←back to thread

Show HN: FlopperZiro – A DIY open-source Flipper Zero clone

(github.com)
353 points iraton | 6 comments | 09 Jul 25 17:34 UTC | HN request time: 1.518s | source | bottom
1. voidUpdate ◴[10 Jul 25 07:22 UTC] No.44518259[source]
> Read rf signal and emulate it or save it

I assume it checks that you actually have the licensing requirements to be transmitting on whatever frequency?

replies(1): >>44519042 #
2. diggan ◴[10 Jul 25 09:28 UTC] No.44519042[source]
Why not assume people are responsible for following their local laws instead? They're not selling anything, so kind of feels it has to fall on the user, not the person who shares a thing.
replies(1): >>44519209 #
3. voidUpdate ◴[10 Jul 25 09:53 UTC] No.44519209[source]
Because people obviously cant be trusted to follow their local laws when using flipper zero-esque devices https://www.bleepingcomputer.com/news/security/wall-of-flipp...
replies(1): >>44519372 #
4. diggan ◴[10 Jul 25 10:25 UTC] No.44519372{3}[source]
People ignoring laws isn't a new thing, does that mean things that could potentially be used for illegal things should be outright outlawed?

That article you shared seems to say the problem is bigger than the used hardware even:

> Soon after, developer Simon Dankelmann ported the attack to an Android app, allowing people to launch Bluetooth spam attacks without needing a Flipper Zero.

How do you solve that without outlawing Android devices?

> People using Bluetooth-enabled hearing aids and heart rate monitoring tools also reported disruption, which could put their well-being at risk.

This is probably the most bananas part of that article, and it's great that they managed to find these issues in relatively trivial conditions, since the company's own testing apparently doesn't include very basic security checks. If those devices are failing when they aren't connected to the main device, what makes these companies even remotely suitable for building critical devices like that?

Who knows how long time it would take to discover these security issues with medical devices if people weren't able to prototype these sort of attacks at home?

replies(1): >>44521437 #
5. voidUpdate ◴[10 Jul 25 14:22 UTC] No.44521437{4}[source]
The bluetooth-enabled devices are failing to connect to their devices because of deauth attacks. If you know how to prevent that, I'm sure they'd be happy to implement a fix
replies(1): >>44522093 #
6. diggan ◴[10 Jul 25 15:28 UTC] No.44522093{5}[source]
> The bluetooth-enabled devices are failing to connect to their devices

And that happens in lots of other cases too, when it's too far away, out of battery, damaged, does that mean their vital health devices stop working if that's happening? Sounds like they need to work on reliability if that was true.