Get ESP32x3 board with ufl connector instead of built-in antenna, connect it to a 10W+ amplifier, then go to a concert with thousands of phones and see all of them crash while people were recording.
Isn't it more rewarding to understand why this happens, research new ways to protect instead of merely using what someone smarter discovered and coded?
I looked at your code and it is exceedingly simple. Wouldn't be hard to fix but Apple have always had a better marketing team than they do cyber security
@@lucarizzelo It still is good. I’m a Microsoft guy cause I’m in IT and have to do many things I can’t do in MacOS. I prefer Windows overall, but MacOS is all most people need (if you wanted to spend more…). I use iPhones for the simplicity. I wouldn’t even consider this a cyber threat. It’s just a mean prank at most. I tried to crash my iPhone using an Arduino board then I used a HackRF. (I’m also an electronics and Arduino nerd) I couldn’t crash my iPhone with BLE spam, but the spam still occurred less frequently. Plenty frequent to be annoying. In my opinion they should just turn off the new device broadcasting and let people pair Bluetooth devices the original way which is already as simple as it gets.
Wait.are you saying phones with Bluetooth off are being affected? This makes no sense since it’s a Bluetooth exploit. My experience shows nothing when even a Lock Screen is up. You have to be unlocked to be spammed.
@@andyk939 unlocked with Bluetooth disabled, got it to crash. It starts showing device connection popups with Bluetooth enabled or without Bluetooth enabled. At least it worked on iPhone 14 pro max ios 17.1.2
esp32-c3 supermini is $2 does same for simple i use esp-idf, much easier to use less setup more interesting is maybe find my network communication, esp32 ble can act as airtag or message relay
Does this update the phone when it cannot be updated normally? How do you install the IOS that you need? Even if the phone turns out to be locked? Thank you very much.
Hey so from what I know if someone has automatic updates, iOS17.2 will be installed automatically. This was tested on 17.1 - I haven't tested on 17.2 yet, but I think it can still cause the phone to crash from what I've read. - If the phone is locked the pairing notifications can still come through, although I think you may need to wake the screen to see the popup. Will get back to you when I test this a bit more!
Gonna have to do some more testing on my end. I am still able to get a flood a messages but no crash yet after 10 mins, when previous to update crash was within 1-2mins
tôi kiểm tra nó trên iphone 11 iios 17.4 nó hoạt động nhưng không bị crash treo và sập nguồn điện thoại. iphone 15 promax ios 17.0.3 thì hoạt động tốt. nó treo cứng và phải khởi động lại
Not sure if I can post links in comments. But will update the video description now. If you search on AliExpress it is the Lolin Esp32 s3 mini. From the Lolin store.
@@catzpach0 I covered this on my stream today and noticed you have a USB nugget at the end! Do you want an s3 dev kit to make an s3 version? We started using the s3 on our new version, but we haven't started selling them yet. If you want one, I'd love to see what you do with it
I’ve seen examples where it works on android devices using the flipper zero version of this exploit so I’m sure there is a way. Would just be a matter of knowing the Bluetooth packet data to spoof a pairing request for android device.
Market fragmentation is one reason. You don't know which android responds to which requests. I know some Sony and JBL audio products shows the same kind of pairing popup tho
Ok this is driving me nuts guys, I've gone through 4 types of ESP's and only gotten 1 type to work, and I can't replicate it. I ended up buying these exact LOLINS, and I'm still getting one of my common errors: "xtensa-esp32s3-elf-g++: error: unrecognized command line option '-std=gnu++2b'; did you mean '-std=gnu++2a'? " What am I doing wrong @catzpacho?
heya. Sorry you’re having trouble with this!! Compiling stuff for these can sometimes be a nightmare. What I can try is compiling a .bin file that you could try flashing straight onto the board. I’ll drop you a message here when I get a chance.
Your'e the best man, Not sure what I'm doing wrong. I got two Wemo boards flashed, and since then I've tried like 4 other brands now, including the lolin s3mini all with the same issue. I've even tried two versions of arduino IDE @@catzpach0
In the meantime this vulnerability has been fixed .... so only people not updating their phones are still in danger. Besides I find it questionable to publish such instructions.
I’m glad to see Apple have fixed this now. My intention is purely educational to show how worryingly easy it is for someone with limited knowledge and resources to perform an exploit on one of the most popular phones in use. I think Apple can still go further with the fix, whilst it has stopped crashes, the frequency of pairing requests getting through is still annoying.
This kind of "attack" has relatively low stake and does not need to go through normal disclosure procedure that can take ages (because no data is loss/stolen) and could be a faster way to make Apple fix it. Also this can be useful to convert AFU to BFU state and make the phones more secure in some situations
I think this is the best way to get vulnerabilities fixed - sadly! I've reported a few vulnerabilities to big companies - and on the whole, they just ignore them.
Trying to use a TZT ESP32-C3 Development Board and I keep getting "esp_fill_random" error on compile. Anyone know the github author's discord? His name he linked doesn't come up with anything.
For some reason I cant post on the other video. Just went over it again with a fresh lolin and another esp and I could get them to compile fine but they don't actually work. Looking at serial console they look like they are doing something but my phone is silent- going back to my original c3 supermini and it exploits my phone instantly. @@catzpach0
Get ESP32x3 board with ufl connector instead of built-in antenna, connect it to a 10W+ amplifier, then go to a concert with thousands of phones and see all of them crash while people were recording.
👀👀👀 v devious
ROFL, That's a top idea!!
Interesting 😂
apparently it doesnt show when ur on camera or keyboard tho :(
Isn't it more rewarding to understand why this happens, research new ways to protect instead of merely using what someone smarter discovered and coded?
I looked at your code and it is exceedingly simple. Wouldn't be hard to fix but Apple have always had a better marketing team than they do cyber security
Not at all. Apples Phone and Firmware Security was superior for many many years
@@lucarizzelo It still is good. I’m a Microsoft guy cause I’m in IT and have to do many things I can’t do in MacOS. I prefer Windows overall, but MacOS is all most people need (if you wanted to spend more…). I use iPhones for the simplicity.
I wouldn’t even consider this a cyber threat. It’s just a mean prank at most. I tried to crash my iPhone using an Arduino board then I used a HackRF. (I’m also an electronics and Arduino nerd) I couldn’t crash my iPhone with BLE spam, but the spam still occurred less frequently. Plenty frequent to be annoying. In my opinion they should just turn off the new device broadcasting and let people pair Bluetooth devices the original way which is already as simple as it gets.
Keep posting videos like this, please.
Esp32, worked on multiple iPhones with Bluetooth enabled and with it disabled
Wait.are you saying phones with Bluetooth off are being affected? This makes no sense since it’s a Bluetooth exploit. My experience shows nothing when even a Lock Screen is up. You have to be unlocked to be spammed.
@@andyk939 unlocked with Bluetooth disabled, got it to crash.
It starts showing device connection popups with Bluetooth enabled or without Bluetooth enabled.
At least it worked on iPhone 14 pro max ios 17.1.2
Already fixed in the latest update.
Not according to my tests.
Nice exploit, very explained video, good stuff!
2 questions 1. does it still work for ios 18 betas and 2. is there a way to make it also spam for android
compile error: 'esp_fill_random' was not declared in this scope
pls help me
Hmm 🤔
Have you added the Nimble package to your your Arduino IDE library? And added the additional esp boards link in settings?
I did and got this error. @@catzpach0
esp32-c3 supermini is $2 does same
for simple i use esp-idf, much easier to use less setup
more interesting is maybe find my network communication, esp32 ble can act as airtag or message relay
Nice I will take a look at that board! thanks
No luck using one. got esp_fill_random was not declared in this scope when I tried to compile, but I kinda have no idea what im doing.
I think this is the model that I actually got to work, that shows an LED when powered on. @@catzpach0
I can hear your neighbor screaming in the background.
Perhaps the range is further than expected 😵💫
Does this update the phone when it cannot be updated normally? How do you install the IOS that you need? Even if the phone turns out to be locked? Thank you very much.
Hey so from what I know if someone has automatic updates, iOS17.2 will be installed automatically. This was tested on 17.1 - I haven't tested on 17.2 yet, but I think it can still cause the phone to crash from what I've read. - If the phone is locked the pairing notifications can still come through, although I think you may need to wake the screen to see the popup. Will get back to you when I test this a bit more!
@@catzpach0 Perfect. Thank you very much.
Wonder if 17.2.1 fixes this?
Ooh perhaps. Will update and test later today.
@@catzpach0 results?
this bluetooth exploit is fixed in IOS17.2, tested on the flipper zero xtreme
From my testing, it has not. Or at least it doesn't always work. My friend used it on his own 17.2 phone and it locked up just fine.
Gonna have to do some more testing on my end. I am still able to get a flood a messages but no crash yet after 10 mins, when previous to update crash was within 1-2mins
tôi kiểm tra nó trên iphone 11 iios 17.4 nó hoạt động nhưng không bị crash treo và sập nguồn điện thoại. iphone 15 promax ios 17.0.3 thì hoạt động tốt. nó treo cứng và phải khởi động lại
Does it work on esp32-S2 mini?
Hi. Needs to be s3 for this project as s2 doesn’t have Bluetooth capabilities
One problem your board doesn't have Bluetooth it's only wifi
Esp32 has ble and wifi. You may think of esp8266
@@Bijimaru_69 no I was thinking of s2 model of this board
Can you link the exact board you have.
Not sure if I can post links in comments. But will update the video description now. If you search on AliExpress it is the Lolin Esp32 s3 mini. From the Lolin store.
@@catzpach0 Keep getting "'esp_fill_random' was not declared in this scope" on the ESP32-S3 Mini Development Board, Based on ESP32-S3FH4R2
Oh weird. Seen someone else mention this too. Are you using the additional boards link from the video description?
nice video congratulations
i just tried turn on it in my school...
careful 🙈
this is what happens when youre "phone" is all over the "spy network"
Can you make esp32 maruada
Ooh I’ve seen those. Definitely interested in learning a bit more about how they work.
where did you get the micro usb cable
it came with my keyboard, name on the USB C cable is FLOVEME
Actually the bettry was dead see it or zoom
Apple kicked Ios 17.2 now the exploid is closed.
what iPhone you have?
Think the pop ups will still happen. Not sure if it’s enough to crash the phone anymore. Will do some testing today 👍🏻
@@catzpach0 two days ago it crashes
HEY THAT'S MY NUGGET!
👀
@@catzpach0 I covered this on my stream today and noticed you have a USB nugget at the end! Do you want an s3 dev kit to make an s3 version? We started using the s3 on our new version, but we haven't started selling them yet. If you want one, I'd love to see what you do with it
@retiallc sorry just seeing this. That would be amazing! Thank you 🤩
Is there a reason we can't port this to Android?
I’ve seen examples where it works on android devices using the flipper zero version of this exploit so I’m sure there is a way. Would just be a matter of knowing the Bluetooth packet data to spoof a pairing request for android device.
Market fragmentation is one reason. You don't know which android responds to which requests. I know some Sony and JBL audio products shows the same kind of pairing popup tho
nice
Какой радиус действия?
I haven’t tested this myself yet. Will get back to you.
на прямом расстоянии 30 метров точно было
Ok this is driving me nuts guys, I've gone through 4 types of ESP's and only gotten 1 type to work, and I can't replicate it. I ended up buying these exact LOLINS, and I'm still getting one of my common errors: "xtensa-esp32s3-elf-g++: error: unrecognized command line option '-std=gnu++2b'; did you mean '-std=gnu++2a'? " What am I doing wrong @catzpacho?
heya. Sorry you’re having trouble with this!! Compiling stuff for these can sometimes be a nightmare. What I can try is compiling a .bin file that you could try flashing straight onto the board. I’ll drop you a message here when I get a chance.
Your'e the best man, Not sure what I'm doing wrong. I got two Wemo boards flashed, and since then I've tried like 4 other brands now, including the lolin s3mini all with the same issue. I've even tried two versions of arduino IDE @@catzpach0
So many bug in 🍎 😄 glad i dont use 🍎.
Just found emojis, huh 😂😂
Apple should use Rust for programming critical pieces of the code.
I just casually put "%s" in wifi names and other user input
In the meantime this vulnerability has been fixed .... so only people not updating their phones are still in danger. Besides I find it questionable to publish such instructions.
I’m glad to see Apple have fixed this now. My intention is purely educational to show how worryingly easy it is for someone with limited knowledge and resources to perform an exploit on one of the most popular phones in use.
I think Apple can still go further with the fix, whilst it has stopped crashes, the frequency of pairing requests getting through is still annoying.
honestly funny to just do it to friends, also not everyone has a phone that is compatible with ios 17.
This kind of "attack" has relatively low stake and does not need to go through normal disclosure procedure that can take ages (because no data is loss/stolen) and could be a faster way to make Apple fix it. Also this can be useful to convert AFU to BFU state and make the phones more secure in some situations
I think this is the best way to get vulnerabilities fixed - sadly!
I've reported a few vulnerabilities to big companies - and on the whole, they just ignore them.
Tried the "fix" and my friends phone locked up just fine, so... perhaps not?
Trying to use a TZT ESP32-C3 Development Board and I keep getting "esp_fill_random" error on compile. Anyone know the github author's discord? His name he linked doesn't come up with anything.
Will look into this for you. Im using the S3 version of the board so perhaps there is an issue between C3 and S3?
For some reason I cant post on the other video. Just went over it again with a fresh lolin and another esp and I could get them to compile fine but they don't actually work. Looking at serial console they look like they are doing something but my phone is silent- going back to my original c3 supermini and it exploits my phone instantly. @@catzpach0