Previous discussion a few weeks ago: <a href="https://news.ycombinator.com/item?id=37919396">https://news.ycombinator.com/item?id=37919396</a>
I've installed the "little tool" on my Flipper Zero and confirmed that it does, in fact, crash my iPhone.<p>I know I'm preaching to the choir here on this site, but as a reminder, the tool only exposes a bug that was already there. It's an exploit for an existing problem. I'm glad that this bug is getting press now so maybe it'll get fixed. Without the public visibility, only the bad guys would have this ability.<p>And as another reminder, an exploit that can reboot a device might be able to leverage that memory leak, null dereference, or whatever else to do more than just crash it.
It's one thing that iPhones are prone to this attack.<p>It's another thing that Apple confuses people with disabling Bluetooth.
I always need to go to settings -> Bluetooth to really turn it off instead of using this pull-down menu.
I assume many non-technical people don't understand this difference.
So it seems like a violation of UX principles that only makes users feel to be in control.
I tried and crashed my iPhone with this. I locked the screen, and it never turned back on. Had to force a reboot for it to come back to live. So not "never ending" unless you stay within the Flippers BLE range, which is rather limited.<p>Also, the notifications trigger on Windows aswell.
The attack in question: <a href="https://github.com/Flipper-XFW/Xtreme-Firmware/blob/1a9c9cc32ff358f05a63b38348ba58fa225a3e9a/applications/external/ble_spam/protocols/continuity.c#L257">https://github.com/Flipper-XFW/Xtreme-Firmware/blob/1a9c9cc3...</a>
I noticed last night our iPad can request Personal Hotspot access even when my iPhone Hotspot is off. There is 0 delay between pressing the hotspot button and my phone beeping. And you can do it as often as you like.<p>It certainly doesn't go through the internet. I suspect it is direct ipad to iphone communication. I'm going to turn Bluetooth off tonight and see if it goes away.
… as long as the device can connect to the iPhone via Bluetooth.<p>That’s still not good of course, but the headlines makes it sound like the phone is getting bricked, which is not the case.
This could be used as a way to get someone to type in their password (required on restart) in a visible environment where it can be captured by thieves. The thieves then steal/rob the phone from the person, and can access the phone, including sensitive banking apps. This allows thieves to steal a phone but get something much more valuable — thousands of dollars in bank transfers.
> A similar attack can also be used on Android devices and Windows laptops. BleepingComputer reported last week that the Bluetooth spam attacks can be used on Samsung Galaxy phones to generate a never-ending amount of pop-ups.
"Little tool" = Flipper zero<p>> [the attacker was] using a Flipper Zero device with custom firmware to send a combination of Bluetooth low energy (BLE) alerts to nearby iPhone handsets running iOS 17.<p>> If you have an iPhone running iOS 17, then the only reliable way to protect against the pop-ups and crash attack is by disabling Bluetooth.
> security researcher Jeroen van der Ham fell victim to the exploit on a train journey last month<p>Holy crap ... this means that it probably happened to many other people too.<p>Unless this was a train going to a security conference.
Even if the device doesn’t crash, the inundation of these alerts is still a DoS and at times, very scary. You can generate them with various prompts, including some that prompt to transfer your phone number to a new device or setup a new iPhone. They’re disruptive and scary, and there needs to be a better protection system in-place against this.
[sigh/]<p>Apple's aura: Perfect security & privacy<p>Apple's reality: Overall less-crappy security & privacy than its leading competitors<p>For a premium brand seeking to maximize profit, this makes perfect business sense. And Tim Cook is pretty good at both the "business" and "profit maximizing" stuff.
Bluetooth stacks are a pretty rich source of bugs and security issues. Back when I was working at a consumer electronics manufacturer circa 2010, I documented nearly a dozen different crashes/bugs on Android and iOS devices caused by malformed packets my own buggy code was sending. Even simple things like getting the length of HID descriptors wrong would crash iOS at the time. I imagine they've fixed a lot of those with time and better tooling, and BLE is a much simpler standard to boot, but clearly there's still some gremlins lying around.
What do we think the fix is on the iOS 17?<p>If it were me, knowing nothing about the inner details of iOS, I would apply some kind of rate limit or throttling on incoming BT connections and allow the user to ignore repeated incoming connections. It would be not unlike trying to download multiple files from the same website, which usually triggers a "do you want to allow $site to download multiple files?" prompt.<p>Maybe I'm naïve, but this seems trivial to prevent.
I never anticipated to see Remotespywise reviews here, despite the fact that they once assisted me in hacking and spying on my husband's and kids' cell phones and devices, giving me access to all of their new and deleted messages as well as those from all of their social media platforms. remotespywise @ gmil com is very straightforward and upfront in their works, so it's wonderful that they receive all the recommendations like this, allowing many people who are searching for a very reputable and expert hacking business to learn about them . remotespywise @ gmil com is well-known for recovering digital assets from con artists and providing all kinds of hacking service
Good job by the hacker on the train. The more people get used to the idea that their smartphone won't always work when they want it, the more they won't exclusively rely on it when there is a more significant risk. It's a one-man public service campaign.