Tech / Technology

This $169 device can put your iPhone in a reboot loop. Here’s what you can do.

Posted on:

A tiny $169 device can send iPhones and other phones into a reboot loop. There’s no immediate fix, but you can take precautions.
Flipper Zero

A tiny device can be used to put your iPhone, and perhaps Android phones as well, into an endless reboot loop — and while there is a way to mitigate the attack, it’s far from ideal.

The device is called Flipper Zero and is typically used for penetration testing, meaning security experts use it to test another device’s wireless security. It’s not exactly obscure; it can easily be bought online for $169 in the U.S. or €165 in Europe.

Described as a “portable multi-tool for pentesters and geeks in a toy-like body,” Flipper Zero can interact with various types of wireless systems, including garage door remotes, TVs, NFC readers, RFID readers, and Bluetooth devices.

SEE ALSO:

The next Apple Watch will reportedly add 3 new health sensors for diabetes, blood pressure, and sleep apnea

The device has been around since 2020 (we actually covered it back then), but Ars Technica and TechCrunch have recently highlighted how Flipper Zero can be used to essentially incapacitate an iPhone by sending an endless flurry of Bluetooth requests. On the victim’s iPhone, these could look like a request to connect with a TV, which keep popping up until the phone eventually reboots. This is not a new type of attack, but Flipper Zero is cheap, small, portable, and makes it a lot easier to do.

Security researcher Jeroen van der Ham said he experienced this attack himself. He then set out to replicate it himself in a controlled environment, and he managed to crash an iPhone, though the attack only fully worked on iPhones running iOS 17 or newer.

Here’s the problem: You cannot permanently deny these types of request on an iPhone. You can deny the connection, but the requests will keep popping up. The only thing you can really do at this point is to turn Bluetooth off completely, but then your wireless headphones and other Bluetooth accessories will be disconnected from your iPhone, which is hardly ideal. Note that you cannot just switch Bluetooth off in the Control Center; you have to turn Bluetooth off in the phone’s Settings to mitigate the attack. Van der Ham says he contacted Apple about the issue but did not hear back from the company.

There are reports saying that Flipper Zero can be used to perform a similar attacks on other devices, such as Android phones and Windows devices, though it’s unclear whether it can be used to crash them. Additionally, Android phones do have an option to turn off notifications for Bluetooth connection requests making this a lot less of a nuisance.