this post was submitted on 16 Dec 2023
174 points (96.8% liked)

Technology

59292 readers
3884 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Apple Shuts Down Flipper Zero’s Ability to Shut Down iPhones::IOS 17.2 cut off Flipper Zero users running the Xtreme third-party firmware from mass-spamming popups at iPhones.

all 35 comments
sorted by: hot top controversial new old
[–] [email protected] 138 points 11 months ago (1 children)

Shouldn't this headline read "Apple fixes bug"?

[–] [email protected] 15 points 11 months ago (2 children)
[–] [email protected] 17 points 11 months ago (1 children)
[–] [email protected] 0 points 11 months ago (1 children)
[–] [email protected] 3 points 11 months ago* (last edited 11 months ago) (1 children)
[–] [email protected] -1 points 11 months ago (1 children)

Good thing that only impacts iOS 15.7 and below, which no one is using, and it has been patched in 15.8. 👍

Good reason to install those updates!

[–] [email protected] 7 points 11 months ago

Most known viruses are patched in most current versions in popular software.

[–] [email protected] 4 points 11 months ago
[–] [email protected] 107 points 11 months ago (2 children)

This is why it's important these devices are available. Got to find and fix these sorts of vulnerabilities

[–] [email protected] 66 points 11 months ago

Exactly what i was thinking. This is the flipperzero working as intended.

[–] [email protected] 7 points 11 months ago

Seriously!

Such A easy to exploit issue that they package it into a consumer market tool.

Because if that's what's available to nontech folks, Imagine what a professional criminal tool has.

[–] [email protected] 38 points 11 months ago

Good right? Congrats. You did a security.

[–] [email protected] 30 points 11 months ago (1 children)

One of the best lines from Armageddon:

"Sir, the override. It's been overridden."

[–] [email protected] 18 points 11 months ago

This is the best summary I could come up with:


Apple silently fixed an exploit that let Flipper Zero devices mass-bombard nearby iPhones with popup notifications, so much so they would essentially disable users’ phones requiring a restart.

Flipper Zero is a small multi-tool able to mimic NFC, RFID, or other radio signals.

With that, a Flipper Zero user could stand in a busy intersection and hit all iPhones in a 30-foot radius with popup notifications, enough to make the Apple device lock up and require a restart.

You can’t get the Xtreme firmware from Flipper’s own third-party app store, but it is still easy for anybody to download and install it on their NFC-replicating device.

The latest iOS update added a number of handy features like the Journal app, but as usual, Apple doesn’t expand on all its security fixes in its release notes.

Notably, iOS 17.3 is supposed to add a heap of anti-theft features, but we’ll need to wait and see whether Apple or any other device maker can put a stop to these annoying Bluetooth messages altogether.


The original article contains 375 words, the summary contains 171 words. Saved 54%. I'm a bot and I'm open source!

[–] [email protected] 10 points 11 months ago (1 children)

I thought Flipper was that dolphin

[–] [email protected] 3 points 11 months ago (1 children)

Yes, we just discovered there where thousands of them, and they are Transformers. They become small white and orange that can control the world

[–] [email protected] 2 points 11 months ago

Little bastards.

[–] [email protected] 7 points 11 months ago (1 children)

is Android vulnerable to targeted NFC ?

[–] [email protected] 9 points 11 months ago (2 children)

It's Bluetooth here, and possibly. Apple was handling a class of pairing attempts poorly. Android could do the same thing. It currently seems like that's not the case, and there are a lot of eyes looking at what's open source.

[–] [email protected] 3 points 11 months ago

I don't know the ins and outs. But I have a flipper and an android. It looks like the issue is on the UI more than overwhelming the hardware like a DDOS. My android gets a bunch of bogus connect attempts for random Bluetooth headphones that don't exisit, but there's enough time in between each to go in and turn off Bluetooth if you wanted. The iPhone made it so you just always had one, so you couldn't do anything else with the phone.

[–] [email protected] 2 points 11 months ago

Maybe, but Android keeps rewriting its Bluetooth stack from scratch

Android’s current Bluetooth stack has only been around for like 2.5 years

So it’s also less battle tested, probably, although less likely to have memory corruption bugs

[–] [email protected] 2 points 11 months ago

Double shutdown on you!

[–] [email protected] 1 points 11 months ago

"ON today's episode on hacking your flipper..."

[–] [email protected] -1 points 11 months ago (2 children)

This reads pretty much misleading to me.

They say the flipper could bomb phones within 30 ft range. Via NFC! I would even doubt them stating a range of 30 mm.

[–] [email protected] 31 points 11 months ago

That attack is via bluetooth, not NFC. And the article states exactly that (just checked).

[–] [email protected] 1 points 11 months ago (1 children)

It mostly depends of the antenna setup.

I'm fairly sure you can get several meters of range with an external antenna.

[–] [email protected] 1 points 11 months ago (1 children)

I think a meter is pretty much the limit with most NFC. There is a longer range NFC+ that can reach further, but nowhere near 30ft.

[–] [email protected] 2 points 11 months ago

Long range stuff typically is UHF RFID in the 860-960MHz band.

HF NFC at 13.56 MHz can be done up to roughly 20cm, though with passive sniffing you might pick up parts at longer range.

LF NFC is just a mess. I think there were some pretty long range readers available, but nobody should be using that stuff anymore, it's just horrible. Unfortunately there still are companies using that for access control, so I'm now and then handing out copies of their keys to friends. The main security on those things is that sometimes it takes a few tries to get the your reader detect the tag.