". ZDnet. Retrieved 2023-12-16.
^ abcdToulas, Bill (2023-12-23). "'Wall of Flippers' detects Flipper Zero Bluetooth spam attacks". Bleeping Computer. Retrieved 2024-01-05.
^Kingsley-Williams, Adrian (2023-10-24). "Now Android and Windows devices aren't safe from Flipper Zero either". ZDNET.
April 13, 2024
bluetooth, energy, denial, service, attacks, series, denial, service, attacks, against, mobile, phones, ipads, bluetooth, energy, that, make, difficult, them, contents, iphone, ipad, attacks, defcon, proof, concept, attack, flipper, zero, attack, interference,. The Bluetooth Low Energy denial of service attacks are a series of denial of service attacks against mobile phones and iPads via Bluetooth Low Energy that can make it difficult to use them 1 Contents 1 iPhone and iPad attacks 1 1 DEFCON proof of concept attack 1 2 Flipper Zero attack 2 Interference with a medical device 3 Wall of Flippers 4 Android attack 5 ReferencesiPhone and iPad attacks editDEFCON proof of concept attack edit At DEF CON 31 in 2023 a demonstration was given using equipment made with a Raspberry Pi a Bluetooth adapter and a couple of antennas 1 This attack used Bluetooth advertising packets hence did not require pairing 1 The demonstration version claimed to be an Apple TV and affected iOS 16 1 Flipper Zero attack edit This attack also uses Bluetooth advertising packets to repeatedly send notification signals to iPhones and iPads running iOS 17 1 2 It uses a Flipper Zero running third party Xtreme firmware 1 3 2 It can still affect the phone even if the phone is in airplane mode and requires Bluetooth to be shut down from device settings or running the phone in Lockdown mode 1 3 2 The attack can cause the phone to crash 3 It also affects iOS 17 1 4 The release of iOS 17 2 made the iPhone more resistant to the attack reducing the flood of popup messages 5 An app to perform these attacks was written for Android 6 Interference with a medical device editAn attendee of Midwest FurFest 2023 tweeted that the Android device they used to control their insulin pump had been crashed by a BLE attack and that if they hadn t been able to fix it they would have had to go to a hospital 6 Wall of Flippers editThe Wall of Flippers project has written a Python script that can scan for BTLE attacks 6 It can run on Linux or Microsoft Windows 6 Android attack editThe Flipper Zero version of the attack has been adapted to attack Android and Microsoft Windows systems 7 2 References edit a b c d e f g Winder Davey 2023 09 06 New iPhone iOS 16 Bluetooth Hack Attack How To Stop It Forbes Retrieved 2023 11 13 a b c d Goodin Dan 2023 11 02 This tiny device is sending updated iPhones into a never ending DoS loop Ars Technica Retrieved 2023 11 13 a b c Kingsley Hughes Adrian 2023 10 16 Flipper Zero can be used to crash iPhones running iOS 17 but there s a way to foil the attack ZDNET Kingsley Hughes Adrian 2023 10 30 iOS 17 1 update still no defense against Flipper Zero iPhone crashes ZDNET Kingsley Hughes Adrian 2023 12 15 iOS 17 2 update puts an end to Flipper Zero s iPhone shenanigans ZDnet Retrieved 2023 12 16 a b c d Toulas Bill 2023 12 23 Wall of Flippers detects Flipper Zero Bluetooth spam attacks Bleeping Computer Retrieved 2024 01 05 Kingsley Williams Adrian 2023 10 24 Now Android and Windows devices aren t safe from Flipper Zero either ZDNET Retrieved from https en wikipedia org w index php title Bluetooth Low Energy denial of service attacks amp oldid 1206724015, wikipedia, wiki, book, books, library,
