This Surprisingly Simple Hack Can Crash iPhones—Update To iOS 17.2 Now | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

As my fellow senior contributor at Forbes, Kate O’Flaherty, reports, the latest iOS 17.2 update fixes several serious security vulnerabilities with the WebKit Safari engine and a serious iPhone Kernel problem. While Apple doesn’t exactly shout about such vulnerability patches from the rooftops; you have to know where to look, it appears to have outdone itself on the stealth security updates this time around.

MORE FROM FORBESNew iPhone Security Warning As Malicious Lockdown Mode Trick Revealed

Hackers Can Crash Your iPhone Using Readily Available Gadget

Regular readers will recall that I previously covered a story about how hackers had managed to exploit the way that Bluetooth Low Energy protocols are used to send advertising packets to your iPhone to crash your phone instead. By sending repeated notification signals and ensuring that a pop-up is continuously displayed no matter what you are trying to do, this becomes more than just a prank: this is an iPhone denial of service attack. Using a firmware-amended Flipper Zero, a device that costs less than $200 and can best be thought of a Swiss Army tool for hackers, it’s possible to send the relevant signals to any iPhone within a radius of around 50 feet.

The iPhone Attack Scenario Is Limited But Annoying

This attack methodology works even if you disable Bluetooth using airplane mode from your device control panel. Still, the hacker must be within effective Bluetooth range, severely limiting its practicality. However, hackers were known to be experimenting with additional hardware to boost that effective range across considerable distances: not just the same railway carriage, but the entire train and any station it’s sitting at. However, this remains pretty firmly in the prankster rather than critical attack category, even though nobody but that prankster would be laughing if it’s aimed at them. Apple certainly didn’t find it funny and, as first reported by ZDNet, has now released a security update that patches the vulnerability.

Apple Fixes iPhone Denial-Of-Service Bluetooth Packet Attack Vulnerability

Previously, the only way to prevent this type of BLE-packet attack was to run your iPhone in lockdown mode; now, it’s been kiboshed for any user. As long, that is, they have updated to iOS 17.2. As usual, Apple isn’t saying much, well, anything actually, about what has been tweaked here. It doesn’t take a cybersecurity genius to work out that the most likely scenario is that some rate-limiting timeout for the advertising packet requests has been enabled. Being a Flipper owner, I can confirm that while one or two packets still get through the rapid-fire denial of service stream, they have dried up.

The Flipper Zero Isn’t The Problem, Idiots Using Abusing It Are

This is something that the people behind the Flipper Zero itself have been calling for since at least September 6, when I first reported on the matter. “Apple should implement safeguards and eliminate the problem at its core,” a Flipper Zero spokesperson said. “We have taken necessary precautions to ensure the device can’t be used for nefarious purposes. Since the firmware is open source, individuals can adjust it and use the device in an unintended way, but we don’t promote this and condone the practice if the goal is to act maliciously.”

You know what to do now: head for Settings > General > Software Update and install iOS 17.2.


Click Here For The Original Source.

National Cyber Security