750
you are viewing a single comment's thread
view the rest of the comments
[-] cheet@infosec.pub 141 points 9 months ago

Im a security professional who works to harden medical devices. I use the flipper zero to easily test many different protocols that would be a pain in the ass to do "manually".

The flipper makes it easy for me to verify IR, sub GHz, USB, SPI, and many other protocols while being able to walk around the devices I test.

Without the flipper I could totally do these checks with homebrew tools, a pi and an rtlsdr (unless thats gonna be illegal too?) But it would take me writing new tools and procedures rather than the ease of the flipper.

Anybody in the know can tell you that the hardware isn't anything special, and like many others have said, its like making a swiss army knife illegal cause the toothpick can be used to pick a lock.

This isn't gonna stop anybody, if pentest tools are showing flaws in your product, maybe we should send flippers to the car manufacturers and tell them to fix their shit. You shouldn't be allowed to sell a car that can be wirelessly hacked like this, just like how the FDA doesn't let you sell medical devices that can be hacked like that.

You don't just put the cat back in the bag...

[-] kameecoding@lemmy.world 25 points 9 months ago

Based on your description it sounds like banning the flipper would be encouraging security throigh obscurity

[-] go_go_gadget@lemmy.world 47 points 9 months ago

I remember when they had the same conversations about packet sniffers.

Turned out the answer was to use encryption and switches.

[-] sebinspace@lemmy.world 3 points 9 months ago

My girlfriend has a medical implant for her gastroparresis. How concerned should we be? If that device shuts off, she can’t eat, and there’s only a handful of doctors in the country that can work on it, and the one that sees her is often booked two weeks out

[-] cheet@infosec.pub 10 points 9 months ago

The thing is, if there's a wireless exploit/hack that can cause "patient harm" the FDA+Health Canada would force a recall the sec its publicly known.

The flipper wouldn't be the only thing able to exploit it, anybody with a radio and some software would be able to. It just so happens the flipper can also do it cause its a swiss army knife and has a general purpose radio.

Generally by the time an attack exists on the flipper, its already been mastered on laptops and raspberry pis and stuff, putting it on the flipper is more to make it available to test easily without having to lug out the laptop. Nobody is inventing new exploits for such underpowered hardware as the flipper. People are porting known exploits to it.

I can't say how concerned you should be, but this won't make her any safer than before, equal risk. Just as likely someone with a laptop in a backpack doing that. We don't make laptops illegal tho.

What I would be concerned about is the idea that the company that makes the implant would not be able to easily test for issues in the implant with such an "illegal" device. Yes they could use a laptop, but you don't use an xray machine to find a stud, you use a handheld studfinder cause its cheap and easy.

Hope that helps explain a bit

[-] sebinspace@lemmy.world 0 points 9 months ago

the flipper wouldn’t be the only thing able to exploit it

No, and I never once thought these capabilities were unique to the Flipper. My concern is how much it lowers the barrier of entry to potentially dangerous behavior. When people say they got one “just to be evil”, it’s deeply concerning. If someone said the same thing about a gun, something else that can be dangerous and needs to be handled responsibly, I’d be notifying someone. It’s not the capabilities themselves, it’s how accessible it makes those capabilities to the otherwise-inept

this post was submitted on 10 Feb 2024
750 points (99.1% liked)

Technology

59456 readers
4227 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS