Another amusing ‘flaw’ has just surfaced on the web, this time concerning Bluetooth Low Energy (BLE) notifications on the iPhone. We recently witnessed this type of spam appearing on both iPhone and Android devices, thanks to the Flipper Zero. However, given that the Flipper Zero is as expensive as it is useless for normies like you and me, I have a better alternative to offer.
For those unfamiliar, the ESP32 is an electronic card with integrated Wi-Fi and Bluetooth connectivity, highly successful in the world of electronics for its versatility and low cost.
With a tool called EvilAppleJuice ESP32, it is now possible to spam iPhones with BLE notifications using a single ESP32.
This is what these notifications look like:
(Imagine that ad infinitum now…)
This joyous digital mess is based on the work of Ronald Stoner, available on the AppleJuice repo. By incorporating randomization capabilities, it can render an iPhone nearly unusable, all thanks to Evil Apple Juice’s code and a single ESP32.
Here’s what it looks like in real life:
Testing has confirmed that this method works on models such as the iPhone 14 Pro (running iOS 16.6.1), iPhone 13 Pro, iPhone 11 (running iOS 16.6.1), and iPhone iOS 14.8).
It seems that there are still some limitations, as the tool does not send notifications if the keyboard or the camera is active. But hey, your iPhone needs to take a little break, right?
The interesting part is the implementation in this code of features such as modifying the source MAC address completely randomly (BLE_ADDR_TYPE_RANDOM), the possibility of randomly choosing the type of BLE notification or one of the possible recognized devices. These choices are then renewed at each execution (by default, every second).
If you do the math, given the 29 compatible Bluetooth accessories out there and the 3 possible notification types, that makes a total of 87 possible unique notification types (not taking into account the random source MAC address), one of which is broadcast each second. And for the moment, no fix from Apple.
To test this thing, buy an ESP32, clone the repo, and read the documentation (the easiest way is to use VS Code with PlatformIO to download it to your ESP32).
Remember, all of this should be used with caution and responsibility when testing your own equipment. Otherwise, you might end up in prison, and that would mean fewer readers for me, and that’s not cool.