Bluetooth Low Energy denial of service attacks
{{Short description|Set of denial-of-service attacks}}
The Bluetooth Low Energy denial of service attacks are a series of denial-of-service attacks against mobile phones and iPads via Bluetooth Low Energy that can make it difficult to use them.{{Cite news |title=New iPhone iOS 16 Bluetooth Hack Attack—How To Stop It |url=https://www.forbes.com/sites/daveywinder/2023/09/06/new-iphone-ios-16-bluetooth-hack-attack-how-to-stop-it/ |last=Winder |first=Davey |date=2023-09-06 |access-date=2023-11-13 |work=Forbes}}
iPhone and iPad attacks
=DEFCON proof of concept attack=
=Flipper Zero attack=
This attack also uses Bluetooth advertising packets to repeatedly send notification signals to iPhones and iPads running iOS 17. It uses a Flipper Zero running third-party Xtreme firmware. It functions even when the device is in airplane mode, and can only be avoided by disabling Bluetooth from the device's Settings app.{{Cite news |last=Goodin |first=Dan |date=2023-11-02 |title=This tiny device is sending updated iPhones into a never-ending DoS loop |url=https://arstechnica.com/security/2023/11/flipper-zero-gadget-that-doses-iphones-takes-once-esoteric-attacks-mainstream/ |access-date=2023-11-13 |work=Ars Technica}}
The attack can cause the device to crash.{{Cite news |title=Flipper Zero can be used to crash iPhones running iOS 17, but there's a way to foil the attack |url=https://www.zdnet.com/article/flipper-zero-can-lock-up-an-iphone-running-the-latest-ios-17/ |last=Kingsley-Hughes |first=Adrian |date=2023-10-16 |work=ZDNET}} It also affects iOS 17.1.{{Cite news |title=iOS 17.1 update still no defense against Flipper Zero iPhone crashes |url=https://www.zdnet.com/article/ios-17-1-update-still-no-defense-against-flipper-zero-iphone-crashes/ |last=Kingsley-Hughes |first=Adrian |date=2023-10-30 |work=ZDNET}}
The release of iOS 17.2 made devices more resistant to the attack, reducing the flood of popup messages.{{Cite news |title=iOS 17.2 update puts an end to Flipper Zero's iPhone shenanigans |url=https://www.zdnet.com/article/ios-17-2-update-puts-an-end-to-flipper-zero-iphone-shenanigans/ |last=Kingsley-Hughes |first=Adrian |date=2023-12-15 |access-date=2023-12-16 |work=ZDnet}}
An app to perform these attacks was written for Android.{{Cite news |title='Wall of Flippers' detects Flipper Zero Bluetooth spam attacks |url=https://www.bleepingcomputer.com/news/security/wall-of-flippers-detects-flipper-zero-bluetooth-spam-attacks/ |last=Toulas |first=Bill |date=2023-12-23 |access-date=2024-01-05 |work=Bleeping Computer}}
Interference with a medical device
An attendee of Midwest FurFest 2023 tweeted that the Android device they used to control their insulin pump had been crashed by a BLE attack and that if they hadn't been able to fix it they would have had to go to a hospital.
Wall of Flippers
The Wall of Flippers project has written a Python script that can scan for BTLE attacks. It can run on Linux or Microsoft Windows.
Android attack
The Flipper Zero version of the attack has been adapted to attack Android and Microsoft Windows systems.{{Cite news |title=Now Android and Windows devices aren't safe from Flipper Zero either |url=https://www.zdnet.com/article/now-android-and-windows-devices-arent-safe-from-flipper-zero-either/ |last=Kingsley-Williams |first=Adrian |date=2023-10-24 |work=ZDNET}}