Flipper Zero Used for Bluetooth Spam Attacks on iOS Devices

By Ava McKinneyOnline Safety

Researcher Uses Flipper Zero for Bluetooth Spam on iOS Devices

Cybersecurity researcher Techryptic has demonstrated a new attack targeting iOS devices using the Flipper Zero multi-tool. In his demonstration, Techryptic was able to disrupt the normal operation of iPhones by sending a flood of fake Bluetooth device connection notifications.

How the Attack Works

Apple devices that support Bluetooth Low Energy (BLE) use advertising packets (ADV packets) to announce their presence to other devices. These ADV packets are widely used in the Apple ecosystem for features like AirDrop, connecting to Apple Watch or Apple TV, activating Handoff, and more.

The Flipper Zero device can spoof these ADV packets and broadcast them over BLE. As a result, nearby BLE-enabled devices interpret these packets as connection requests. This capability can be exploited to send a victim numerous fake connection requests, making it difficult to identify legitimate devices, imitating trusted devices for phishing attacks, and more.

Techryptic notes that when a large number of requests are sent, the target device will display a constant stream of notifications, making normal use nearly impossible.

“For iOS users, this kind of mimicry can be more than just an annoyance. It can cause complete confusion, disrupt workflows, and in rare cases, even create security risks,” the researcher wrote.

Technical Details

To carry out these attacks, Techryptic used a modified Flipper Zero firmware, enabling Bluetooth functionality and adding code to the gap.c file responsible for generating fake notifications.

In his article, the expert shared code for creating the following types of requests:

  • AirTag connection request
  • Apple Keyboard connection request
  • Phone number transfer notification
  • “Set up new iPhone” notification
  • “Join this Apple TV” notification

Attack Range and Potential Impact

Speaking with TechCrunch, Techryptic revealed that this technique can be used even without being in close proximity to the victim. He claimed to have developed a similar attack that works from “thousands of feet” away (1,000 feet equals about 305 meters). However, he has not disclosed the details of this method, citing concerns about potential abuse and the risk of mass spam pop-ups “over huge distances, up to several miles.”

Leave a Reply