Because operating systems are rather naive when it comes to responding to wireless signals. There was an earlier module that would spam iCloud popups and WiFi popups for iOS, and you can open Tesla charging port covers with this thing as well.
When operating systems find a new device in setup mode, they assume you want to connect to it, because that makes setup so easy. It’s how you can “magically” pair headphones you just unboxed with just one button. Great idea, but anyone can send those kinds of packets, including smartphone apps on some platform.
Barring that, you can also use it to automate someone hitting “connect” on a known device a million times, causing constant popups asking whether to trust device X. You don’t need a flipper to do this either.
In a quest to make Bluetooth easier and more magical, OS developers have ignored the possibility that someone is being a nuisance, and now people are upset that someone can spam them. For Apple and their proprietary stuff there’s a way to partially mitigate this (sign and verify device requests for a GUI popup, maybe add a silent notification for other vendors or add their secure chain to the list) which will work until someone extracts their key from their device. For Google and Microsoft, that’ll be harder to accomplish, and the disruptiveness of the UI has to be reduced to mitigate this.
In practice, though, I don’t think this is that much of a problem. There aren’t that many trolls out there in the physical world. You can do way worse than this with a laptop and some quickly thrown together Python code, like extracting the WiFi details from active scan packets phones just send out, geolocating that using public databases, and sending a single pair request stating “I know you live at X street”; people will find that scary rather than annoying.
Because operating systems are rather naive when it comes to responding to wireless signals. There was an earlier module that would spam iCloud popups and WiFi popups for iOS, and you can open Tesla charging port covers with this thing as well.
When operating systems find a new device in setup mode, they assume you want to connect to it, because that makes setup so easy. It’s how you can “magically” pair headphones you just unboxed with just one button. Great idea, but anyone can send those kinds of packets, including smartphone apps on some platform.
Barring that, you can also use it to automate someone hitting “connect” on a known device a million times, causing constant popups asking whether to trust device X. You don’t need a flipper to do this either.
In a quest to make Bluetooth easier and more magical, OS developers have ignored the possibility that someone is being a nuisance, and now people are upset that someone can spam them. For Apple and their proprietary stuff there’s a way to partially mitigate this (sign and verify device requests for a GUI popup, maybe add a silent notification for other vendors or add their secure chain to the list) which will work until someone extracts their key from their device. For Google and Microsoft, that’ll be harder to accomplish, and the disruptiveness of the UI has to be reduced to mitigate this.
In practice, though, I don’t think this is that much of a problem. There aren’t that many trolls out there in the physical world. You can do way worse than this with a laptop and some quickly thrown together Python code, like extracting the WiFi details from active scan packets phones just send out, geolocating that using public databases, and sending a single pair request stating “I know you live at X street”; people will find that scary rather than annoying.
You don’t need a laptop to do that, there’s a WiFi Dev Board for the Flipper.