52 points

I want one of these flipper devices but I’m sure I would get in a lot of trouble with it

permalink
report
reply
14 points

Just call yourself a tinkerer or a person doing security testing.

If you’re using it against other people, let them know.

permalink
report
parent
reply
3 points

Only if you get caught

permalink
report
parent
reply
8 points
*

If you use it only against your own devices, you’ll be perfectly fine.

permalink
report
parent
reply
28 points

If you cannot trust yourself, then do not provide yourself temptation

permalink
report
parent
reply
4 points

Mine arrives tomorrow c:

permalink
report
parent
reply
Deleted by creator
permalink
report
parent
reply
15 points

Why is this a thing?

permalink
report
reply
6 points

Because it’s cool and fun

permalink
report
parent
reply
61 points

Which one: the Flipper Zero, or the bluetooth spamming function?

Flipper Zero is a thing because it’s a very capable device for hackers and tinkerers. It can be used as an intro to coding and pen-testing.

The bluetooth spam is a thing because some dev is an asshole.

permalink
report
parent
reply
48 points

This is how we learn to make more secure software.

permalink
report
parent
reply
-7 points

What does the ven diagram of devs and assholes look like, I wonder?

permalink
report
parent
reply
9 points
Deleted by creator
permalink
report
parent
reply
5 points

Normal devs? Probably, like another commenter said, like anywhere else.

Flipper script writers? Probably a slightly higher ratio.

permalink
report
parent
reply
4 points

I saw one program that Rick rolled Bluetooth device lists.

permalink
report
parent
reply
Deleted by creator
permalink
report
parent
reply
1 point

You don’t need a laptop to do that, there’s a WiFi Dev Board for the Flipper.

permalink
report
parent
reply

More importantly, flipper Xtreme has a miku asset pack

permalink
report
reply
1 point

Keep your BT off unless actively using it?

permalink
report
reply
8 points

I almost always use it. For my smart band, PC notifications, wireless Android auto…

permalink
report
parent
reply
2 points

Well that’s a security vulnerability tbh

permalink
report
parent
reply
12 points

Ok, well I’m not going to stop using my fitness band or Android auto because I’m a paranoid person. Might as well never leave your home and never use any devices connected to the internet.

permalink
report
parent
reply
6 points

Looks like that’s an ineffective approach.

I commented elsewhere with an explanation and a bit of speculation. I did later confirm that even ‘disabling’ Bluetooth doesn’t stop the attack.

The attack method works even when Bluetooth has been disabled using airplane mode from the control panel, which may surprise you. In which case, you’ll be shocked to discover that disabling Bluetooth this way, erm, doesn’t. Instead, you’d need to disable it directly from your device settings or run your iPhone in Lockdown Mode to prevent these advertising pop-ups from being received.
Source

Assuming similar on Android, it’s possible, but not that easy toggle everyone knows about.

permalink
report
parent
reply
5 points
*

Correct both android and iOS don’t disable it unless manually done in BT settings.

As you walk around your BT gets tagged and they sell your data.

Think of a setting like a mall ;)

permalink
report
parent
reply
3 points
*
Deleted by creator
permalink
report
parent
reply
5 points
*

You should probably keep your wifi and bluetooth set to switch off automatically anyway, what with how much they’re used for tracking.

permalink
report
reply
5 points

Tracking my HR and steps via smartwatch!

permalink
report
parent
reply
24 points

Doesn’t work if you have Bluetooth devices on all the time (like a smartwatch or earbuds).

permalink
report
parent
reply
2 points

Earbuds aren’t on all the time, so you can enable when needed and set it to disable after a few min of activity.

I can see that smart watches might be a problem. They should perhaps use a dedicated protocol for always on devices like that.

permalink
report
parent
reply
6 points
*

I don’t know if turning off Bluetooth protects against flipper attacks (Edit: Nah.), but unless something has changed, it (sadly) doesn’t preserve your privacy.

It’s not really documented, as far as I can tell, but Bluetooth low energy stays on, even when you toggle Bluetooth off for both iOS and Android. As of iOS 15, even turning off iPhones means the phone is still trackable. (Unsure about Android on that front.) Apple’s ‘Find my’ network uses Bluetooth low energy, same as Bluetooth beacons.

Confused developers: one, two, three.

permalink
report
parent
reply
3 points

That sounds like disabling Bluetooth on iphones doesn’t disable Bluetooth LE. Sucks for iPhone users.

permalink
report
parent
reply
3 points

I mean, it sucks for everyone that can’t or don’t want to run homebrew OS’s.

The “One” link I shared above indicates the behavior became standard in Android 8 and iOS 11. They were released in August and September 2017, respectively.

permalink
report
parent
reply
Deleted by creator
permalink
report
parent
reply

Android

!android@lemdro.id

Create post

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id


💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it’s in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it’s not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website’s name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don’t post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities
Lemmy App List
Chat and More

Community stats

  • 1.5K

    Monthly active users

  • 2.8K

    Posts

  • 34K

    Comments