My flipper zero is still en route, so I can't say for sure, but my reading of
radio specs and capabilities is that anything subject to "attack" by the FZ is
badly designed or incorrectly implemented.
This is not to say that people don't do questionable things with it, but as a
long time subscriber to 2600 magazine ("The Hacker Quarterly"), I can tell you
the vast majority of those things were happening for at least a decade before
the FZ came on the scene.
On March 8, 2024 3:19:26 p.m. CST, "(-Phil-) via EV" <ev@lists.evdl.org> wrote:
>This is a very low probability vulnerability. Obviously always be careful
>where you enter credentials.
>
>On Fri, Mar 8, 2024 at 1:14 PM Robert Johnston via EV <ev@lists.evdl.org>
>wrote:
>
>> It's a common man-in-the-middle attack, and you don't need a Flipper Zero
>> to do it, any PC, laptop, even a cellphone could do the same. See also:
>> Phishing attacks at coffee shops and the like.
>>
>> On Fri, 8 Mar 2024 at 13:57, EV List Lackey via EV <ev@lists.evdl.org>
>> wrote:
>>
>> > The subject line is a bit frivilous, but actually I guess that this is
>> > potentially serious.
>> >
>> > -----
>> >
>> > "Security researchers report they uncovered a design flaw that let them
>> > hijack a Tesla using a Flipper Zero, a controversial $169 hacking tool
>> ...
>> >
>> > "Using a Flipper, the researchers set up a WiFi network called 'Tesla
>> > Guest,' the name Tesla uses for its guest networks at service centers ...
>> >
>> > "[The thief] could broadcast the network near a charging station, where a
>> > bored driver might be looking for entertainment. The victim connects to
>> > the
>> > WiFi network and enters their username and password on the fake Tesla
>> > website. The [thief] then uses the credentials to log in to the real
>> Tesla
>> > app, which triggers a two-factor authentication code. The victim enters
>> > that
>> > code into the fake website, and the thief gains access to their account.
>> > Once you´re logged into the Tesla app, you can set up a "phone key" which
>> > lets you unlock and control the car over Bluetooth with a smartphone.
>> From
>> > there, the car is yours."
>> >
>> > Yikes.
>> >
>> > Full story:
>> >
>> > https://jalopnik.com/want-to-steal-a-tesla-try-using-a-flipper-zero-
>> > 1851316625
>> >
>> > Or https://v.gd/FPzvOL
>> >
>> > David Roden, EVDL moderator & general lackey
>> >
>> > To reach me, don't reply to this message; I won't get it. Use my
>> > offlist address here : http://evdl.org/help/index.html#supt
>> >
>> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
>> >
>> > I asked a man in prison once how he happened to be there and
>> > he said he had stolen a pair of shoes. I told him if he had
>> > stolen a railroad he would be a United States Senator.
>> >
>> > -- Mary Harris Jones
>> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
>> >
>> > _______________________________________________
>> > Address messages to ev@lists.evdl.org
>> > No other addresses in TO and CC fields
>> > HELP: http://www.evdl.org/help/
>> >
>> >
>>
>> --
>> Robert "Anaerin" Johnston
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://lists.evdl.org/private.cgi/ev-evdl.org/attachments/20240308/0f5f199c/attachment.htm
>> >
>> _______________________________________________
>> Address messages to ev@lists.evdl.org
>> No other addresses in TO and CC fields
>> HELP: http://www.evdl.org/help/
>>
>>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
><http://lists.evdl.org/private.cgi/ev-evdl.org/attachments/20240308/0669496c/attachment.htm>
>_______________________________________________
>Address messages to ev@lists.evdl.org
>No other addresses in TO and CC fields
>HELP: http://www.evdl.org/help/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.evdl.org/private.cgi/ev-evdl.org/attachments/20240308/87132897/attachment.htm>
_______________________________________________
Address messages to ev@lists.evdl.org
No other addresses in TO and CC fields
HELP: http://www.evdl.org/help/
