Your iPhone Can Be Frozen by Someone without Them Touching It
Toggle Dark Mode
Ever since the iPhone’s inception, people have been trying to find bugs or security issues they can use to exploit the iPhone.
Fortunately, Apple is usually pretty quick to find and fix any security issues., but that doesn’t mean people won’t stop trying to control or ruin your iPhone.
And now, there is a new exploit that you can use to completely freeze any iPhone nearby without even touching it. And the scariest part? You can do it yourself with a bit of code and a $15 device that you can buy on Amazon right now.
What’s the BLE Spam that Crashes Your iPhone?
A couple of months ago, a new exploit was found that can completely shut down your iPhone out of nowhere.
This exploit was shared by Abraao Lima on Medium, who explains how this can mess with pretty much any iPhone nearby. You don’t really need to target a potential victim. As long as you trigger this exploit, you should, in theory, affect any iPhone that’s within Bluetooth range.
This exploit uses the iPhone’s Bluetooth Low Energy technology, or BLE for short.
As Lima puts it, you can use the BLE technology to “flood nearby iPhones with excessive pairing requests. Over time, these requests cause the devices to become unresponsive, eventually leading to a complete shutdown.”
Basically, when you trigger it, your iPhone won’t be able to handle so many pairing requests at the same time. Since you won’t stop sending these requests, your iPhone will simply stop working.
The affected iPhones will freeze and won’t be able to work. If you keep sending these requests, the iPhone will start to rise in temperature until it finally shuts down.
When that happens, you can decide to wait until your iPhone turns on automatically or force restart it.
How Does This Exploit Work?
It’s both impressive and scary that you can do this to not just one iPhone but any iPhone that’s near you. You could, in theory, go see a movie and mess with everyone’s iPhone without them knowing what hit them.
But what’s scarier than that is how easy it is to set this exploit up.
The specific code to do this can be found on GitHub. This can be uploaded to an ESP32 microcontroller, which can be purchased for $15 on Amazon right now, with a platform that supports BLE and has Wi-Fi enabled. We’ve also seen reports of folks successfully launching it from Linux-based laptops or pocket-sized computers like the Raspberry Pi.
After you have all that, all you need to do is upload the code to your microcontroller or other hardware device, and you could theoretically start freezing iPhones — this will include your own, so be very careful.
It’s worth mentioning that you really shouldn’t try this unless you’re only trying it with your own device. As Lima mentions in their article, you should only try to do this yourself for educational purposes, and you should never use this against other people’s consent.
Will Apple Ever Fix This Exploit?
At the time of writing, Apple hadn’t made any official statement about this exploit, and chances are, it’s not on the company’s priority list.
A very similar exploit using the Flipper Zero tool was fixed in iOS 17.2 according to tests done by ZDNET and 9to5Mac, but this particular attack, dubbed “SourApple,” has been successfully tested on various iPhones running iOS 17.2 and iOS 17.2.1; it’s unclear if later releases are vulnerable.
Usually, Apple focuses on exploits that can either mess with your iPhone completely or security issues that could impact your privacy. Plus, the company tends to focus on problems that have affected a larger number of iPhone users.
While this exploit could potentially ruin your iPhone, in most cases, you can simply restart your iPhone and temporarily disable Bluetooth until you’re out of range of the attacker. It can also be prevented by turning Bluetooth off. Although that’s not ideal if you want to listen to music wearing AirPods or other wireless headphones, you can continue using your Apple Watch if you toggle Bluetooth off from the Control Center, rather than in the Settings app.
However, the bottom line is that we also haven’t seen reports of this being used very often. It’s possible that Apple will fix this issue in the near future, though, so it’s always recommended to keep your iPhone up to date.
You can easily do that by going to Settings > General > Software Update and installing any update available; you can also go to Automatic Updates and turn on iOS Updates and Security Responses & System Files, so your iPhone automatically downloads and installs software updates whenever it’s charging, connected to Wi-Fi and locked.
Don’t Try This Exploit at Home
As we mentioned, this exploit is something you shouldn’t try unless you plan to be responsible for it.
If you’re just an iPhone user worried about their device, keep in mind that not everyone will try this exploit. If they do, all you need to do is turn off Bluetooth until you know you’re far away from the microcontroller.
Also remember to also keep your iPhone up to date so you won’t have to deal with exploits and issues like this one.
