Parsing arbitrary attacker provided data on the other hand is hard. I would guess the there’s an incorrect assumption that Bluetooth (and similar) radios are legitimate fcc approved hardware that isn’t actively malicious. I would suspect that if people put any thought into it they could do similar to any other Bluetooth device.
As the article notes, there is a simple way to stop this attack, which is to disable bluetooth. I already do that by default.
You are more concerned with someone opening your iPhone and putting a replacement malicious part than with someone pwning your iPhone with a $5 wireless device while in his car just driving by ?
Your threat model is upside down.
Also note that I specified I'm more concerned with verification of trusted hardware on my own device. Because the repercussions of malicious hardware implanted in my own device cannot be mitigated purely in software. Whereas verifying the integrity of an external device inherently depends solely on software, since there is no hardware interaction. I'm still concerned about it, in the sense that I'd like my OS to take best efforts to only "trust" external devices insofar as it can verify they're trustable, but I also accept that those devices are outside of my control and so any protocol for trusting them will have holes in it. My main requirement is that I should be able to opt out of the system if possible (by e.g. disabling bluetooth).
> there is a simple way to stop this attack, which is to disable bluetooth
This doesn't work, I've already tried it with my iPhone and a friend's Flipper.
I feel like you’re giving it an unfair shake. They didn’t just _build a toy_ those of us who originally supported through kickstarter saw a huge chunk of the work that went into building this device, the flipper team (10ish people?) has and continues to overcome so many crazy things (Covid, chips, supply chains, shipping) just to have the flipper device available world wide. The dev/modding community behind it is pretty amazing.
Full disclosure I was a very early backer. I have used my Flipper for fun and business. I can’t think of any other $120 _toy_ I use as much. Maybe I’m biased, and took your comment out of context.
It comes with a tamagotchi in the stock firmware so it's hard not seeing it as a device for fun and whimsy aka a toy.
In calling it a toy, I'm saying it's a B2C product, neatly packaged up with few sharp edges. It has an easy to use app. I don't have to dig deep into some cross-compiler setup to build firmware for it. Professional HW dev should be so easy!
My underlying point was that the Wired article and subsequent press has launched the product far further than originally thought.
Why does the word toy connotate so negatively for you?
In some countries for some age-groups it is implied that only children play with toys. Equating the use of it, to be someone who is a child.
While you can't control interpretation of the word, you're now aware of its connotations in certain cultures and how you can be interpreted. The burden of its possible misuse is now on you.
Otherwise haven't found any use for it. I wanted to use it to clone my garage remote but couldn't get it to work.
After purchasing a new apartment, I almost immediately made a backup of the wireless garage key and the RFID intercom key.
