It feels like it would also be helpful if advertisements were rate-limited (for example, if an advertisement is declined three times, don't show it again for another 24 hours).

Android has that feature.

As far as I know, this dialog is only supposed to pop up for password requestors in your contact list, your own devices (which have an Apple ID based signing credential that can be verified offline) etc., so this seems like an easy to fix bug on Apple's side rather than a conceptual weakness.

A simple solution: On the dialog for the Nth advertisement, also provide a "disable AirDrop for 1 hour" choice. If the user wanted to receive these again, they can re-enable AirDrop from Settings or the Control Center.

I love my little Flipper Zero. Comes in handy for all kinds of things. Recently copied my hotel keycard with it just in case I lost it.

Did the same at cedar point this weekend. The flipper zero is just a fun little gadget.

Yea I'd like to grab one literally to copy my garage keycard at work. I always forget and have to pay ridiculous rates in the city...

That's really neat, but on another level it's a shame that this is possible with so many keycards still.

At least for magnetic stripe keycards, you'd need actual physical access to the card for a second; with many contactless ones, a tap on somebody's wallet/pocket is enough.

Actually secure keycards only cost fractionally more; even classic Mifare (which has been thoroughly hacked) would offer better security than this.

It wasn't a very easy process. I had to scan my card for about 30 minutes and then I had to scan the card reader for a bit. It was impractical.

Interesting, do you happen to know what system that was? Sounds like an active attack of some sorts.

Sounds like something based on NXP Mifare Classic. You first try a dictionary attack against the fob (most readers use whatever default keys the vendor set), if that fails, you collect nonces by touching the flipper to a reader, calculate keys in the companion app on your phone, then add keys to the flipper's dictionary. The attacks are called darkside and nested.

most keycards/fobs are pretty secure and near impossible to copy (e.g. NXP Desfire based systems), others are easy to copy but copies can be detected (e.g. NXP Mifare Classic), it's mostly legacy RFID stuff that's trivial.

> it's mostly legacy RFID stuff that's trivial

I don't know what it's like globally, but around these parts it is way more common to encounter one of these "legacy" systems than any of the modern stuff. Many large campuses were early adopters of fob-based access and upgrades are prohibitively expensive.

One of my favourite attacks against the existing HID-card based systems is... once you scan a card, the 24-bit identifier is split between an 8-bit facility ID and a 16-bit card ID. If you encounter a door that won't open with the card you have, start decrementing the card ID; many of these places assigned card IDs sequentially and by trying smaller IDs you're trying cards for employees who have had longer tenure at the company.

Yeah, but so many hotels seem to use the legacy stuff.

Most keycards I've tested don't even register on my phone, meaning that they're using something pre-ISO-14443 (which very likely does not support any real cryptographic authentication).

> Anthony said that he devised an attack that can work over “thousands of feet,” using an “amplified board” ... Anthony said he is not releasing details of that technique “due to major concerns,” such as giving others the ability to send spam pop-ups “across vast distances, potentially spanning miles.”

Anthony must be the only person knowledgeable of analog electronics design on planet earth then. Security through ignorance.

Anthony actually has a sense of responsibility, which is commendable.

Lazy implementation meets overpriced gadget resulting in TC's boredom filter getting sabotaged? Pretty thrilling story line.

Why is it expensive tho? It seems to be this little bridge between digital and somewhat analogue world that you can use for many things. What price would you suggest? Or what alternative way is there to achieve things like this?

I'll buy one at some point :)

The problem with this particular hack is (like with many others where flipper zero is mentioned) that you might just use some 10 BLE micro controller to achieve the same thing.

Usually the things that were glued together in the flipper are never used together for a complex use case. Not sure about what Apple does here, though, so I might be wrong.

Anyway, the cases where you can employ IR, BLE, RFID and the flipper's custom radio in some useful combination seem to be rare and it usually always seems to make more sense to list the needed components for the hack instead of giving some folks finally a (destructive) use case for their expensively acquired gadget.

Of course the idea of delivering the solution as software/declaratively is the interesting part. But applications are rare and seldom new (at some point replaying your old garage door might only deliver so much long term motivation)

What about someone else's garage door? :D

It's just an STM32, display and a few radio modules. But with shipping and VAT it's around 250 euro. I imagine the component cost wouldn't be much higher than 50.

But the main issue isn't the component cost, it's just how much I'd pay for something like this. Here in Spain it's a lot of money. It's as much as my current smartphone cost.

This is why I was hoping for clones :)

The Lockheed's SAVI RFID tags were all historically 433mhz, and on every military shipping container...

There is no security for these tags, so if you can speak to them you can write to them... thus if you had a flipper, one could erase/fake payload on the tag...

The problem is that one doesnt know what the tag data corresponds to in the inventory systems - so the worst one may do is scramble all the tags such that a valid reader would never be able to determine what was in the containers... and one could use a flipper on a drone to fly over a supply bulk of containers and render finding supplies via RFID impossible - or one could copy and paste data from crates, thus making all reads wrong....

Ok but... please don't.

You can be an arsehole with a megaphone too if you want, but please don't be an arsehole.

It would be great if we lived in a world where "please don't" was an effective security strategy, but we do not, and Apple needs to fix this problem before it goes viral.

Wireless communications are inherently jammable. Where is the border between this and a bunch of microwaves jamming cell reception? I’m not saying Apple should not have done a better job in anti-spam measures, but “please don’t” is a basis for many nice things we have.

> Where is the border between this and a bunch of microwaves jamming cell reception?

One is hardware-based Denial-of-Service, and the other is software-based?

The main difference is the power requirement. Jamming wide band signals requires more power.

It's also generally against FCC regulations. Airdrop is not a regulated standard; it is entirely up to the implementing party to anticipate and mitigate abuse. The problems you're conflating are not the same, this Flipper Zero attack is entirely enabled by bad design. The explicit issue listed in the article is not inherent to the technology, it is inherent to Apple's vision for the Airdrop user story.

Jamming does not require much power. There are plenty of battery powered jammers available.

I dunno.. if we just assume everyone around us is gonna be an asshole then we can never have nice things. In order to be able to take the subway I'm willing to assume that not every person in the car is gonna blast their personal music preference at max volume. Yes it is possible for them to do that but that doesn't mean it's on me to invent super smart headphones to block that out. At some point, in some cases, "please don't" is in fact a valid security response.

This isn't a security issue though. It's just annoying. It also requires physical proximity.

We do live in a world where expecting people around you to not be arseholes is a reasonable strategy.

The only real difference here between this and people playing loud shitty music on their phones or whatever is that it's harder to locate the source.

...and shared on Hacker News.

What in this article is nonsense? It did a decent job of explaining that it needs to be compiled from a 3rd party firmware, how the attack works and a video of said attack.

I wasn't particularly appreciative of the phrasing in the opening sentence:

> Thanks to a popular and relatively cheap hacking tool, hackers can spam your iPhone with annoying pop-ups

Because it seems to place blame (possibly unintentionally) on "a popular and relatively cheap hacking tool" rather than "an individual's choice to annoy the shit out of others".

The article can be as nuanced as it wants but if the title calls the thing a "hacking device" that's a fair thing to criticize

Why? The flipper zero is a very specialised device made for playing with different wireless protocols. (And maybe some wired protocols too?)

I think it’s fair to characterise it as a “hacking device”. As long as we keep in mind that these specialised devices have legitimate uses also.

That’s what it is. It’s an affordable and available pen testing tool.

perhaps Flipper is hacking device, same as Hacker News is for hackers in general sense, not for computer security hackers

Flipper is not advertised as a "hacking" device.

I agree there are uses of the word hacker that don't mean to exploit, but the author here is not using the term in a positive sense. The author is clearly using it in the perjorative.

The only reason it isn't advertised as a hacking device is probably because of legal reasons.

Ok, we've taken the "hacking device" out of the title above.