Apple Fixes Bug Allowing Flipper Zero to Lock Up iPhones

[Shirasaki]

And there's laws about that. Try openly manufacturing and selling a device to consumers that scrambles the police radio frequencies or the military's, and you'll have a very hard time pulling the "I always blame people for abusing the tech, not the tech themselves." card from a jail cell.

My blame is broadly applied to anyone and everyone, including but not limited to: government officials, military personnel, secret agent and so forth. Whether someone is subject to law or not is not what I care about in this argument. The nefarious intent from people is enough of a motivation to abuse tech, regardless of who they are.

 

[MBAir2010]

Ch-ch-ch-chkkk

- What’s that Flipper? You love USB-C?

Ch-ch-ch-chkkk-Chhkkk

- Oh, because you’re faster than lightning… right!

"Faaa loves ta' hack!"

 

[MyOwnDrummer]

People need to understand something: This device puts into one device technology that has been used by everyone from criminals to governments (is there a difference? lol), in some instances for decades. This device existing and being so easy to use and combining so many tools together will be better for all of us in the long-run, because manufacturers will patch security holes and update their hardware over time to prevent these exploits. There is a lot of lax security out there that relies on simple radio communication.

By taking it from the hands of the few and putting it into the hands of the many, we all become safer because companies are actually forced to do something about this. This is no different than someone like The Lock Picking Lawyer, who sells lock picking kits through his business Covert Instruments and has a popular YouTube channel where he shows the flaws in various locks. Consumers are empowered to buy things that are more secure in the long run, and penetration testing has always been a thing since the invention of the door and extends to all modern devices.

At the end of the day bad guys are always gonna bad guy. People thought they were secure because they didn't know they weren't until now. We shouldn't penalize the company making these tools, we should penalize the companies selling garbage systems that are so easy to hack into or overload. Someone will always make these tools, whether in their basement, or in some NSA lab or corporate espionage operation.

Exactly! Tuff Possum Gear sells lockpicking kits and has a video of a novice lockpicker picking a popular trailer lock in 3 seconds. People complain, but because of that video, I no longer trust that lock and have upgraded my security.

 

[Yujenisis]

The same exploit could also be used to target Android devices, but many people who carried out these attacks set it to target iOS devices only because they wanted to "punish" iOS users for not using Android.

This is exactly right. I have a Flipper Zero which I use mainly for tinkering. The subreddit and associated GitHubs are packed with people who installed the custom firmware mainly to “stick it” to iOS users.

The irony, is that the BLE spam attack is still not patched on Android. I suspect bored antisocial script kiddies with Flippers will soon begin targeting Android users and Google will need to patch this vulnerability. I’m more than a little surprised they ignored it so far. The software makes it easy to push a button and basically lock up all nearby phones. Most users do not know how to hard reboot their phones and this could be quite frustrating for many users very soon.

 

[zorinlynx]

Apple knew about this bug for a few months now but were neglecting to fix it. I suspect the reason it was finally fixed was that there was a very large convention in Chicago a couple weeks ago, and someone there was using a zero to crash vendors' iPhones the entire weekend. The surge of crash reports probably finally got them to fix the bug.

It's absurd that it took something like that for them to finally fix such a serious issue. People lost money over this in lost sales. Apple absolutely lost some of my respect over their handling of this issue.

 

[Monotremata]

Sure, like people kill people - it's not the guns. But in the UK we don't allow gun ownership because people cannot be trusted and guns would be used for crime and murder. 🤷‍♂️

Your avatar just reminded me its time for the "wake everybody up with my new Tom and Jerry represses marathon" heh..

 

[msackey]

This is exactly right. I have a Flipper Zero which I use mainly for tinkering. The subreddit and associated GitHubs are packed with people who installed the custom firmware mainly to “stick it” to iOS users.

It's amazing how petty people can be, isn't it? Internet has helped to breed this type of character. I'm also thinking of what they call doxxing and that other act called SWATing. Both are forms of shaming and harassing. Really terrible -- and really petty.

 

[blazerunner]

Looks like an mp3 player from the early 2000s... miss those things; amazing battery life.

 

[Polinsky]

I have a Flipper Zero which I use mainly for tinkering.

Huh? What kind of "tinkering" would you "mainly" do? And what do you do with it when you're not "mainly tinkering". Anyone who owns this is most definitely NOT a good person as far as I'm concerned.

 

[jooish]

Huh? What kind of "tinkering" would you "mainly" do? And what do you do with it when you're not "mainly tinkering". Anyone who owns this is most definitely NOT a good person as far as I'm concerned.

This is a joke, right?

Also, anyone that wants to get one make sure you're getting it from the original website or authorized sellers. Flipperzero.one is their website.

 

[ginkobiloba]

Do you say the same thing when you see a screwdriver?

Wrong analogy. A screwdriver is useful 99% of the time, and used for stabbing people or breaking into homes 1% of the time. The Flipper will be used 50% of the time for somewhat useful things and the rest for nefarious uses.
This is why we accept the small risks from knives, screwdrivers , etc.. and less from from..uh..atomic bomb kits for “educational purposes”

if the flipper seller was at least restricting the sales to people who can prove that they are cybersecurity researchers, it wouldn’t be such a big problem.

honestly, the whole “ItssNOtgUnZDatKillPeOplE! ITsPeoPle” mantra is so moronic and outdated. Grow up people.

 

[ginkobiloba]

someone used something like this to get into my building, steal packages and break into my cars. caused thousands $$ of damage and weeks of not having cars because he busted the windows and damaged the doors. If I see someone with one of these, I may express my alternative personality.

It’s funny that so many people are downvoting you. Don’t you understand ? You are supposed to be glad that you were robbed ! 😂 You should be thankful that you have been used as an..huh..educational exercice for Flipper users ! You are contributing to advancing technology !

 

[Treq]

Hmmm, you'd think this would be something you'd expect to hear on Android not apple lol

Oh, there is an exploit for android. I don't think they patched it yet. I used it on my niece's phone a couple weeks ago.

 

[Treq]

The Flipper Zero is more affordable than an Apple Watch (though still expensive if you only use that one feature).

yeah, and if all you want is a remote trigger you can use a selfie stick for a lot less money.

 

[Earendil]

Huh? What kind of "tinkering" would you "mainly" do? And what do you do with it when you're not "mainly tinkering". Anyone who owns this is most definitely NOT a good person as far as I'm concerned.

Instead of trashing old rfid tags you can repurpose them in a smart home. This device would help accomplish that.
I suggest not letting your ignorance cause you to label people as “good” and “bad”.

 

[Earendil]

Wrong analogy. A screwdriver is useful 99% of the time, and used for stabbing people or breaking into homes 1% of the time. The Flipper will be used 50% of the time for somewhat useful things and the rest for nefarious uses.
This is why we accept the small risks from knives, screwdrivers , etc.. and less from from..uh..atomic bomb kits for “educational purposes”

if the flipper seller was at least restricting the sales to people who can prove that they are cybersecurity researchers, it wouldn’t be such a big problem.

honestly, the whole “ItssNOtgUnZDatKillPeOplE! ITsPeoPle” mantra is so moronic and outdated. Grow up people.

So we’re just making up stats now? Are you even aware of all the communities that talk about the great uses for this? I’m only cursorily involved in home automation, and this thing has use there.

> honestly, the whole “ItssNOtgUnZDatKillPeOplE! ITsPeoPle” mantra is so moronic and outdated. Grow up people.

So are blanket black and white statements. Most of us understand the world is grey, and needs sophisticated laws to deal with the grey. Black and white bans on all things that could possibly be used to break a law is “moronic and outdated”, and I believe those people should “grow up”.

 

[CarAnalogy]

You can remote shutter an iPhone camera via Apple Watch as well.

One of many, many examples.

 

[CarAnalogy]

It should not even be illegal do open the doors of cars with this device, because car manufactures neglected security in exchange for convenience for years and many still do.

The worst kinds of electronic car keys are the ones that open the door when you are close to the car without pressing a button. Thieves do no longer have to hack those devices. They just have to amplify the signal of the key to make the car "think" that the key is close by. So the thieves sneak to the house and if the key if close to an outer wall of the house, they can amplify the key signal enough to open the door of the car that parks outside and sometimes even start the car and drive away.

Some things simply should not be wireless. Some houses even use wireless options to open and close the window shutters and those often are not secured by any kind of encryption. So a thieve just had to know the right frequency - which very often is 433 MHz - and then he can open the window shutters of a house.

Wireless light switches are also a dangerous thing. A thieve could turn the lights inside a house on and off multiple times and if there is no reaction, the owners are likely sleeping or not at home at all.

Many wireless cameras still have no encryption at all. Thieves and other curious people are still able to access the video and even audio of many of those cameras. Very convenient. They can look into the homes of other people and even blackmail them with what those cameras recorded.

If an insecure wireless device helped a thieve break into your home, your insurance company likely will not pay a single penny.

This is exactly the kind of thing this device is for. With the owner’s permission, I cloned a car’s key fob and then tried to re-use it to see what would happen. As soon as I tried it, the car denied all further wireless unlocks until the car was opened via key, even with the legitimate key fob. This demonstrated that the car is safe from this particular attack, which the owner was pleased to know.

This is why the device exists. People were already doing this. Now the average (well, you know, on a curve) person can see what kind of chaos goes on in the electromagnetic spectrum that they were not aware of.

By the way the Flipper does not do any of the things described in the third through last paragraphs. It has a display like a Gameboy (the one with the ”backlight” anyway.) There is a wifi add-on board but it is absolutely not plug and play and those things are better accomplished with a laptop.

And speaking of laptops, consumer electronics have been used to commit crimes, film at 11. This is not new. This is just a cool implementation of decades old technology. Just like all the other computer crimes.

 

[Rich74]

Can you use this device to cut someone off when you are on the bus and there’s someone shouting their life history into their phone on a call but the whole bus can hear their conversation?

Asking for a friend…

 

[FreakinEurekan]

someone used something like this to get into my building, steal packages and break into my cars. caused thousands $$ of damage and weeks of not having cars because he busted the windows and damaged the doors. If I see someone with one of these, I may express my alternative personality.

Busted windows? How was Flipper used - tied to a brick?

 

[AiPone12mini]

Why would they remove the app?

One of fine examples of why sideloading is needed so company cannot dictate what you can and cannot install. Chinese people has been silenced by Apple as specific apps are banned in there that allow avoid censorship. Morale to everyone.

 

[Earendil]

One of fine examples of why sideloading is needed so company cannot dictate what you can and cannot install. Chinese people has been silenced by Apple as specific apps are banned in there that allow avoid censorship. Morale to everyone.

Do you mean silenced by the Chinese government, who has threatened Apple to play along just like every other company?

I’m not saying I’m happy about it, but let’s not pretend it’s Apple’s preferred course of action or their idea. The Chinese government is the one with the ban hammer causing censorship.

 

[dukeblue219]

How are people in good conscience defending this thing as "just a tool?" That's insane. It's not a normal tool of the trade like a screwdriver that can be misappropriated as a weapon. It's something designed to steal from, annoy, disrupt, or otherwise harm those deemed "not smart enough" to spend their lives building intricate security plans for their homes and property.

Regular people want to just go about their lives. They don't want to and shouldn't need to perform penetration testing on bike locks and car key fobs.

You guys talking about lock picking videos act like everyone has seen them and is now educated to buy better locks. Yeah, no. Most people don't have time or interest in watching YouTube videos or TikTok. They have jobs and kids and aging parents to care for.

This isn't a "tool" it's a crime-enabling device, and idiots posting that it's the victim's fault for not knowing better are nothing better than criminals themselves.

 

[FreakinEurekan]

How are people in good conscience defending this thing as "just a tool?" That's insane. It's not a normal tool of the trade like a screwdriver that can be misappropriated as a weapon. It's something designed to steal from, annoy, disrupt, or otherwise harm those deemed "not smart enough" to spend their lives building intricate security plans for their homes and property.

Regular people want to just go about their lives. They don't want to and shouldn't need to perform penetration testing on bike locks and car key fobs.

You guys talking about lock picking videos act like everyone has seen them and is now educated to buy better locks. Yeah, no. Most people don't have time or interest in watching YouTube videos or TikTok. They have jobs and kids and aging parents to care for.

This isn't a "tool" it's a crime-enabling device, and idiots posting that it's the victim's fault for not knowing better are nothing better than criminals themselves.

If you want to stick your head in the sand and ignore security weaknesses, go right ahead. Personally I'm glad these things are out there so that companies are forced to do what they should have done to begin with - secure their d@mn products.

 

[chevman]

Regardless of your philosophical stance on whether these things should exist/be sold in the first place, the moment you use one, you are likely in violation of multiple federal (and state/local) laws, so user beware.

The FCC does not f**k around and if you are in range of any part of the public internet or cellular infrastructure it is highly likely they will be able to pinpoint the source/location of the interference if they feel inclined.

Jammer Enforcement

***ALERT*** Federal law prohibits the operation, marketing, or sale of any type of jamming equipment, including devices that interfere with cellular and Personal Communication Services (PCS), police radar, Global Positioning Systems (GPS), and wireless networking services (Wi-Fi). "Jamming...

www.fcc.gov