Apple has still not fixed a security flaw with the new iOS beta

News
By James Bentley
published

A fishy situation.

iPhone 15 Plus review
(Image credit: Future)

Back in September, an iPhone user reported a security issue that could render an iPhone unusable with nothing but a Flipper Zero multitool and some creativity. Now, months later, Apple has still not addressed this issue in any fashion, sparking concerns.  

Essentially, someone with the technical know-how could use the Flipper Zero to ping the AirPods Bluetooth connect symbol on the screen consistently to lock down a device. At the time, this was likened to a DDOS attack, which constantly pings an internet service with requests, taking it down. As 9to5Mac has pointed out, the iOS 17.2 beta does nothing to rectify this.

As of right now, the device needs to be quite close to the iPhone, and turning off Bluetooth entirely can stop it but this flaw could be exploited by users who know how to do worse. To protect yourself fully, you must turn off Bluetooth from settings – doing so from the Control Center doesn’t work. 

An Apple Problem - iMore’s Take

Back when this originally surfaced, a representative of Flipper Zero spoke to iMore, claiming:

'It’s important to highlight this is impossible on the default hardware. We have taken necessary precautions to ensure the device can’t be used for nefarious purposes. Since the firmware is open source, individuals can adjust it and use the device in an unintended way, but we don’t promote this and condone the practice if the goal is to act maliciously.

Potentially, one could repurpose an Android phone with custom firmware or any Arduino-like device with BLE capabilities to do the same. This is why we agree with the researcher that Apple should implement safeguards and eliminate the problem at its core.

The Flipper Zero is not the only device capable of spoofing a Bluetooth notification, so it's a problem Apple will have to fix internally to eliminate the threat for good. Perhaps a solution such as disabling Bluetooth after a handful of pings in a row or only allowing trusted devices to ping multiple times could be a software-based fix in a future version of iOS. 

Apple didn’t respond to a request for comment when the issue was first raised in September. 

More from iMore

James Bentley
James Bentley

James is a staff writer and general Jack of all trades at iMore. With news, features, reviews, and guides under his belt, he has always liked Apple for its unique branding and distinctive style. Originally buying a Macbook for music and video production, he has since gone on to join the Apple ecosystem with as many devices as he can fit on his person. 

With a degree in Law and Media and being a little too young to move onto the next step of his law career, James started writing from his bedroom about games, movies, tech, and anything else he could think of. Within months, this turned into a fully-fledged career as a freelance journalist. Before joining iMore, he was a staff writer at Gfinity and saw himself published at sites like TechRadar, NME, and Eurogamer. 

As his extensive portfolio implies, James was predominantly a games journalist before joining iMore and brings with him a unique perspective on Apple itself. When not working, he is trying to catch up with the movies and albums of the year, as well as finally finishing the Yakuza series. If you like Midwest emo music or pretentious indie games that will make you cry, he’ll talk your ear off.