One morning two weeks ago, security researcher Jeroen van der Ham was traveling by train in the Netherlands when his iPhone suddenly displayed a series of pop-ups making it almost impossible to use his device.
“My phone would get these pop-ups every few minutes and then my phone would restart,” he wrote to Ars in an online interview. “I tried putting it in lock mode, but that didn’t help.”
To van der Ham’s surprise and chagrin, the same debilitating flood of pop-ups struck again on the afternoon drive home, not only against his iPhone but those of other passengers in the same wagon. He then noticed that one of the same passengers nearby was also there that morning. Van der Ham put two and two together and pointed to the passenger as the culprit.
“He was happily working on some sort of app on his Macbook, had his own iPhone connected via USB so he could continue working while all around him Apple devices were rebooting and he wasn’t even paying attention to what was happening. was happening,” he said. said. “Your phone becomes almost unusable. You can always do things in between for a few minutes, so it’s really annoying to experience. Even as a security researcher who has heard about this attack, it’s really hard to realize that this is what’s happening.”
“The template is in place”
It turned out that the culprit was using a Flipper Zero device to send Bluetooth pairing requests to all iPhones within radio range. This thin and light device has been available since 2020, but in recent months it has become much more visible. It acts like a Swiss army knife for all kinds of wireless communications. It can interact with radio signals including RFID, NFC, Bluetooth, Wi-Fi or standard radio. People can use it to secretly change channels on a TV in a bar, clone certain hotel key cards, read the RFID chip implanted in pets, open and close certain garage doors and disrupt the normal use of iPhones.
These types of hacks have been possible for decades, but they require special equipment and significant expertise. The capabilities typically required expensive SDRs (short for software-defined radios) which, unlike traditional hardware-defined radios, use firmware and processors to digitally recreate radio signal transmissions and receptions. The $200 Flipper Zero isn’t a full-fledged SDR, but as a software-controlled radio it can do many of the same things at an affordable price and with a much more convenient form factor than previous generations of SDR.
“The problem is over: software radios have made previously inaccessible attacks accessible to many more people than before, and work on them will continue,” wrote Dan Guido, CEO of security firm Trail of Bits, in an interview. “People with a casual interest in technology can now easily clone most hotel or office access cards. They don’t need any knowledge of signals and don’t need to play with open source or Linux code. (This) permanently democratizes some once-complex RF (radio frequency) hacking into the hands of mere mortals.
Manufacturer Flipper Zero touts the device as a “portable multi-tool for pentesters and geeks” suitable for hacking radio protocols and building access control systems, troubleshooting hardware, cloning key cards electronics and RFID cards, and for use as a universal remote control for televisions. . Its open source design allows users to flash the device with custom firmware to benefit from new features.
Some of the device specifications include:
- 1.4-inch monochrome LCD screen
- GPIO pins for connecting external hardware which greatly expands its capabilities
- USB-C port for power and firmware update
- micro SD card slot
- Infrared transceiver
- Antenna below 1 GHz
- TI CC1101 chip
- 1-wire pogo pin for reading ignition keys
- 2000 mAh battery
- Low consumption microcontroller
- ARM Cortex-M4 32-bit 64 MHz (application processor)
- ARM Cortex-M0+ 32-bit 32 MHz (radio processor)
“The idea of Flipper Zero is to combine all the hardware tools you would need for exploration and development on the go,” the manufacturer wrote. “Flipper was inspired by the pwnagotchi project, but unlike other DIY boards, Flipper is designed with the convenience of everyday use in mind: it has a sturdy casing, practical buttons and a shape, so There are no dirty PCBs or scratched pins.”