Bluetooth Low Energy denial of service attacks

Last updated

The Bluetooth Low Energy denial of service attacks are a series of denial-of-service attacks against mobile phones and iPads via Bluetooth Low Energy that can make it difficult to use them. [1]

Contents

iPhone and iPad attacks

DEFCON proof of concept attack

At DEF CON 31 in 2023, a demonstration was given using equipment made with a Raspberry Pi, a Bluetooth adapter and a couple of antennas. [1] This attack used Bluetooth advertising packets, hence did not require pairing. [1] The demonstration version claimed to be an Apple TV and affected iOS 16. [1]

Flipper Zero attack

This attack also uses Bluetooth advertising packets to repeatedly send notification signals to iPhones and iPads running iOS 17. It uses a Flipper Zero running third-party Xtreme firmware. It functions even when the device is in airplane mode, and can only be avoided by disabling Bluetooth from the device's Settings app. [1] [2] [3]

The attack can cause the device to crash. [2] It also affects iOS 17.1. [4]

The release of iOS 17.2 made devices more resistant to the attack, reducing the flood of popup messages. [5]

An app to perform these attacks was written for Android. [6]

Interference with a medical device

An attendee of Midwest FurFest 2023 tweeted that the Android device they used to control their insulin pump had been crashed by a BLE attack and that if they hadn't been able to fix it they would have had to go to a hospital. [6]

Wall of Flippers

The Wall of Flippers project has written a Python script that can scan for BTLE attacks. [6] It can run on Linux or Microsoft Windows. [6]

Android attack

The Flipper Zero version of the attack has been adapted to attack Android and Microsoft Windows systems. [7] [3]

Related Research Articles

<span class="mw-page-title-main">Bluetooth</span> Short-range wireless technology standard

Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limited to 2.5 milliwatts, giving it a very short range of up to 10 metres (33 ft). It employs UHF radio waves in the ISM bands, from 2.402 GHz to 2.48 GHz. It is mainly used as an alternative to wired connections to exchange files between nearby portable devices and connect cell phones and music players with wireless headphones.

<span class="mw-page-title-main">Personal digital assistant</span> Multi-purpose mobile device

A personal digital assistant (PDA) is a multi-purpose mobile device which functions as a personal information manager. PDAs have been mostly displaced by the widespread adoption of highly capable smartphones, in particular those based on iOS and Android, and thus saw a rapid decline in use after 2007.

<span class="mw-page-title-main">Windows Mobile</span> Family of mobile operating systems by Microsoft (2000-2013)

Windows Mobile is a discontinued mobile operating system developed by Microsoft for smartphones and personal digital assistants.

<span class="mw-page-title-main">Tablet computer</span> Mobile computer with integrated display, circuitry and battery

A tablet computer, commonly shortened to tablet, is a mobile device, typically with a mobile operating system and touchscreen display processing circuitry, and a rechargeable battery in a single, thin and flat package. Tablets, being computers, have similar capabilities, but lack some input/output (I/O) abilities that others have. Modern tablets largely resemble modern smartphones, the only differences being that tablets are relatively larger than smartphones, with screens 7 inches (18 cm) or larger, measured diagonally, and may not support access to a cellular network. Unlike laptops, tablets usually run mobile operating systems, alongside smartphones.

A family of computer models is said to be compatible if certain software that runs on one of the models can also be run on all other models of the family. The computer models may differ in performance, reliability or some other characteristic. These differences may affect the outcome of the running of the software.

Android is a mobile operating system based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance, though its most widely used version is primarily developed by Google. It was unveiled in November 2007, with the first commercial Android device, the HTC Dream, being launched in September 2008.

A mobile operating system is an operating system used for smartphones, tablets, smartwatches, smartglasses, or other non-laptop personal mobile computing devices. While computers such as typical/mobile laptops are "mobile", the operating systems used on them are generally not considered mobile, as they were originally designed for desktop computers that historically did not have or need specific mobile features. This line distinguishing mobile and other forms has become blurred in recent years, due to the fact that newer devices have become smaller and more mobile unlike hardware of the past. Key notabilities blurring this line are the introduction of tablet computers, light laptops, and the hybridization of the two in 2-in-1 PCs.

<span class="mw-page-title-main">Windows Phone</span> Family of mobile operating systems developed by Microsoft

Windows Phone (WP) is a discontinued mobile operating system developed by Microsoft for smartphones as the replacement successor to Windows Mobile and Zune. Windows Phone featured a new user interface derived from the Metro design language. Unlike Windows Mobile, it was primarily aimed at the consumer market rather than the enterprise market.

Bluetooth Low Energy is a wireless personal area network technology designed and marketed by the Bluetooth Special Interest Group aimed at novel applications in the healthcare, fitness, beacons, security, and home entertainment industries. Compared to Classic Bluetooth, Bluetooth Low Energy is intended to provide considerably reduced power consumption and cost while maintaining a similar communication range.

Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in March 2024. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

Microsoft mobile services are a set of proprietary mobile services created specifically for mobile devices; they are typically offered through mobile applications and mobile browser for Windows Phone platforms, BREW, and Java. Microsoft's mobile services are typically connected with a Microsoft account and often come preinstalled on Microsoft's own mobile operating systems while they are offered via various means for other platforms. Microsoft started to develop for mobile computing platforms with the launch of Windows CE in 1996 and later added Microsoft's Pocket Office suite to their Handheld PC line of PDAs in April 2000. From December 2014 to June 2015, Microsoft made a number of corporate acquisitions, buying several of the top applications listed in Google Play and the App Store including Acompli, Sunrise Calendar, Datazen, Wunderlist, Echo Notification Lockscreen, and MileIQ.

iOS 7 2013 mobile operating system

iOS 7 is the seventh major release of the iOS mobile operating system developed by Apple Inc., being the successor to iOS 6. It was announced at the company's Worldwide Developers Conference on June 10, 2013, and was released on September 18 of that year. It was succeeded by iOS 8 on September 17, 2014.

<span class="mw-page-title-main">Microsoft Band</span> Smartwatch by Microsoft

Microsoft Band is a discontinued smart band with smartwatch and activity tracker/fitness tracker features, created and developed by Microsoft. It was announced on October 29, 2014. The Microsoft Band incorporates fitness tracking and health-oriented capabilities and integrated with Windows Phone, iOS, and Android smartphones through a Bluetooth connection. On October 3, 2016, Microsoft stopped sales and development of the line of devices. On May 31, 2019, the Band's companion app was decommissioned, and Microsoft offered a refund for customers who were lifelong active platform users.

<span class="mw-page-title-main">Windows 10 Mobile</span> Mobile operating system developed by Microsoft

Windows 10 Mobile was a mobile operating system developed by Microsoft. First released in 2015, it is a successor to Windows Phone 8.1, but was marketed by Microsoft as being an edition of its PC operating system Windows 10.

<span class="mw-page-title-main">Sound Blaster X7</span> USB audio device

The Sound Blaster X7 is a USB audio device that can work without a computer. It was announced on 3 September 2014. It supports Microsoft Windows and Mac OS X computers but requires a power supply to work. The Sound Blaster X7 has the SB-Axx1 sound chip built-in. Android and iOS devices can change SBX Pro Studio audio settings with the Sound Blaster X7 Control app.

<span class="mw-page-title-main">Phone Link</span> Software application developed by Microsoft

Phone Link, previously Your Phone, is a syncing software developed by Microsoft to connect Windows PCs to Android and iOS mobile devices to view notifications, make phone calls, use mobile apps amongst others, via the PC. It is a native component of Windows 10 and Windows 11, where it is a UWP app and consists of a driver that communicates with the mobile device, where it is named the Link to Windows app. Phone Link makes use of Wi-Fi, Bluetooth for voice calls, or mobile data; it syncs via Microsoft servers, meaning that an internet connection is required.

The iOS mobile operating system developed by Apple has had a wide range of bugs and security issues discovered throughout its lifespan, including security exploits discovered in most versions of the operating system related to the practice of jailbreaking, bypassing the user's lock screen, issues relating to battery drain, crash bugs encountered when sending photos or certain Unicode characters via text messages sent through the Messages application, and general bugs and security issues later fixed in newer versions of the operating system.

<span class="mw-page-title-main">Nearby Share</span> Data transfer program by Google

Nearby Share was a functionality developed by Google that allows data to be transferred between devices via Bluetooth, Wi-FI Direct or Internet. In 2024, it was merged into Samsung's Quick Share. It was available for Android, ChromeOS and Microsoft's Windows. It was first released on August 4, 2020.

<span class="mw-page-title-main">Flipper Zero</span> Multi-tool electronic device

The Flipper Zero is a portable Tamagotchi-like multi-functional device developed for interaction with access control systems. The device is able to read, copy, and emulate RFID and NFC tags, radio remotes, iButton, and digital access keys, along with a GPIO interface. It was first announced in August 2020 through the Kickstarter crowdfunding campaign, which raised $4.8 million. The first devices were delivered to backers 18 months after completion of the crowdfunding campaign. The device's user interface embodies a pixel-art dolphin virtual pet. The interaction with the virtual pet is the device's core game mechanic. The usage of the device's functions defines the appearance and emotions of the pet.

<span class="mw-page-title-main">Certo Software</span> Cybersecurity technology company

Certo Software Ltd is a British multinational cybersecurity technology company headquartered in Basingstoke, England. The company specializes in consumer mobile security and privacy solutions.

References

  1. 1 2 3 4 5 Winder, Davey (2023-09-06). "New iPhone iOS 16 Bluetooth Hack Attack—How To Stop It". Forbes . Retrieved 2023-11-13.
  2. 1 2 Kingsley-Hughes, Adrian (2023-10-16). "Flipper Zero can be used to crash iPhones running iOS 17, but there's a way to foil the attack". ZDNET .
  3. 1 2 Goodin, Dan (2023-11-02). "This tiny device is sending updated iPhones into a never-ending DoS loop". Ars Technica . Retrieved 2023-11-13.
  4. Kingsley-Hughes, Adrian (2023-10-30). "iOS 17.1 update still no defense against Flipper Zero iPhone crashes". ZDNET .
  5. Kingsley-Hughes, Adrian (2023-12-15). "iOS 17.2 update puts an end to Flipper Zero's iPhone shenanigans". ZDnet . Retrieved 2023-12-16.
  6. 1 2 3 4 Toulas, Bill (2023-12-23). "'Wall of Flippers' detects Flipper Zero Bluetooth spam attacks". Bleeping Computer . Retrieved 2024-01-05.
  7. Kingsley-Williams, Adrian (2023-10-24). "Now Android and Windows devices aren't safe from Flipper Zero either". ZDNET .