Apple Shuts Down Flipper Zero’s Ability to Shut Down iPhones
(gizmodo.com)
from L4s@lemmy.world to technology@lemmy.world on 16 Dec 2023 06:00
https://lemmy.world/post/9626742
from L4s@lemmy.world to technology@lemmy.world on 16 Dec 2023 06:00
https://lemmy.world/post/9626742
Apple Shuts Down Flipper Zero’s Ability to Shut Down iPhones::IOS 17.2 cut off Flipper Zero users running the Xtreme third-party firmware from mass-spamming popups at iPhones.
threaded - newest
This is the best summary I could come up with:
Apple silently fixed an exploit that let Flipper Zero devices mass-bombard nearby iPhones with popup notifications, so much so they would essentially disable users’ phones requiring a restart.
Flipper Zero is a small multi-tool able to mimic NFC, RFID, or other radio signals.
With that, a Flipper Zero user could stand in a busy intersection and hit all iPhones in a 30-foot radius with popup notifications, enough to make the Apple device lock up and require a restart.
You can’t get the Xtreme firmware from Flipper’s own third-party app store, but it is still easy for anybody to download and install it on their NFC-replicating device.
The latest iOS update added a number of handy features like the Journal app, but as usual, Apple doesn’t expand on all its security fixes in its release notes.
Notably, iOS 17.3 is supposed to add a heap of anti-theft features, but we’ll need to wait and see whether Apple or any other device maker can put a stop to these annoying Bluetooth messages altogether.
The original article contains 375 words, the summary contains 171 words. Saved 54%. I’m a bot and I’m open source!
Is this another tale of script kiddies ruining a good thing. Jumping the bluebox
No. This makes iPhones safer.
What did they ruin?
The ability of one script kiddy to mess with people’s iPhones.
Well, if one script kiddy can do that, then plenty of more malicious people can, so it’s a naked king situation.
is Android vulnerable to targeted NFC ?
It’s Bluetooth here, and possibly. Apple was handling a class of pairing attempts poorly. Android could do the same thing. It currently seems like that’s not the case, and there are a lot of eyes looking at what’s open source.
Maybe, but Android keeps rewriting its Bluetooth stack from scratch
Android’s current Bluetooth stack has only been around for like 2.5 years
So it’s also less battle tested, probably, although less likely to have memory corruption bugs
I don’t know the ins and outs. But I have a flipper and an android. It looks like the issue is on the UI more than overwhelming the hardware like a DDOS. My android gets a bunch of bogus connect attempts for random Bluetooth headphones that don’t exisit, but there’s enough time in between each to go in and turn off Bluetooth if you wanted. The iPhone made it so you just always had one, so you couldn’t do anything else with the phone.
This is why it’s important these devices are available. Got to find and fix these sorts of vulnerabilities
Exactly what i was thinking. This is the flipperzero working as intended.
Seriously!
Such A easy to exploit issue that they package it into a consumer market tool.
Because if that’s what’s available to nontech folks, Imagine what a professional criminal tool has.
This reads pretty much misleading to me.
They say the flipper could bomb phones within 30 ft range. Via NFC! I would even doubt them stating a range of 30 mm.
It mostly depends of the antenna setup.
I’m fairly sure you can get several meters of range with an external antenna.
I think a meter is pretty much the limit with most NFC. There is a longer range NFC+ that can reach further, but nowhere near 30ft.
Long range stuff typically is UHF RFID in the 860-960MHz band.
HF NFC at 13.56 MHz can be done up to roughly 20cm, though with passive sniffing you might pick up parts at longer range.
LF NFC is just a mess. I think there were some pretty long range readers available, but nobody should be using that stuff anymore, it’s just horrible. Unfortunately there still are companies using that for access control, so I’m now and then handing out copies of their keys to friends. The main security on those things is that sometimes it takes a few tries to get the your reader detect the tag.
That attack is via bluetooth, not NFC. And the article states exactly that (just checked).
Shouldn’t this headline read “Apple fixes bug”?
Apple has got bugs??
And viruses too
Link?
securelist.com/operation-triangulation/109842/
uptycs.com/…/macstealer-command-and-control-c2-ma…
macworld.com/…/list-of-mac-viruses-malware-and-se…
www.exploit-db.com/search?platform=macos
Good thing that only impacts iOS 15.7 and below, which no one is using, and it has been patched in 15.8. 👍
Good reason to install those updates!
Most known viruses are patched in most current versions in popular software.
*features
One of the best lines from Armageddon:
“Sir, the override. It’s been overridden.”
.
Here is an alternative Piped link(s):
https://piped.video/2VY_xxL2jL0
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
I thought Flipper was that dolphin
Yes, we just discovered there where thousands of them, and they are Transformers. They become small white and orange that can control the world
Little bastards.
Good right? Congrats. You did a security.
“ON today’s episode on hacking your flipper…”
Double shutdown on you!