Because operating systems are rather naive when it comes to responding to wireless signals. There was an earlier module that would spam iCloud popups and WiFi popups for iOS, and you can open Tesla charging port covers with this thing as well.
When operating systems find a new device in setup mode, they assume you want to connect to it, because that makes setup so easy. It’s how you can “magically” pair headphones you just unboxed with just one button. Great idea, but anyone can send those kinds of packets, including smartphone apps on some platform.
Barring that, you can also use it to automate someone hitting “connect” on a known device a million times, causing constant popups asking whether to trust device X. You don’t need a flipper to do this either.
In a quest to make Bluetooth easier and more magical, OS developers have ignored the possibility that someone is being a nuisance, and now people are upset that someone can spam them. For Apple and their proprietary stuff there’s a way to partially mitigate this (sign and verify device requests for a GUI popup, maybe add a silent notification for other vendors or add their secure chain to the list) which will work until someone extracts their key from their device. For Google and Microsoft, that’ll be harder to accomplish, and the disruptiveness of the UI has to be reduced to mitigate this.
In practice, though, I don’t think this is that much of a problem. There aren’t that many trolls out there in the physical world. You can do way worse than this with a laptop and some quickly thrown together Python code, like extracting the WiFi details from active scan packets phones just send out, geolocating that using public databases, and sending a single pair request stating “I know you live at X street”; people will find that scary rather than annoying.
Why is this a thing?
Which one: the Flipper Zero, or the bluetooth spamming function?
Flipper Zero is a thing because it’s a very capable device for hackers and tinkerers. It can be used as an intro to coding and pen-testing.
The bluetooth spam is a thing because some dev is an asshole.
This is how we learn to make more secure software.
What does the ven diagram of devs and assholes look like, I wonder?
deleted by creator
Normal devs? Probably, like another commenter said, like anywhere else.
Flipper script writers? Probably a slightly higher ratio.
Lol
deleted by creator
Because operating systems are rather naive when it comes to responding to wireless signals. There was an earlier module that would spam iCloud popups and WiFi popups for iOS, and you can open Tesla charging port covers with this thing as well.
When operating systems find a new device in setup mode, they assume you want to connect to it, because that makes setup so easy. It’s how you can “magically” pair headphones you just unboxed with just one button. Great idea, but anyone can send those kinds of packets, including smartphone apps on some platform.
Barring that, you can also use it to automate someone hitting “connect” on a known device a million times, causing constant popups asking whether to trust device X. You don’t need a flipper to do this either.
In a quest to make Bluetooth easier and more magical, OS developers have ignored the possibility that someone is being a nuisance, and now people are upset that someone can spam them. For Apple and their proprietary stuff there’s a way to partially mitigate this (sign and verify device requests for a GUI popup, maybe add a silent notification for other vendors or add their secure chain to the list) which will work until someone extracts their key from their device. For Google and Microsoft, that’ll be harder to accomplish, and the disruptiveness of the UI has to be reduced to mitigate this.
In practice, though, I don’t think this is that much of a problem. There aren’t that many trolls out there in the physical world. You can do way worse than this with a laptop and some quickly thrown together Python code, like extracting the WiFi details from active scan packets phones just send out, geolocating that using public databases, and sending a single pair request stating “I know you live at X street”; people will find that scary rather than annoying.
You don’t need a laptop to do that, there’s a WiFi Dev Board for the Flipper.
Because it’s cool and fun
I saw one program that Rick rolled Bluetooth device lists.