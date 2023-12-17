Apple shuts down iPhone Flipper hackers with iOS 17.2 update Nurfoto via Getty Images

As my fellow senior contributor Kate O’Flaherty at Forbes reports, the latest iOS 17.2 update fixes several serious security vulnerabilities with the WebKit Safari engine and a serious iPhone kernel issue. Although Apple does not shout from the rooftops about such vulnerability patches; You have to know where to look, it appears to have outdone itself in terms of secret security updates this time.

Hackers can crash your iPhone using easily available gadgets

Regular readers will remember that I previously covered a story about how hackers managed to exploit the way you use the Bluetooth Low Energy protocol to send advertising packets to your iPhone, causing your phone to crash. By repeatedly sending notification prompts and ensuring that a pop-up is constantly displayed no matter what you’re trying to do, it becomes more than just a prank: it turns into an iPhone denial of service. It is an attack. Using the firmware-modified Flipper Zero, a device that costs less than $200 and can best be considered a Swiss Army tool for hackers, it’s possible to send the relevant signal to any iPhone within a radius of about 50 feet .

iPhone attack scenario is limited but annoying

This attack method works even if you disable Bluetooth using Airplane Mode from your device control panel. Still, the hacker must be within effective Bluetooth range, severely limiting its practicality. However, it is known that hackers are experimenting with additional hardware to increase that effective range by considerable distances: not just a single railway carriage, but the entire train and whatever station it is sitting on. However, it remains quite firmly in the prankster category rather than the serious attack category, even though no one other than the prankster will be laughing if it’s aimed at them. Apple certainly didn’t find this funny and, as first reported by ZDNet, has now released a security update that fixes the vulnerability.

Apple fixes iPhone denial-of-service Bluetooth packet attack vulnerability

Previously, the only way to prevent this type of BLE-packet attack was to run your iPhone in lockdown mode; Now, it has been kiboshed for any user. Until, that is, they’ve updated to iOS 17.2. As usual, Apple isn’t really saying much about what’s changed here. It doesn’t take a cybersecurity genius to figure out that the most likely scenario is that some rate-limiting timeout has been enabled for advertisement packet requests. Being a Flipper owner, I can confirm that even if a packet or two still comes through the rapid-fire rejection of the service stream, they have dried up.

Flipper Zero is not the problem, the idiots who misuse it are the problem

This is something the people behind Flipper Zero have been demanding since at least September 6, when I first reported on the matter. A Flipper Zero spokesperson said, “Apple should implement security measures and root out the problem.” “We have taken necessary precautions to ensure that the device cannot be used for nefarious purposes. Since the firmware is open source, individuals can adjust it and use the device in unintended ways, but we do not promote this and we condemn this practice if the goal is to act maliciously.

You know what to do now: Go to Settings > General > Software Update and install iOS 17.2.