Flipper Zero iPhone Bluetooth DoS Exploit 

Thanks for the shout out! The Flipper app was written by WillyJL from Xtreme Firmware and most of the messages were discovered by me and published in the ECTO-1A/AppleJuice repo to be run on a $15 Raspberry Pi Zero W. I then worked with him to port everything to the Flipper where he discovered how to actually spam with it. I have been able to cover an area the size of a movie theater with the Raspberry Pi and a high powered bluetooth antenna( which was reverse engineered from the guys at DEF CON). Even the AirPods messages can be sent 10+ feet with that setup which needs to be within a foot or two using a Flipper. Techryptic took our code and took all the credit.

​@@Ecto1Athat's crazy I when people do stuff like that. stealing credit for others work is so effed up

Based.

@@Ecto1A nice work ese

November 2022 (Techryptic's videos) is before August 2023 (ecto1a/AppleJuice created following defcon 31) correct? I don't have a calendar handy atm but i'm pretty it's a factor of several months.. maybe someone could confirm, just for full transparency sake?

There was also that stalker situation where if there was an AirTag under your cars suspension or somethin your iPhone would ping your current location (without you knowing) to a stalkers iPhone randomly.

average apple cuck

Enjoy the benefits of the "ecosystem"

I can’t believe the guy who made this video falsely claimed this work as his own. Like it’s already on github

​@@ianburns6888??

Lady, I'm just a fucking horse Why are you yelling at me

for the avg person maybe. but I could actually screw with you with this attack from much farther away. (lets put it this way if I can bounce a 1.2ghz radio signal off the moon, I could sit a couple miles away and BT message spam you for lulz)

@@Dratchev241what

haha yup

Bluetooth is ancient caveman technology at this point. It still sounds like s**t when used for audio and hasn't improved much since 2006.

Open Based (Open🅱SD)

​@@megatronskneecapsounds good with AptX

Cuck license

they called me crazy for getting mad at phones without headphone-jacks,then they got mad too. Same thing gotta happen with wireless only devices

​@@Vergillux44 Specially the wireless mnk one😂.

​@@Vergillux44 use the freaking lighting or USB C cables, or a freaking dongle dude. Wtf you mean headphone jacks need to be there, literally doesn't.

@@baked777 cope

It also was the vector of the literal first mobile virus, so the more things change, the more things stay the same.

@@maiyannahCabir on S60? I had a modified version if it back in 2005-2006 that worked a lot like this notification spamming, except you could attach any file you like, and it would repeatedly spam requests to any Bluetooth enabled phones in range effectively dosing them.

@@Skullet Cabir was the first that got a big spread if memory serves but there were a ton of similar viruses back in that day, you basically didnt use bluetooth back then in my area because it was so saturated with them.

@@baked777You just uh, keep thinking that.

The older it gets, the more engrained in everyday life it gets, the worse it'll be

I only really trust independent Linux Distros made by random nerds that avoid showers like bees for some reason. And that's saying something as a person who has grown up around security researches and big tech companies.

This issue has been known since 2019. The guys at Carnegie Mellon who first reverse engineered this reported it to Apple and 4 years later nothing has changes. It's just that we have now made it easy to do for everyone.

apple has always been super insecure. Mainly because there are so few models that finding exploits is more valuable

actually much better... one of the main issues with Apple are the libraries they use/ plus webkit..both are full of holes..@@SourceHades

Yeah but everyone knows apple devices are immune to viruses. That's just common sense.

Yup, i've seen them working on it. There seems to be an initial discovery about a year ago, and they have now improved and adapted it for the flippy.

​@@blinking_dodo It was discovered almost 3 years ago, just adapted to the flipper now

Guess you'll want to avoid doing that from home or work or any other known location. FCC might start watching radio signals at those ranges

@@Ginfidel Don't know about FCC, in Europe in the ISM band you can transmit with a maximum of 1W and 2W if you got an amateur radio license, If I remember those numbers correctly.

I would have actually read all of this if it was in paragraphs.

@@PatRiot- Zoomer with an underdeveloped brain can't handle more than 5 words per block of words, very sad! Many such cases!

that sounds insanely turbobased

Add a yagi and you're in business

You will get a billion boomers running foxhunt showing up at your door.

Would that get the FCC knocking though?

Well, probably. But if you attempt to hack people somone will go after you eventually.

yeah but people use DDOS for everything, ignoring what the acronym means

A major problem if you are ta targeted. Proper android phones still have alphabet soup using USB attacks. iPhones don't have this in addition to safari-based remote code execution built into iOS

maybe it affect multiple apple devices so it is DISTRIBUTED 😂

@@undr_guv_surv I do not understand what you are saying or how it is related to my comment, could you clarify that please?

use two pi 0 Ws, now it's a DDoS

Bluetooth sounds like it's playing through a wall anyway. Even with Apple's $500 debut AirPods "Max".

unless your input jack is broken :v

​@@AEw5JdbLyvEFThis. Bluetooth has been a lifesaver for me. Too many ruined headphones and jacks and holes. "Being careful" is not an option for me as I use them on the go all the time and with cans that don't leave my head easily if the cable gets stuck somewhere. With no wires I avoid all those problems. Plus, unless you're a picky audiophile, a decent pair under 100$ can sound plenty fine. 100% wired when I'm at my PC though.

🍷🗿

@@AEw5JdbLyvEF The lightning connector is less reliable than the headphone jack on the older iphones.

iCloud hack in 2014 leaked nudes.

I think it's new problem(the ddos is old, but via bluethooth, i think its considered as a new technique), even i using an android, i only hear it now.

Same, bluetooth was always insecure and I never liked, I'll never use it. I just prefer wired stuff, no need for recharging, no delayed latency, you can't lose connection randomly and it connects specifically to the device I plug it into. There are brainless apple fanboys however, saying "Imagine not just airdropping files in 2023💀".

You can also use Wi-Fi if you desire, which, ironically is still much more secure than a outdated piece of technology, which is still in use to this day, and has known bugs and vulnerabilities like this. Imagine you're a iphone user and you're rapidly touching your keyboard, when suddenly, a random pop-up comes in and you accidentally click "connect". Congratulations. You just opened your phone to possible cyber attacks, all of that in the name of trying to do all sorts of mental gymnastics, just to tell people to "WhY nOt jUSt lEaVe BluEttootH alWAYs On?", since it's soo "secure" because it's a iphone. Meanwhile in android users, we don't suffer from that bluetooth nonsense, because there's no reason to leave it always on, and it drains our battery. And even if we leave it on, you'd have to manually go to the bluetooth page, then connect to the device you want, and then said device needs the code that you got from your phone in order to even pair with your device. (although this doesn't apply to all devices. Devices that have no UI, and are used to only output sound, such as speakers or headphones, can be connected without a code) Yeah, maybe im boasting a bit here with androids, but i find it ironic how the most "secure" devices out there that come from apple, the most "secure big tech corporation", allow these things to slip up, and then later say it's a "feature" and not a "bug". That's like spywaresoft finally saying that "yes, we've been hardware-based backdoors, just so our buddies from the CIA and NSA can spy on everyone who uses our products, but don't worry about that, because it's a feature and not a bug!"

Cable is the only way to get a proper Gigabit connection. I paid for the full network plan ($11 monthly) so I'm going to use the full network plan.

This isn't an issue with FreeBSD, it's been around for years before iOS 16. It's only making the news now because it's been ported to the flipper zero.

@@forid200 that's not what he said at all. You confused son.

@@UNcommonSenseAUS Enlighten me, sounded like he was blaming the bug on FreeBSD. I've personally known about this "bug" for like 4+ years now. It's been an issue since apple released airpods.

FreeBSD is a great OS. What Apple takes and does with it is on them. Dont want Bluetooth on FreeBSD? Make a new kernel omitting it. FreeBSD and the other BSD's are miles ahead of linux

it's based on nextstep and not bsd. skids should shut the fuck up already

he said that

but if they have apple watch its always in use..same goes with those who use their watch with a mac..

It doesn't turn off the underlying Bluetooth LE tho. It's built natively into the iOS springboard and can't be turned off without a Jailbreak. You can see the dude in the video turning Bluetooth off with control centre and it doing nothing.

@@megatronskneecap The shortcuts turn it off completely as if you went into the settings. Or do you mean that it still doesn't turn off the Bluetooth LE?

​@@guy5282it's probably the thing that helps with fast pairing?

Lmao fr

💀

You’re fine first of all it’s just Bluetooth second you’re not worth targeting if someone was to hack you

Lol count your days, fatty

glowie

Hi normies!

Enjoy your meal

Me too

@@MentalOutlawenjoying pirating others work?

The bad thing about doing that is you'll eat a concealed carry surprise.

It can reach across a movie theater so you must have some long arms.

can't ban BLE lol

Sharp eye.

Ye

I thought it was kiddie, implying novice child/low lifes using others harmful code, like aimbotters

@@shinyrayquaza9 Yes

You should be able to with android and a terminal emulator, but it's going to be a hell of a ride. So I would just recommend to unlock the bootloader and install another OS all together (some linux distro that supports your SOC and touch) With an I phone it most likely is impossible...

@@thecon_quererarbitraryname6286 I'm asking cause I'm over video some time ago he said he would try, and I was curious