A better title might be "Apple fixes iOS bug that would let a single Flipper Zero perform Denial of Service attacks against every iPhone in it's radius."

i prefer "Gizmodo sensationalizes Apple bug fix by naming FlipperZero"

Seriously. What a generous title.

More like "Apple patches easily exploitable bug after two years."

Actually yeah, I vote for this one.

If you don’t know beforehand what “Flipper Zero” is, you can also see it as disingenuous towards Apple (“Big Evil Apple harassed another small company”, rather than “Apple fixed a security issue”)

I don't know why the title even mentions the flipper.

The attack can be done from any device that can send crafted BLE packets including laptops/android phones, etc.

Apple just fixed a BLE DOS attack.

Right exactly what I was thinking. It’s just weird that it was worded with the vibe of:

“Apple defeated a nefarious adversary for the good of mankind. Thank you Tim Apple!”

I’m not an Apple hater, don’t get me wrong. I’m writing this from my iPhone. I guess I’m just finally starting to get a little bothered by the ring kissing stuff that has to be done to remain on the FAANG+ allow list.

I’ve started using ChatGPT to summarize the articles for me more and more lately. So this will be less and less of an issue for me once I find a way to do it more reliably.

Better title: "Apple fixes BLE DOS attack".

I'm tired of media acting like the flipper is some kind of "super special hacking tool", it is very literally getting it banned in some places when all of it's internals are easy and common radios (Not to knock the flipper, it is conveniently well packaged).

You just needed to be able to send crafted BLE packets, this attack doesn't have anything specific to the flipper at all.

It didn't even originate on the flipper: https://github.com/ECTO-1A/AppleJuice

> To run these scripts you need a Linux machine with an internal Bluetooth card or a USB Bluetooth adapter.

Versions also exist that run on the ESP32, android, etc.

Portable devices like the Flipper make it very easy to distribute working RF-layer exploits that don’t get hung up on all the non-standard hardware in phones and laptops. And frankly, that’s a good thing! Because manufacturers have, for some reason, decided that if there’s a radio-layer protocol involved somehow they’ll be protected by the obscurity of it. The Flipper lets devs turn those vulns into push-button exploits, which is finally inspiring companies to clean up the crapware in those stacks. (And I bet there is scarier stuff in there that researchers just haven’t found yet.)

Is this really a battle worth picking? Many friends and coworkers are going to bring up the Flipper to you in passing conversation, might as well get used to it.

In my opinion, yeah. If anyone tries to deify or demonize the concept of a Flipper, you just remind them that everyone has a smartphone with even wilder SDR capabilities. The biggest difference is that the Flipper is weak hardware with wide-open software, and your smartphone is strong hardware with weak-ass software configuration.

Reminding people of that is important, even if you don't think the FCC is about to change their mind. Crucify us for being a nerd if you must, but someone has to be the voice of reason and point out that the Flipper is the most optional part of the exploit.

yes, and people shouldnt accept the media do what should be considered grossly lying. and dont forget, they do this, or whats way worse, to EVERY SINGLE article. You know about this because you're in this sphere, but when its about farm animals, you may or may not know, and then people tend to eat it up.

The mainstream media as it is now, and probably has been for a very very long time, is an enemy of the people, and should be treated accordingly

It's like FireSheep. Session hijacking wasn't new but it made easy and something anyone could do.

shoot the messenger.

since you have stocks of the billion dollar message

> since you have stocks of the billion dollar message

I have no idea what you mean by this?

Are you saying I'm defending apple somehow?

Because my point is nearly every phone/laptop could pull off this attack, not just a single "special hacking device". Which I think is worse for them.

Weeks after defcon, I saw they had a job listing asking for someone with Bluetooth experience and experience preventing denial of service attacks. Sounds like they finally hired someone that knew what was going on here.

It's wild that they'd hire someone to fix one very specific issue.

I guess that's what you get when you can just throw gobs of money at a problem.

Does someone scrape and analyse Apple's job postings simply to make guesses about what's going internally?

I’d be surprised if there weren’t multiple independent teams doing this type of work across the entire NYSE/NASDAQ.

Yes, but it also encourages orgs to put up/keep up non-existent job postings to look like they’re growing/expanding.

it's like kind of shocking that an org as large as apple would need to hire externally for fixing a security bug in existing stuff

I know that some tech journalists do it.

I love how cheap those CC1101 are! How come they are not more widespread?!

https://jlcpcb.com/partdetail/TexasInstruments-CC1101RGPR/C2...

Spamming at 2.4GHz is boring.

I'm wondering what interesting things you can do with the flipper zero beside shutting off phones and TV ?

You could use it as a universal Amiibo for the Nintendo Switch or as a backup garage door opener.