Flipper Zero

While unlocking vehicles with smartphone apps rather than physical keys offers significant convenience benefits, it also significantly expands the attack surface.

Security researchers have discovered a method that uses a $169 Flipper Zero device to deceive Tesla owners into relinquishing control of their cars to a malicious third party, enabling the vehicle to be unlocked and even driven away.

Researchers Tommy Mysk and Talal Haj Bakry of Mysk Inc have devised a method for fooling a Tesla owner into handing over their vehicle's login credentials: An attacker would use the Flipper Zero and a Wi-Fi development board to broadcast a fake Tesla guest Wi-Fi network login page -- "Tesla Guest" is the name given to Wi-Fi networks at service centers -- and then use those credentials to log into the owner's account and create new virtual "keys" to the car.

Everything that the owner enters into the fake login page -- username, password, and two-factor authentication code -- is captured and displayed on the Flipper Zero.

Here's a walkthrough of the process.

https://yewtu.be/watch?v=7IBg5uNB7is

This attack also bypasses the two-factor authentication because the fake Tesla guest Wi-Fi network login page requests the two-factor authentication code that the attacker then uses to access the account. This does mean that the hacker has to work fast, and be able to request and then subsequently use that code rapidly to be able to access the account.

Will the physical keycard that Tesla supplied you protect you from this attack? According to the user manual, it should, because this "key card is used to 'authenticate' phone keys to work with Model 3 and to add or remove other keys." But, according to Mysk, this is not the case.

Mysk said it approached Tesla for comment on this vulnerability and was told that the company had "investigated and determined that this is the intended behavior," which is worrying.

Mysk recommends that Tesla should make it mandatory to use the key card to create new keys in the app, and that owners should be notified when new keys are created.

While Mysk and Bakry are using a Flipper Zero here, there are plenty of other tools that could be used to carry out this attack, such as a Wi-Fi Pineapple or Wi-Fi Nugget.

We're excited to announce the Video Game Module, our new product developed in collaboration with Raspberry Pi! The module is powered by the first chip designed by Raspberry Pi—the RP2040 microcontroller, the same as in the Raspberry Pi Pico board.

Apple has finally closed off the ability of the Flipper Zero pen-testing tool to flood iPhones with so many popups that the handset would lock up and require a reboot.

The attack required a Flipper Zero running the Xtreme third-party firmware. Then, using the built-in BLE Spam app, the Flipper Zero could cause a flurry of popups to appear on an iPhone, eventually resulting in iOS locking up.

Put another way, it could perform a denial of service (DoS) attack on any and all iPhones within a 30-foot radius of the attacker.

The Flipper Zero app could also be used to target Android and Windows devices, although with less extreme results.

Well, this trick has come to an end with iOS 17.2. ZDNET has pitted the latest Xtreme firmware on the Flipper Zero against iPhones running iOS 17.2, and it seems that Apple has put a mechanism in place to prevent popups flooding the devices.

While a few popups do still appear, which is annoying and could cause some users confusion, the neverending stream that would deluge the iPhone has been cut off.

The Flipper Zero can do a lot, but I wasn't expecting it to be able to be able to lock up an iPhone using nothing more than Bluetooth.

But it turns out it can do just that.

Now, you can't do this with a stock Flipper Zero. If you want to test this out, you'll need to have a Flipper Zero and then load an early developer build of Xtreme third-party firmware onto it.

From there it's a matter of firing up an app called Apple BLE Spam and choosing an attack called Lockup Crash.

And it does exactly what it says in the name – it'll lock up and crash the iPhone.

Basically, it performs a denial of service (DoS) attack on iPhones.

ZDNET has tested this and can confirm that it can lock up an iPhone running the latest iOS 17.0.3. The issue does not appear to affect iPhones running iOS 16.

Also: If you like your Flipper Zero, then you'll love this

But the Apple BLE Spam app can do more. It can also initiate an array of pairing attacks that are more spammy than causing crashes, but are still annoying to the iPhone user, and at this point it's unclear if they could be crafted into a different attack.

Oscilloscope application - apply signal to pin 16/PC0, with a voltage ranging from 0V to 2.5V and ground to pin 18/GND.

I was thinking..

When Flipper can write saved NFC scans is there anything like a simple ring with writable nfc chip inside?

Cause there wouldn't be need for apple/android pay when I can simple copy my debit card nfc chip, write it on another chip (in this case in a ring) and pay by waving my hand and occasionally using pin like normally with debit card.

No need for apple or google to know all about my purchases..

cross-posted from: https://lemmy.dbzer0.com/post/1865979

Subject says all. Wondering if it can only be purchased online or if it’s sold in shops anywhere.

Curious if it's mature enough to make some coin from use

please join for more fun

It should be noted that the new app install feature seems to only work for the official firmware for now.

I was just thinking about creating a community for the Flipper, until I found this place. Out of curiosity, what (if any) is this community’s stance on discussion of alternative firmwares? I ask this because channels linked to the official Flipper Zero team are known to discourage talking about any CFW at all, and some communities dedicated to a particular firmware are quite defensive when it comes to saying bad things about them, or recommending alternatives.

My ideal Flipper community would allow free discussion of the various firmwares out there, but would not tolerate flaming/hate towards firmware developers.

Having trouble scanning a Keri fob. The following posts on reddit show other people having trouble, but some suggest that it's possible.

Reddit posts:

Why is Flipper not able to read/detect Keri key fobs?

Keri Key Cards.. finally got one to read

Anyone have any tips for reading Keri fobs? Is there a suggested firmware?

A collection of Awesome resources for the Flipper Zero device