top | item 41691198

(no title)

I feel like every time this device shows up I need to yell from the rooftops how dangerous(and illegal) some of the wifi and Bluetooth attacks can be. Even if it's totally baffling WHY any safety critical devices including industrial cranes and pacemakers have consumer radios in them, that doesn't make you less responsible when you crash tons of metal into someones skull or stop someone's heart.

Cool device, and I'm not saying it should be illegal or anything, but I've met people who have zero clue with these devices and it's a bit scary.

discuss

crest|1 year ago

"… or stop someone's heart." Please give an example of a pacemaker that is known to (potentially) kill the patient if the WiFi/Bluetooth is unavailable for a few minutes. I know that some modern medical devices use 2.4GHz radios for uploading telemetry, self service interfaces, etc. If such a device really exists the manufacturer should be held liable for putting a dangerous, defective product on the market.

wpm|1 year ago

Which pacemakers rely on ISM band communications to work?

Not doubting you (M in ISM stands for Medical, after all), just curious how it works to get from messing around on 2.4GHz to someone's ticker stopping.

Given how much of a soup ISM is already I don't know if I'd want someone's ancient cordless phone, stupid "hacker" toy, or my microwave stopping my heart.

unknown|1 year ago

[deleted]

idunnoman1222|1 year ago

What is a consumer radio? Radios follow the laws of physics.

gjsman-1000|1 year ago

[deleted]

schmichael|1 year ago

Why send agents with flipper zeros when American consumers willingly buy millions of consumer electronics from China every year that could be part of a supply chain attack?

It’s really bizarre that you bring up physical border security when Israel just demonstrated that’s not at all necessary.

aftbit|1 year ago

It is certainly possible for a small group to cause disproportionate harm. Physical access is a powerful tool.

Then again, what is worse than a small group who hates? A large group who doesn't care.

morpheuskafka|1 year ago

> 2M+ illegal crossings every year from a country that hates us

Huh? Since when does Mexico hate America? Many Mexicans like visiting America for shopping and sightseeing, which is why over 2.3M were issued visitor visas in 2023 alone. Mexicans living in American tend to be very hardworking and friendly. Also, I thought most of the people crossing illegally are originally coming from points south of Mexico?

aftbit|1 year ago

Yeah but less scary than a teenager driving a car.

aftbit|1 year ago

Hmm I wonder why the downvotes? Maybe people felt this did not add enough to the discussion. Let me try again with more words.

I am pointing out that the world is full of risk. Under-prepared kids with half-developed prefrontal cortexes driving cars is a risk that we accept in exchange for the societal good that comes from reliable access to fast transportation. Poorly considered knock-knock attacks on pacemakers is a risk that we can choose to accept in exchange for the societal good that comes from the freedom to create and market security testing devices to the masses.

In other words, as I've said before, don't blame the tools, blame the humans, and expect some eggs to get broken along the way. The goal should not be zero risk, as that's unobtainable and leads to warped priorities and dangerous decisions.

thorwaway48583|1 year ago

The responsibility remains squarely with the people who developed these devices and the people who give it FCC approval.

Devices shouldn’t malfunction and handle interference gracefully. It is an FCC certification requirement and that requirement includes any interference.

CJefferson|1 year ago

I don’t think that is either legally, or morally, true.

Sure, it would be better if devices weren’t broken by attack attempts, but if you are purposefully trying to attack something, you are to blame for your attack succeeding?

jsheard|1 year ago

A device may be required to not malfunction due to interference, but it can't be required to function in the presence of interference because that's a technical impossibility if the interference is strong enough to overpower the intended signal. That's why there are laws which say that if you use something like the Flipper as an RF jammer (which is possible with custom firmware) then angry feds might show up at your house.

wpm|1 year ago

These devices do have FCC approval. It is why I can't send a garage door opener signal from my Flipper on the 315MHz band, because in the US, that isn't spectrum allocated to my fucking-about. I get a little message when I click send that says so.

All devices can be modified after the fact. Whether a manufacturer makes it easy, in the case of Flipper Zero, or hard, in the case of many other devices, to modify and install custom firmware that breaks FCC approvals, that lets it broadcast in frequencies it was not approved for, and allow the user to attack certain systems, is not really the manufacturers problem, anymore than Apple selling me a laptop I write malicious code on is Apple's fault, or the manufacturer of an IR blaster being responsible for me using it to mess with the TVs at the sports bar, or the Raspberry Pi Foundation for creating a device with a WiFi chipset that can be used to run deauth attacks, or the generic FM transmitter I could hardware hack to interfere with all sorts of stuff, or the RTL-SDR...or the ad infinitum