I wonder if I could get work to buy me one and claim that I'll use it for pen testing.
My coworkers would 100% definitely plug it in if they saw it lying around just to see what it was. They're real bad.
More importantly, flipper Xtreme has a miku asset pack
You should probably keep your wifi and bluetooth set to switch off automatically anyway, what with how much they're used for tracking.
Doesn't work if you have Bluetooth devices on all the time (like a smartwatch or earbuds).
Earbuds aren't on all the time, so you can enable when needed and set it to disable after a few min of activity.
I can see that smart watches might be a problem. They should perhaps use a dedicated protocol for always on devices like that.
I don’t know if turning off Bluetooth protects against flipper attacks (Edit: Nah.), but unless something has changed, it (sadly) doesn’t preserve your privacy.
It’s not really documented, as far as I can tell, but Bluetooth low energy stays on, even when you toggle Bluetooth off for both iOS and Android. As of iOS 15, even turning off iPhones means the phone is still trackable. (Unsure about Android on that front.) Apple’s ‘Find my’ network uses Bluetooth low energy, same as Bluetooth beacons.
That sounds like disabling Bluetooth on iphones doesn't disable Bluetooth LE. Sucks for iPhone users.
I mean, it sucks for everyone that can’t or don’t want to run homebrew OS’s.
The “One” link I shared above indicates the behavior became standard in Android 8 and iOS 11. They were released in August and September 2017, respectively.
Yeah I'd like to think AOSP doesn't have that flaw.
I almost always use it. For my smart band, PC notifications, wireless Android auto..
Well that's a security vulnerability tbh
Ok, well I'm not going to stop using my fitness band or Android auto because I'm a paranoid person. Might as well never leave your home and never use any devices connected to the internet.
Did somebody say you should?
DId somEbOdy SaY yOu sHouLd?
If you're not implying that, then your reply was pointless.
It wasn't pointless. It was to make you and others aware that, as the message said, its a security vulnerability, so that you can make an informed decision about whether you want to keep it on or not.
Right but your arguement of "well turn it off then" doesn't work. Because people need it to be on because they use it, because it's a useful technology.
There was no argument...
No one made that argument.
I want to keep it, otherwise all of my everyday devices become paperweights. Thanks.
Great, do it?
Already was.
Excellent. Thanks for letting us know.
Show us on the doll where the bad comment hurt you, boy.
What was the point of your comment then if not a veiled suggestion to turn it off?
This is an online discussion forum, the point of the comment was to educate the public about the downsides of having BT on at all times. I am not sure why @Polar got some butthurt about basic info sharing. If this info not relevant, move on... why spazz? People who care will act upon this info as they deem necessary.
Also, conflating informational comment with a call for action is immature, at best.
I didn't get butt hurt. I simply stated why I have Bluetooth on, and the devices I use require it, and knowing that information you told me it was a security concern.
Ok? And am I just supposed to sell my devices? Do you want me to turn my Bluetooth off so my device become useless? I don't understand the point of your comment.
Hey guys, eating can cause you to choke, it's a health concern. Better stop eating.
Looks like that’s an ineffective approach.
I commented elsewhere with an explanation and a bit of speculation. I did later confirm that even ‘disabling’ Bluetooth doesn’t stop the attack.
The attack method works even when Bluetooth has been disabled using airplane mode from the control panel, which may surprise you. In which case, you’ll be shocked to discover that disabling Bluetooth this way, erm, doesn’t. Instead, you’d need to disable it directly from your device settings or run your iPhone in Lockdown Mode to prevent these advertising pop-ups from being received. Source
Assuming similar on Android, it’s possible, but not that easy toggle everyone knows about.
Correct both android and iOS don't disable it unless manually done in BT settings.
As you walk around your BT gets tagged and they sell your data.
Think of a setting like a mall ;)
Depends which "Android" you're running. #GrapheneOS disables it completely.
I want one of these flipper devices but I’m sure I would get in a lot of trouble with it
If you cannot trust yourself, then do not provide yourself temptation
Just call yourself a tinkerer or a person doing security testing.
If you're using it against other people, let them know.
[This comment has been deleted by an automated system]
If you use it only against your own devices, you'll be perfectly fine.
Mine arrives tomorrow c:
Only if you get caught
Why is this a thing?
Which one: the Flipper Zero, or the bluetooth spamming function?
Flipper Zero is a thing because it's a very capable device for hackers and tinkerers. It can be used as an intro to coding and pen-testing.
The bluetooth spam is a thing because some dev is an asshole.
This is how we learn to make more secure software.
What does the ven diagram of devs and assholes look like, I wonder?
Normal devs? Probably, like another commenter said, like anywhere else.
Flipper script writers? Probably a slightly higher ratio.
Because it's cool and fun
I saw one program that Rick rolled Bluetooth device lists.
I wonder if I could get work to buy me one and claim that I'll use it for pen testing.
My coworkers would 100% definitely plug it in if they saw it lying around just to see what it was. They're real bad.
More importantly, flipper Xtreme has a miku asset pack
You should probably keep your wifi and bluetooth set to switch off automatically anyway, what with how much they're used for tracking.
Doesn't work if you have Bluetooth devices on all the time (like a smartwatch or earbuds).
Earbuds aren't on all the time, so you can enable when needed and set it to disable after a few min of activity.
I can see that smart watches might be a problem. They should perhaps use a dedicated protocol for always on devices like that.
I don’t know if turning off Bluetooth protects against flipper attacks (Edit: Nah.), but unless something has changed, it (sadly) doesn’t preserve your privacy.
It’s not really documented, as far as I can tell, but Bluetooth low energy stays on, even when you toggle Bluetooth off for both iOS and Android. As of iOS 15, even turning off iPhones means the phone is still trackable. (Unsure about Android on that front.) Apple’s ‘Find my’ network uses Bluetooth low energy, same as Bluetooth beacons.
Confused developers: one, two, three.
That sounds like disabling Bluetooth on iphones doesn't disable Bluetooth LE. Sucks for iPhone users.
I mean, it sucks for everyone that can’t or don’t want to run homebrew OS’s.
The “One” link I shared above indicates the behavior became standard in Android 8 and iOS 11. They were released in August and September 2017, respectively.
Yeah I'd like to think AOSP doesn't have that flaw.
Tracking my HR and steps via smartwatch!
Keep your BT off unless actively using it?
I almost always use it. For my smart band, PC notifications, wireless Android auto..
Well that's a security vulnerability tbh
Ok, well I'm not going to stop using my fitness band or Android auto because I'm a paranoid person. Might as well never leave your home and never use any devices connected to the internet.
Did somebody say you should?
DId somEbOdy SaY yOu sHouLd?
If you're not implying that, then your reply was pointless.
It wasn't pointless. It was to make you and others aware that, as the message said, its a security vulnerability, so that you can make an informed decision about whether you want to keep it on or not.
Right but your arguement of "well turn it off then" doesn't work. Because people need it to be on because they use it, because it's a useful technology.
There was no argument...
No one made that argument.
I want to keep it, otherwise all of my everyday devices become paperweights. Thanks.
Great, do it?
Already was.
Excellent. Thanks for letting us know.
Show us on the doll where the bad comment hurt you, boy.
What was the point of your comment then if not a veiled suggestion to turn it off?
This is an online discussion forum, the point of the comment was to educate the public about the downsides of having BT on at all times. I am not sure why @Polar got some butthurt about basic info sharing. If this info not relevant, move on... why spazz? People who care will act upon this info as they deem necessary.
Also, conflating informational comment with a call for action is immature, at best.
I didn't get butt hurt. I simply stated why I have Bluetooth on, and the devices I use require it, and knowing that information you told me it was a security concern.
Ok? And am I just supposed to sell my devices? Do you want me to turn my Bluetooth off so my device become useless? I don't understand the point of your comment.
Hey guys, eating can cause you to choke, it's a health concern. Better stop eating.
Looks like that’s an ineffective approach.
I commented elsewhere with an explanation and a bit of speculation. I did later confirm that even ‘disabling’ Bluetooth doesn’t stop the attack.
Assuming similar on Android, it’s possible, but not that easy toggle everyone knows about.
Correct both android and iOS don't disable it unless manually done in BT settings.
As you walk around your BT gets tagged and they sell your data.
Think of a setting like a mall ;)
Depends which "Android" you're running. #GrapheneOS disables it completely.