Flipper Zero iPhone Bluetooth DoS Exploit
Vložit
- čas přidán 17. 07. 2024
- In this video I discuss a type of Denial of Service attack that can be used against iOS devices to spam Bluetooth connection notifications on their phone or iPad and how apple is not taking the exploit seriously.
My merch is available at
based.win/
Subscribe to me on Odysee.com
odysee.com/@AlphaNerd:8
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF - Věda a technologie
The guy you credited in the video is not the one who discovered it or made it available in its spam form on the flipper. One of the actual competent developers who worked on this has managed to cover an area about the size of a theater with basic lower end hardware.
Thanks for the shout out! The Flipper app was written by WillyJL from Xtreme Firmware and most of the messages were discovered by me and published in the ECTO-1A/AppleJuice repo to be run on a $15 Raspberry Pi Zero W. I then worked with him to port everything to the Flipper where he discovered how to actually spam with it. I have been able to cover an area the size of a movie theater with the Raspberry Pi and a high powered bluetooth antenna( which was reverse engineered from the guys at DEF CON). Even the AirPods messages can be sent 10+ feet with that setup which needs to be within a foot or two using a Flipper. Techryptic took our code and took all the credit.
@@Ecto1Athat's crazy I when people do stuff like that. stealing credit for others work is so effed up
Based.
@@Ecto1A nice work ese
November 2022 (Techryptic's videos) is before August 2023 (ecto1a/AppleJuice created following defcon 31) correct?
I don't have a calendar handy atm but i'm pretty it's a factor of several months.. maybe someone could confirm, just for full transparency sake?
One of the benefits of living in a rural area is being impervious to this kind of attack. If you’re doing this to me I’m probably staring at you wondering wtf you are doing in my paddock.
Lady, I'm just a fucking horse
Why are you yelling at me
for the avg person maybe. but I could actually screw with you with this attack from much farther away. (lets put it this way if I can bounce a 1.2ghz radio signal off the moon, I could sit a couple miles away and BT message spam you for lulz)
@@Dratchev241what
Being spammed by Bluetooth popups while using my Bluetooth wireless earphones is really annoying whenever somebody near me accidentally leaves their airpod case slightly open or has a loose airpod in their bag.
There was also that stalker situation where if there was an AirTag under your cars suspension or somethin your iPhone would ping your current location (without you knowing) to a stalkers iPhone randomly.
average apple cuck
Enjoy the benefits of the "ecosystem"
I can’t believe the guy who made this video falsely claimed this work as his own. Like it’s already on github
@@SpacePlexus??
OpenBSD is right again: no Bluetooth - no holes.
haha yup
Bluetooth is ancient caveman technology at this point. It still sounds like s**t when used for audio and hasn't improved much since 2006.
Open Based (Open🅱SD)
@@megatronskneecapsounds good with AptX
Cuck license
Bluetooth is one of the most insecure wireless methods out there and exploits like this are numerious.
It also was the vector of the literal first mobile virus, so the more things change, the more things stay the same.
@@maiyannahCabir on S60? I had a modified version if it back in 2005-2006 that worked a lot like this notification spamming, except you could attach any file you like, and it would repeatedly spam requests to any Bluetooth enabled phones in range effectively dosing them.
@@Skullet Cabir was the first that got a big spread if memory serves but there were a ton of similar viruses back in that day, you basically didnt use bluetooth back then in my area because it was so saturated with them.
@baked777You just uh, keep thinking that.
The older it gets, the more engrained in everyday life it gets, the worse it'll be
I'm pretty sure this is Clara and Willy's work with the Xtreme Team. They both commented here about it. Make sure the right Dev teams get the proper credit. Thanks.
Yup, i've seen them working on it.
There seems to be an initial discovery about a year ago, and they have now improved and adapted it for the flippy.
@@blinking_dodo It was discovered almost 3 years ago, just adapted to the flipper now
And they called me crazy for using wires.
they called me crazy for getting mad at phones without headphone-jacks,then they got mad too. Same thing gotta happen with wireless only devices
@@Vergillux44 Specially the wireless mnk one😂.
@@Vergillux44 use the freaking lighting or USB C cables, or a freaking dongle dude. Wtf you mean headphone jacks need to be there, literally doesn't.
@baked777 cope
I've tried to explain to so many people that Apple is no longer the king of any kind of security. They don't listen because that would go against what Uncle Apple tells them.
No company is invincible y'all.
I only really trust independent Linux Distros made by random nerds that avoid showers like bees for some reason. And that's saying something as a person who has grown up around security researches and big tech companies.
This issue has been known since 2019. The guys at Carnegie Mellon who first reverse engineered this reported it to Apple and 4 years later nothing has changes. It's just that we have now made it easy to do for everyone.
apple has always been super insecure. Mainly because there are so few models that finding exploits is more valuable
actually much better... one of the main issues with Apple are the libraries they use/ plus webkit..both are full of holes..@@SourceHades
Yeah but everyone knows apple devices are immune to viruses. That's just common sense.
Flipper is based on the STM32WB55, I guess the 2.4GHz protocols like BT come directly from the microcontroller, which means that building a PA ( power amp ) for the RF is relatively easy as it is supported directly at hardware level by the microcontroller. Though, you got to play a bit with the examples that are given by ST and with the option bytes, it´s nothing really tragic as far as experimentation goes, maybe you burn a couple front ends, which though in theory should also not be all that easy because the RF output comes from a balun built in the SoC, point being is that getting a PA on a flipper or designing a custom board is NOT all that difficult, especially if you have access to a spectrum analyzer with a trackgen. These little buggers are actually really powerful microcontrollers, unfortunately you have to go with the "locked" firmware ST provides for the co-processor, which I guess that it is based on the BlueNRG as the microcontroller is essentially a SoC, so maybe by playing around one might be able to extract the "locked" firmware. Still it let´s you control a lot of parameters of the co-processor, so it is not all that limiting.
TL;DR We are going to get more Flipper News the more people use it and yes you can most likely if the pin is unused, get a PA working with it.
Edit: so with a good PA design and an antenna you can actually start trolling people in almost KM kind of ranges. Probably you are not going to be able to receive at more than 100m but might be able to pop a notification in a kilometer radius.
Guess you'll want to avoid doing that from home or work or any other known location. FCC might start watching radio signals at those ranges
@@Ginfidel Don't know about FCC, in Europe in the ISM band you can transmit with a maximum of 1W and 2W if you got an amateur radio license, If I remember those numbers correctly.
I would have actually read all of this if it was in paragraphs.
@@PatRiot- Zoomer with an underdeveloped brain can't handle more than 5 words per block of words, very sad! Many such cases!
I can see it being a DOS attack but I don’t see the distributes aspect
yeah but people use DDOS for everything, ignoring what the acronym means
A major problem if you are ta targeted. Proper android phones still have alphabet soup using USB attacks. iPhones don't have this in addition to safari-based remote code execution built into iOS
maybe it affect multiple apple devices so it is DISTRIBUTED 😂
@@undr_guv_surv I do not understand what you are saying or how it is related to my comment, could you clarify that please?
use two pi 0 Ws, now it's a DDoS
This exploit was made by WillyJL and the team at Xtreme, credit the real people not the skid who claimed to do it but only got a small part to work but very inconsistently
If this works through bluetooth outright, without Airdrop, everyone’s kinda screwed.
If it’s not required to use bluetooth earphones, it’s turned off.
What is more damaging is a strong antenna paired with this. If you send out at 100Watts you can everyone in your city such s pairing request
that sounds insanely turbobased
Add a yagi and you're in business
You will get a billion boomers running foxhunt showing up at your door.
Would that get the FCC knocking though?
Well, probably. But if you attempt to hack people somone will go after you eventually.
Willy and Clara are the ones you need to credit! They developed this !
This reminds me of highschool when spam air dropping files on people.
Apple is the kind of company to put the responsibility on the user to be cautious when using bluetooth due to an exploit but won't give the responsibility to the user to be cautious for sideloading apps 🤣
please credit Xtreme Firmware people for this, that guy stole it
It is possible to live without Bluetooth.
I'm also the only person I know who still connects their PC to broadband with a cable, because it's faster and more secure, and more reliable.
Same, bluetooth was always insecure and I never liked, I'll never use it. I just prefer wired stuff, no need for recharging, no delayed latency, you can't lose connection randomly and it connects specifically to the device I plug it into.
There are brainless apple fanboys however, saying "Imagine not just airdropping files in 2023💀".
You can also use Wi-Fi if you desire, which, ironically is still much more secure than a outdated piece of technology, which is still in use to this day, and has known bugs and vulnerabilities like this.
Imagine you're a iphone user and you're rapidly touching your keyboard, when suddenly, a random pop-up comes in and you accidentally click "connect". Congratulations. You just opened your phone to possible cyber attacks, all of that in the name of trying to do all sorts of mental gymnastics, just to tell people to "WhY nOt jUSt lEaVe BluEttootH alWAYs On?", since it's soo "secure" because it's a iphone.
Meanwhile in android users, we don't suffer from that bluetooth nonsense, because there's no reason to leave it always on, and it drains our battery. And even if we leave it on, you'd have to manually go to the bluetooth page, then connect to the device you want, and then said device needs the code that you got from your phone in order to even pair with your device. (although this doesn't apply to all devices. Devices that have no UI, and are used to only output sound, such as speakers or headphones, can be connected without a code)
Yeah, maybe im boasting a bit here with androids, but i find it ironic how the most "secure" devices out there that come from apple, the most "secure big tech corporation", allow these things to slip up, and then later say it's a "feature" and not a "bug". That's like spywaresoft finally saying that "yes, we've been hardware-based backdoors, just so our buddies from the CIA and NSA can spy on everyone who uses our products, but don't worry about that, because it's a feature and not a bug!"
Cable is the only way to get a proper Gigabit connection. I paid for the full network plan ($11 monthly) so I'm going to use the full network plan.
Ahh the Flipper has graduated from opening random Tesla charging ports haha
And people say iphones are the most secure phones lmao
iCloud hack in 2014 leaked nudes.
I think it's new problem(the ddos is old, but via bluethooth, i think its considered as a new technique), even i using an android, i only hear it now.
I’m so proud that I use wired headphones, MP3 players, and wire transfer. #ObsolescenceForTheWin
Bluetooth sounds like it's playing through a wall anyway. Even with Apple's $500 debut AirPods "Max".
unless your input jack is broken :v
@@AEw5JdbLyvEFThis. Bluetooth has been a lifesaver for me. Too many ruined headphones and jacks and holes. "Being careful" is not an option for me as I use them on the go all the time and with cans that don't leave my head easily if the cable gets stuck somewhere. With no wires I avoid all those problems. Plus, unless you're a picky audiophile, a decent pair under 100$ can sound plenty fine. 100% wired when I'm at my PC though.
🍷🗿
@@AEw5JdbLyvEF The lightning connector is less reliable than the headphone jack on the older iphones.
iOS 13 was so bad they stopped paying those who discovered bugs and exploits so I would say apples track record is 💩
the person you credited isn't the original source!!!!! check the other comments on this!
Oh gosh. One of my sisters has an iphone so she'd be pissed if it happened to her. 💀🤣
Been curious about the Meshtastic network and the use of LoRa devices for a while. Any plans on expanding on this technology? There are a few youtubers that talk about this and its practical uses, some of the explanations can be way over my head with technicals , you have a good way of breaking down these and bringing light to alt tech/communications.
Ahh nice relevant clips from Mr Robot, love that series. Never gets tired watching.
iOS 16 along with MacOS 13 being based off of FreeBSD and having weird security flaws like this now and then really doesn't surprise me for some reason.
This isn't an issue with FreeBSD, it's been around for years before iOS 16. It's only making the news now because it's been ported to the flipper zero.
@@forid200 that's not what he said at all. You confused son.
@@UNcommonSenseAUS Enlighten me, sounded like he was blaming the bug on FreeBSD. I've personally known about this "bug" for like 4+ years now. It's been an issue since apple released airpods.
FreeBSD is a great OS. What Apple takes and does with it is on them.
Dont want Bluetooth on FreeBSD? Make a new kernel omitting it.
FreeBSD and the other BSD's are miles ahead of linux
it's based on nextstep and not bsd.
skids should shut the fuck up already
I've heard of someone's android device getting messed by these attacks-- which was terrible because the devices helped the owner manage their insulin pump. If they hadn't been able to fix it, they would've had to go to the hospital.
Bluetooth is the worst communication standard ever devised. Wi-Fi in the XP SP2 era was less annoying and unreliable.
Lmaooooooo iPhone moment
Where’s the credit for Xtreme firmware developers
I would like to think that this is a useless attack because Bluetooth should be turned off when it’s not in use, but they’re called normies for a reason.
but if they have apple watch its always in use..same goes with those who use their watch with a mac..
I have to correct you, this is not a DDoS, just a regular DoS.
About iphone and Bluetooth, after every update it enables Bluetooth, so you have to remember to disable it again.
he said that
I tested this on iOS 17 and the fact that it crashed the system opens up the possibility of arbitrary code injection. This is probably already taking place in the wild. Great way to 'OWN' a new iPhone.
The flag background on the iPhone hurts my eyes
I remember the time when I first made my own java app for my nokia xpress music. It is an app that targets Bluetooth's vulnerability at that time which enables me to control someone's device and do stuff like texting, calling, extracting numbers from phone book, extracting text messages, setting alarms, and do some remote executions....
Bluetooth has historically been super insecure. This should be disabled when you aren't using it anyways
(I am writing with the help of a translator.)
Question about wireless headphones. How safe and private is it to use wireless headphones now? At the moment I use regular wired earphones, but for the sake of convenience I’m thinking about wireless headphones. My devices only support Bluetooth 5.0 and 5.1 where there is no proper encryption. What do you think of it?
You’re fine first of all it’s just Bluetooth second you’re not worth targeting if someone was to hack you
The option doesn't need to block advertisement packets, it just needs to suppress the popup. You can maintain AirTag detection without bothering the user repeatedly about nearby devices.
Thank goodness I only turned on Bluetooth only when I have my Huawei smartwatch or my Sony XM4s on because I will save battery life on my phone. Meanwhile for my headphones I just change the eq settings on the app to get around the poor sound quality of my headphones when it is in Bluetooth mode.
Why does Bluetooth by-default respond to pairing attempts and stuff like that? Unless I initiate the interaction or am temporarily receptive to strangers it should be utterly silent just drop the packets dead to anything unknown trying to do something on my device. :V
DoS* not DDoS
When Jayson Tatum isn’t exploiting holes in Eastern Conference defenses he’s warning us about exploits in software we use every day. A true 21st century hero
Are you seriously deleting comments of people who say who the actual creator of this app is? Bruh, lmao, WillyJL is the one who actually made the app, from Xtreme
I'll get this just to troll my friends with the pop-ups 😂😂
1:25 looks like an minecraft hcf base
Lmao fr
💀
Once again Apples walled garden has failed them
5:51 Do this on public transport during rush hour as people are going back home and just watch the amount of people rage XD
Will this work for annoying neighbors playing their music load😊
i do this to bug my coworkers when were bored, i use my airpods. just open and close them lol
My little dose of daily reality, just for coffee time, thanks Mental Outlaw!
glowie
Hi normies!
My linux desktop does bluetooth safe. If it sees a new bluetooth device and I'm not expecting to connect, the computer does nothing I can't safely ignore.
Hey I think you credited the wrong person in the video, wasn't this discovered by the creators of Xtreme firmware?
When will Bluetooth stop compressing audio??
isn't this DoS instead of DDoS? I don't see how this is "distributed" per se
Out if the box flipper zero is weak, add a more powerful antenna extension to it and it’s a beast
the treadmills at my gym do this, ping the nfc on my device over and over again so annoying
I use Shortcuts to turn off/on things like Bluetooth, WiFi or mobile data. I can really recommend it.
It doesn't turn off the underlying Bluetooth LE tho. It's built natively into the iOS springboard and can't be turned off without a Jailbreak. You can see the dude in the video turning Bluetooth off with control centre and it doing nothing.
@@megatronskneecap The shortcuts turn it off completely as if you went into the settings. Or do you mean that it still doesn't turn off the Bluetooth LE?
@@guy5282it's probably the thing that helps with fast pairing?
I really hate my Whyphone and I hate it even more now.
maybe some rate limit on that bluetooth LE discovery? Or for. ex DOS detection, so the discovery would be shut down when such an attack is detected.
And this is why I NEVER USE BLUETOOTH, not even for headphones or carplay. It just poses a security risk, and it’s less convenient to charge Bluetooth devices.
More or less of a denial of services. Still was thinking this however is it not location based more or less ?
I knew it was coming.. 3.5 mm jacks and physical SDcard/flashdrive transfers ftw. Good thing Apple is getting those usbC ports.
It looks like this only affects iOS 16 because it's dependent on a popup notification that doesn't seem to be available on earlier iOS version. I've tested both the Linux and ESP32 versions of this on two iPhones running iOS 14 and 10 and they both don't work, let alone show up in the scanned Bluetooth devices list (which is odd considering it's sending advertisement packets which should theoretically be always visible).
Bluetooth again. What a surprise
Learn, stock, and prepare whilst you can. Time is narrow, use it wisely.
"These aren't your airpods" No shit I don't have any
people have definitely tried to hack me this way. glad i always rejected it. thanks for this info
How can i do the exact same thing, but with an android phone?
Good, I just went to an event, and this happened to me as a normal user, I gave permissions to a JBL FLIP 5 , does anyone know how to fix it?
Kenny link to the blog?
As far as airdrop goes, you can limit it to contacts.
This is kind of like the mass distraction thing in watch dogs where everyone is on their phone confused while aiden escapes lol. Cool shit imo
Love the satania thumbnail
Best security? Security trough obscurity is not security, marketing is strong
Cant you do the same with an arduino or a esp8266 that only cost 1 - 5$? Flipper Zero is way more expensive.
Yes, I originally wrote it for a Raspberry Pi zero. At this point it’s been ported to an esp-32 and Pi pico and flipper so yeah under $20 to do it but flipper is the easiest
Turning Bluetooth off using Shortcuts completely disables it and you can add it as a button widget.
The hack rf can do the same thing now but can do it to windows and android
I need the flipper zero, getting it as soon as I get my security deposit back
theres a setting for airdrop to only be seen by contacts.
Ha! Imagine using and iPhone and having sensitive data on it😆
*sent from my iPhone*
"Give iPhone users more control"
Apple: Hahahahahaha, good joke!
That would be so fun to make it viral
Apple security is like Schroedinger cat, jailbreak exists but Apple doesnt see it and patches it in secret.
Sharp eye.
i just turn off bluettoth in settings 💀, n it also does enable after restart i think
Genuine question. What is a script kitty. I assume it's a person that doesn't write code and just buys or copys known exploits. Is this correct?
Ye
I thought it was kiddie, implying novice child/low lifes using others harmful code, like aimbotters
@@shinyrayquaza9 Yes
The anime chick is back.
This can also be done with a 3$ ESP32 its called Sour Apple
I was staying at a hotel last week and someone in the room above me (I can hear them) tried connecting to my phone. I canceled the request and turned Bluetooth off instantly. Not sure what they were trying to do or if they were just idiots (they sounded like it). I have an Android. Don't accept random Bluetooth requests. And I'd keep it off if you are not using it in a public space.
Who needs Bluetooth, my 15lb boombox on my shoulder blasting those hot hist just fine 🎵 🔊
Ugh goddamn it my LG tv has this too. Bluetooth is unturnoff-able unless you also disable wifi, and it advertises on bluetooth and pops up a 'SomethingDevice is attempting to connect' pop up that you can either accept or reject but it comes back again if you reject and one of my neightbours KEPT TRYING TO CONNECT the fucking thing who can design flaws like that honestly it's something about consumer electronics makers that is just so braindead about how they handle human interface design
Where's the credit for Xtreme firmware developers who actually done this?
The good thing with bluetooth is that the guy has to be close enough that you can go and punch him in the face
So I wouldn't worry about it
The bad thing about doing that is you'll eat a concealed carry surprise.
It can reach across a movie theater so you must have some long arms.
Wired headphones/earbuds ftw
I don't get why people are so excited for this, it's NOT a new exploit. It's been out for years and years now. It's only new to the Flipper Zero.
I LOVE YOU MENTAL OUTLAW
Get rekt!
Oh wait, I have an iPhone. Everyone I know has an iPhone.
Google PIXEL 6 react to this attack even with the Bluetooth turned off. Show's device request and all. Can someone trie and duplicate, that it isn't just my phone.
I am sorry to say however you just like a couple other channels have your information ALL WRONG!! The individual that you have sited as the dev and who discovered this did absolutely none of the sort he stumbled uon an actual Devs repo and copied the cod posting in his blog and from that moment has claimed the code as his own PLEASE DO THE RIGHT THING AND MAKE THE CORRECTION SO THAT WE CAN LET THE AMAZINGLY TALENTED DEVS THE RESPECT/ADMIRATION/etc. He doesn't deserve any clout because of this and needs to as a content maker yourself you should be on board with not helping him with gaining off the backs of others hard work