An iPhone security warning has been issued after it emerged that a tiny computer can be used to fool your iPhone into showing you fake popups. With nothing but a Flipper Zero and some ingenuity, bad actors can use the little device to spoof Bluetooth notifications. This can build from a minor annoyance all the way up to entirely disrupting your device.
On his YouTube account, Techryptic showed off the tech with a nearby iPhone and iPad. In this short clip, he placed the Flipper Zero next to his devices and they both attempted to connect. As of right now, this is a minor annoyance in a short proximity but Techryptic claimed to Tech Crunch that it could work over “thousands of feet”.
On its GitHub account, Techryptic said:
‘When a device like Flipper Zero mimics the advertising packets of legitimate devices or services, it can create a plethora of phantom devices in the vicinity of an iOS user’
Zero to sixty
When trying to test the results themselves, Tech Crunch was able to do so but could not replicate the notification spam present in Techryptic’s video tweet.
Though this Flipper Zero definitely seems to work, its effects are minimal right now due to its proximity. With code present on GitHub, you have to place it right next to your targeted device to produce a pop-up. Also, turning off Bluetooth from settings will negate this. Turning off Bluetooth from the navigation bar, however, will not.
That said, this is still a security concern for Apple and further advancements in this tech could entirely immobilize Apple iPhones. As you need to physically click away from notifications, it could essentially spam your iPhone with them, rendering it impossible to do anything else. The Flipper Zero retails for $169 — a fairly small investment for something that could be so damaging.
On X, Techryptic likened it to a DDOS attack which is the process of flooding someone’s internet provider, service, or network with requests. As they are not prepared for the sheer volume of requests, this will send it offline. The notification spam operates on the same basic logic.
iMore has reached out to Apple for comment.