Bluetooth Low Energy denial of service attacks

The Bluetooth Low Energy denial of service attacks are a series of denial-of-service attacks against mobile phones and iPads via Bluetooth Low Energy that can make it difficult to use them.

DEFCON proof of concept attack
At DEF CON 31 in 2023, a demonstration was given using equipment made with a Raspberry Pi, a Bluetooth adapter and a couple of antennas. This attack used Bluetooth advertising packets, hence did not require pairing. The demonstration version claimed to be an Apple TV and affected iOS 16.

Flipper Zero attack
This attack also uses Bluetooth advertising packets to repeatedly send notification signals to iPhones and iPads running iOS 17. It uses a Flipper Zero running third-party Xtreme firmware. It functions even when the device is in airplane mode, and can only be avoided by disabling Bluetooth from the device's Settings app.

The attack can cause the device to crash. It also affects iOS 17.1.

The release of iOS 17.2 made devices more resistant to the attack, reducing the flood of popup messages.

An app to perform these attacks was written for Android.

Interference with a medical device
An attendee of Midwest FurFest 2023 tweeted that the Android device they used to control their insulin pump had been crashed by a BLE attack and that if they hadn't been able to fix it they would have had to go to a hospital.

Wall of Flippers
The Wall of Flippers project has written a Python script that can scan for BTLE attacks. It can run on Linux or Microsoft Windows.

Android attack
The Flipper Zero version of the attack has been adapted to attack Android and Microsoft Windows systems.