this post was submitted on 16 Dec 2023
171 points (97.2% liked)

Technology

59693 readers
2972 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Apple Shuts Down Flipper Zero’s Ability to Shut Down iPhones::IOS 17.2 cut off Flipper Zero users running the Xtreme third-party firmware from mass-spamming popups at iPhones.

all 35 comments
sorted by: hot top controversial new old
[–] rjek 135 points 11 months ago (1 children)

Shouldn't this headline read "Apple fixes bug"?

[–] NeoNachtwaechter@lemmy.world 15 points 11 months ago (2 children)
[–] maynarkh@feddit.nl 17 points 11 months ago (1 children)
[–] tsonfeir@lemm.ee 0 points 11 months ago (1 children)
[–] LazaroFilm@lemmy.world 4 points 11 months ago
[–] Player2@lemm.ee 107 points 11 months ago (2 children)

This is why it's important these devices are available. Got to find and fix these sorts of vulnerabilities

[–] webghost0101@sopuli.xyz 66 points 11 months ago

Exactly what i was thinking. This is the flipperzero working as intended.

Seriously!

Such A easy to exploit issue that they package it into a consumer market tool.

Because if that's what's available to nontech folks, Imagine what a professional criminal tool has.

[–] Mango@lemmy.world 38 points 11 months ago

Good right? Congrats. You did a security.

[–] aeronmelon@lemm.ee 30 points 11 months ago (1 children)

One of the best lines from Armageddon:

"Sir, the override. It's been overridden."

[–] autotldr@lemmings.world 18 points 11 months ago

This is the best summary I could come up with:


Apple silently fixed an exploit that let Flipper Zero devices mass-bombard nearby iPhones with popup notifications, so much so they would essentially disable users’ phones requiring a restart.

Flipper Zero is a small multi-tool able to mimic NFC, RFID, or other radio signals.

With that, a Flipper Zero user could stand in a busy intersection and hit all iPhones in a 30-foot radius with popup notifications, enough to make the Apple device lock up and require a restart.

You can’t get the Xtreme firmware from Flipper’s own third-party app store, but it is still easy for anybody to download and install it on their NFC-replicating device.

The latest iOS update added a number of handy features like the Journal app, but as usual, Apple doesn’t expand on all its security fixes in its release notes.

Notably, iOS 17.3 is supposed to add a heap of anti-theft features, but we’ll need to wait and see whether Apple or any other device maker can put a stop to these annoying Bluetooth messages altogether.


The original article contains 375 words, the summary contains 171 words. Saved 54%. I'm a bot and I'm open source!

[–] Lophostemon@aussie.zone 10 points 11 months ago (1 children)

I thought Flipper was that dolphin

[–] Kyoyeou@slrpnk.net 3 points 11 months ago (1 children)

Yes, we just discovered there where thousands of them, and they are Transformers. They become small white and orange that can control the world

[–] Lophostemon@aussie.zone 2 points 11 months ago

Little bastards.

[–] A_A@lemmy.world 7 points 11 months ago (1 children)

is Android vulnerable to targeted NFC ?

[–] bhamlin@lemmy.world 9 points 11 months ago (2 children)

It's Bluetooth here, and possibly. Apple was handling a class of pairing attempts poorly. Android could do the same thing. It currently seems like that's not the case, and there are a lot of eyes looking at what's open source.

[–] batmaniam@lemmy.world 3 points 11 months ago

I don't know the ins and outs. But I have a flipper and an android. It looks like the issue is on the UI more than overwhelming the hardware like a DDOS. My android gets a bunch of bogus connect attempts for random Bluetooth headphones that don't exisit, but there's enough time in between each to go in and turn off Bluetooth if you wanted. The iPhone made it so you just always had one, so you couldn't do anything else with the phone.

[–] ozymandias117@lemmy.world 2 points 11 months ago

Maybe, but Android keeps rewriting its Bluetooth stack from scratch

Android’s current Bluetooth stack has only been around for like 2.5 years

So it’s also less battle tested, probably, although less likely to have memory corruption bugs

[–] scarabic@lemmy.world 2 points 11 months ago

Double shutdown on you!

[–] RIP_Cheems@lemmy.world 1 points 11 months ago

"ON today's episode on hacking your flipper..."

[–] n3cr0@lemmy.world 0 points 11 months ago (2 children)

This reads pretty much misleading to me.

They say the flipper could bomb phones within 30 ft range. Via NFC! I would even doubt them stating a range of 30 mm.

[–] aard@kyu.de 30 points 11 months ago

That attack is via bluetooth, not NFC. And the article states exactly that (just checked).

[–] Tetsuo@jlai.lu 1 points 11 months ago (1 children)

It mostly depends of the antenna setup.

I'm fairly sure you can get several meters of range with an external antenna.

[–] Death_Equity@lemmy.world 1 points 11 months ago (1 children)

I think a meter is pretty much the limit with most NFC. There is a longer range NFC+ that can reach further, but nowhere near 30ft.

[–] aard@kyu.de 2 points 11 months ago

Long range stuff typically is UHF RFID in the 860-960MHz band.

HF NFC at 13.56 MHz can be done up to roughly 20cm, though with passive sniffing you might pick up parts at longer range.

LF NFC is just a mess. I think there were some pretty long range readers available, but nobody should be using that stuff anymore, it's just horrible. Unfortunately there still are companies using that for access control, so I'm now and then handing out copies of their keys to friends. The main security on those things is that sometimes it takes a few tries to get the your reader detect the tag.