This tiny device is sending updated iPhones into a never-ending DoS loop

One morning two weeks ago, security researcher Jeroen van der Ham was traveling by train in the Netherlands when his iPhone suddenly displayed a series of pop-up windows that made it nearly impossible to use his device. "My phone was getting these popups every few minutes and then my phone would reboot," he wrote to Ars in an online interview. "I tried putting it in lock down mode, but it didn't help." To van der Ham's surprise and chagrin, the same debilitating stream of pop-ups hit again on the afternoon commute home, not just against his iPhone but the iPhones of other passengers in the same train car. He then noticed that one of the same passengers nearby had also been present that morning. Van der Ham put two and two together and fingered the passenger as the culprit. "He was blithely working on some kind of app on his Macbook, had his iPhone out himself, connected through USB so he could still work while all around him apple devices were rebooting and he was not even paying attention to what was happening," he said. "Your phone becomes almost unusable. You can still do stuff in between for a couple of minutes, so it's really annoying to experience. Even as a security researcher who had heard about this attack, it's really hard to realize that that is what's going on." The culprit, it turned out, was using a Flipper Zero device to send Bluetooth pairing requests to all iPhones within radio range. This slim, lightweight device has been available since 2020, but in recent months, it has become much more visible. It acts as a Swiss Army knife for all kinds of wireless communications. It can interact with radio signals, including RFID, NFC, Bluetooth, Wi-Fi, or standard radio. People can use it to covertly change the channels of a TV at a bar, clone some hotel key cards, read the RFID chip implanted in pets, open and close some garage doors, and disrupt the normal use of iPhones. The capabilities generally required expensive SDRs-short for software-defined radios-that, unlike traditional hardware-defined radios, use firmware and processors to digitally re-create radio signal transmissions and receptions. The $200 Flipper Zero isn't an SDR in its own right, but as a software-controlled radio, it can do many of the same things at an affordable price and with a form factor that's much more convenient than the previous generations of SDRs. "The jig is up: software radios have made previously inaccessible attacks available to many more people than before, and work on them will continue," Dan Guido, CEO of security firm Trail of Bits, wrote in an interview. "People who are casually interested in technology can now easily clone most hotel or office keycards. They don't need any knowledge of signals or have to mess with open source code or Linux. [It] definitely democratizes some formerly complex RF hacking into the hands of mere mortals." The Flipper Zero manufacturer bills the device as a "Portable multi-tool for pentesters and geeks" that's suitable for hacking radio protocols and building access control systems, troubleshooting hardware, cloning electronic key cards and RFID cards, and for use as a universal TV remote. Its open source design allows users to flash the device with custom firmware to take on new capabilities. "The idea of Flipper Zero is to combine all the hardware tools you'd need for exploration and development on the go," the manufacturer wrote. "Flipper was inspired by pwnagotchi project, but unlike other DIY boards, Flipper is designed with the convenience of everyday usage in mind-it has a robust case, handy buttons, and shape, so there are no dirty PCBs or scratchy pins."

This Cyber News was published on arstechnica.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to This tiny device is sending updated iPhones into a never-ending DoS loop

This tiny device is sending updated iPhones into a never-ending DoS loop - One morning two weeks ago, security researcher Jeroen van der Ham was traveling by train in the Netherlands when his iPhone suddenly displayed a series of pop-up windows that made it nearly impossible to use his device. "My phone was getting these ...
10 months ago Arstechnica.com
Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown - Canadian Prime Minister Justin Trudeau has identified an unlikely public enemy No. 1 in his new crackdown on car theft: the Flipper Zero, a $200 piece of open source hardware used to capture, analyze and interact with simple radio communications. In ...
8 months ago Arstechnica.com
CMDB: Device Visibility for Bank Security - Let us see how a device visibility and control software functions to automatically alert when a rogue or unauthorized device enters your network. Device visibility and control is a cybersecurity concept that refers to the ability to discover, ...
8 months ago Feeds.dzone.com
Fortifying iPhone Security: Stolen Device Protection & Essential Tips Amid Rising Theft Concerns - Numerous iPhones, often regarded as some of the best in the market, are pilfered daily on a global scale. Apple aims to address this issue with the upcoming release of iOS 17.3, introducing a feature called Stolen Device Protection. This security ...
9 months ago Cysecurity.news
0-click iMessage Attacks to Hack iPhones - Hackers exploit Zero-Days because these vulnerabilities are unknown to software developers, making them valuable for launching attacks before developing patches. Here below, we have mentioned all the four zero-days that were discovered:-. Attackers ...
9 months ago Gbhackers.com
iPhone 0-click spyware campaign 'Triangulation' detailed - Months after blowing the whistle on a sophisticated campaign that dropped full-featured spyware onto iPhones, researchers have disclosed more about the attack's complex exploit chain that abused four separate vulnerabilities. Among the finding are ...
9 months ago Packetstormsecurity.com
Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
9 months ago Go.theregister.com
Final Patch Tuesday of 2023 goes out with a bang The Register - It's the last Patch Tuesday of 2023, which calls for celebration - just as soon as you update Windows, Adobe, Google, Cisco, FortiGuard, SAP, VMware, Atlassian and Apple products, of course. Let's start with Apple, since two of the bugs Cupertino ...
9 months ago Packetstormsecurity.com
Safeguard the joy: 10 tips for securing your shiny new device - The bottom line is that we're all rampant users of smart devices. More than half of Europeans use an internet-connected TV today, a quarter use smartwatches and other wearables, and a fifth are fans of internet-connected gaming devices. With our ...
9 months ago Welivesecurity.com
Apple Patches Are Out, Old iPhones Get an Old Zero-Day Fix At Last - Apple has pushed out a patch for iPhones that fixes a zero-day vulnerability in iOS, released way back in 2017. This patch is significant for old iPhone models because the bug has gone unaddressed for so long, making it difficult - if not impossible ...
1 year ago Nakedsecurity.sophos.com
Dozens of Bugs Patched in Apple TVs and Watches, Macs, iPads, iPhones - On Dec. 11, Apple released patches for dozens of vulnerabilities affecting iPhones, Macs, Apple TVs, Apple Watches, and its Safari browser. The long list includes 39 vulnerabilities fixed for macOS Sonoma version 14.2. Among them are CVE-2023-42914, ...
9 months ago Darkreading.com
Warfare and Geopolitics are Fuelling Denial-of-Service Attacks - The analysis is based on 310 verified Denial-of-Service incidents during the reporting period of January 2022 to August 2023. A large-scale study is also included of publicly reported incidents. The study focuses on the motivations of attackers, ...
10 months ago Enisa.europa.eu
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
10 months ago Bleepingcomputer.com
Apple May Open iPhone NFC Access To Competitors - Apple reportedly offers to open access to iPhone and iPad standardised NFC to competitors in bid to settle antitrust probe. Apple may reportedly open the standardised tap-to-pay technology in iPhones to competitors following an antitrust ...
9 months ago Silicon.co.uk
Duo face 20 years in prison over counterfeit iPhone scam The Register - Two Chinese nationals are facing a maximum of 20 years in prison after being convicted of mailing thousands of fake iPhones to Apple for repair in the hope they'd be replaced with new handsets. This is according to the Attorney's Office for the ...
7 months ago Theregister.com
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
10 months ago Silicon.co.uk
Beware, iPhone Users: iOS GoldDigger Trojan can Steal Face ID and Banking Details - Numerous people pick iPhones over Android phones because they believe iPhones are more secure. This may no longer be the case due to the emergence of a new banking trojan designed explicitly to target iPhone users. According to a detailed report by ...
7 months ago Cysecurity.news
CVE-2020-12885 - An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This ...
4 years ago
Apple emergency updates fix recent zero-days on older iPhones - Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. The two vulnerabilities, now tracked as CVE-2023-42916 and CVE-2023-42917, were ...
10 months ago Bleepingcomputer.com
Apple In Talks With Google To Bring Gemini AI To iPhones - Apple reportedly in talks with Google to use Gemini for generative AI tasks on iPhones in potentially major win for search giant. Apple is in talks with Google to bring its Gemini generative artificial intelligence to the iPhone platform, Bloomberg ...
6 months ago Silicon.co.uk
Vulnerabilities in PanelView Plus devices could lead to remote code execution - Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution and denial-of-service. The RCE ...
3 months ago Microsoft.com
Mobile Device Security: Protecting Your Smartphone - To ensure the safety of your smartphone and protect your personal data from unauthorized access, it is crucial to take proactive steps to enhance mobile device security. Enable device encryption: Enable device encryption on your smartphone to protect ...
8 months ago Securityzap.com
Microsoft Urges Admins to Patch On-Premises Exchange Servers: Updated Security Advice - Microsoft recently released updated guidelines and security advice regarding on-premises Exchange server environments. The company reminded administrators that patching their Exchange servers is essential to prevent cyberattacks and ensure their ...
1 year ago Bleepingcomputer.com
CVE-2022-0778 - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)