High school student allegedly uses device to turn off nearby iPhones
arlnow.comBefore any gets inspired by this and tries to use an F0 for assorted hijinks like this, just make sure you understand the legal framework in your country. In the UK where I am for example, this is almost certainly “deliberate interference with wireless telegraphy” which can carry a 2 year prison sentence. Not saying that the law isn’t an ass, just that you might want to know what you’re getting yourself into before you do the prank.
See https://www.ofcom.org.uk/spectrum/rules
> It is illegal, unless authorised, to use any apparatus for the purpose of interfering with wireless telegraphy. For full details, see section 68(1) of the Wireless Telegraphy Act 2006.
> The maximum penalty is up to two years’ imprisonment and/or an unlimited fine.Also, if you are intent on doing this in K-12, make sure to practice strong opsec if executing on this.
Source: banned from all SFUSD computers in middle school after exploiting misconfigured AD for the middle school library after the librarian noticed the time period it occurred
Ah, I was banned the first year of secondary school (11-16) because I persuaded the computer teacher's son to give me the admin passwords for the network...
“Unlimited fines” sound mind-bendingly excessive — risk of financial singularity. I’d opt for the merciful two years.
You don't get a choice in it.
You don’t know that. Maybe parent is a judge.
I've always thought "wireless telegraphy" was an anachronistic, yet elegant term.
>Not saying that the law isn’t an ass
The ass here is the person who is disabling phones that don't belong to him.
Shouldn’t everyone’s parents have already had their kids phones in school mode? Who would have been on their phone in the first place to notice it was off?
Pretty interesting they are referring to everyone whose photo turned off as victims. Wouldn’t they also be violators of school phone policy?
What is school mode? I've never heard of this.
Every country / locale has different school phone policies. Even breaking the rules why would they not be labeled as victims of a crime? Someone who was pranked would usually be labeled as a "victim of the prank".
FYI, I don't think this is some major crime that deserves jail time or serious consequences but it's still a crime.
So what you’re saying is plant a device that can’t be traced to you then leave the area and set it to fire on some timer.
The UK has the most CCTV cameras per person outside of China, so better make sure your opsec counter-surveillance skills are up to scratch...
Just wear a COVID mask and a hoodie.
And put a stone in one shoe so your gait is affected.
Wireless interference would be the lesser charge at this point.
It's probably a flipper zero. There is a Bluetooth iOS spamming script which can cause the devices to freeze or crash.
It's also possible via something way cheaper, like an ESP32 (~US$1.5), e.g. using https://github.com/ckcr4lyf/EvilAppleJuice-ESP32 (Disclaimer: I am the author)
Makes sense because the flipper zero basically is an esp32 with a display and a few other radios.
I wonder if it could also be done with a simple android app.
Wow, what a funky little device! Thanks for the lead, I might have to pick up one of these things. It looks good for hacking but is it hackable itself? An exposed JTAG port would have this thing shipping to my home right now.
Picked one up for Christmas and have already been having a blast with it today. Yes, it is supremely hackable, try awesome-flipperzero [1] as a starting point. The iOS exploit discussed here is already patched as of a week or two ago, fwiw.
Ok this is the silliest nitpick but like... The personality/emotionality of the flipper zero has been the biggest thing stopping me from using mine more.
Like, I classify myself as an empath, and it's physically painful to think about using it and having to face the dolphin's sad face if it's been a while.
Looks like I need to hack mine to not get sad when I don't use it. Digital antidepressants, as it were...
You could use a custom firmware that allows asset packs, and just remove/replace either the sad animations or just all of them.
Obviously the best option is to just use it regularly enough that the dolphin doesn't get sad!
I've heard of these, but don't own one. Is the dolphin the equivalent of the Duolingo bird, or were you making a joke? (Sorry to ruin the joke if you were making one, I was just curious!)
Closer to a Tomagotchi. It's just some cute little pixel animations. It "levels up" as you use it, and has a mood based on frequency of usage, and randomly rotates between different activities. It doesn't affect anything the device actually does, it's just for fun.
The firmware is open source, and third party software already exists
There's a whole community making stuff for it. You can even get external antennas attached to the GPIO pins that multiply the range to something ridiculous.
TBH mine is mostly a clone of my NFC/RFID keys and I've got every Amiibo on ever made downloaded on it :D
> It looks good for hacking but is it hackable itself?
Yes. The firmware is open-source and can be reflashed over USB, and SWD is exposed on the socket on the top of the device.
fully hackable. they give you for shell access over USB, and it has exposed io ports for custom accessories. they encourage you to play around with the firmware and expand its capabilities how're you want, it is part of the product design and intention
it exposes an Arm serial wire debug port, which is and isn't a JTAG port. Specifically, it's a different layer 1 interface, using a 2-wire serial port instead, but it uses the JTAG protocol on top.
I'm familiar with SWD from a UX standpoint- I write firmware, so I use it a lot. "Just cram the wires into the J-Link a little differently" is about as much research I've ever had to do to use SWD. I never really dug into the technical differences. Thanks for the explanation!
ha when i was in school we used 'punters' to kick people off AOL
At one point you could just send a ton of <<<<<<< which caused some internal parser to slow down horribly and eventually crash
s/CON/CON
This looked to me like a useless sed substitution.
But, apparently, typing "{S /con/con" in an AOL chat blue-screened Windows participants that had their AOL sounds turned on.
http://mazur-archives.s3.amazonaws.com/aol-files/breaches/co... [AOL-Files.com] (2000)
I remember turning off hallway TVs in school with a visor handspring and an IR app.
I had an android tablet with an IR blaster in it (the Sony tablet s) and had endless fun putting Macs with the remote receiver to sleep. Hold down the play button like on an iPod and people’s laptops would just go to sleep while they were using them.
Supposedly the most recent updates stop that.
Link to the script? I have a F0 and would like to try it
It’s probably this one: https://www.zdnet.com/article/flipper-zero-can-lock-up-an-ip...
This attack was mitigated in 17.2: https://www.theverge.com/2023/12/15/24003406/apple-iphone-fl...
I liked the first comment there:
> "According to an APS statement, 'by turning off those teenagers' phones, the student created a dangerous environment in which students might actually have been able to learn something instead of staring at their phones all day. We're just not equipped to handle that kind of thing, so we called the police instead.'"
A few states in Australia have outright banned phones in schools. I have a few teacher friends. I’ve heard the students still aren’t interested in learning… (Jokes aside I think it’s going great for the kids and the teachers in aus)
Does the ban extend to recesses/entire school grounds?
I was very introverted throught my childhood and spent my first school years' recesses not talking to anyone, just mindlessly wandering the hallways and yard. It got to a point where I didn't even know many of my classmate's names, even after spending years "with them".
When I grew old enough to have my own phone that I could bring to school, it made recesses more bearable. It didn't sabotage or disincentivize any social interactions, because before that moment I had almost none with peers. Looking back on it, I didn't "lose out" on socialization because of phone use, as I simply didn't have any beforehand.
With respect, pandering to outliers is never the answer.
Is a handicap ramp, pandering to outliers?
Ramps are a needed accomdation for medical necessity. To my knowledge, a phone likely exacerbates the social reclusiveness. I think it's a bad analogy.
This is a terrible analogy. Ramps don’t impede society; anyone can make use of them.
School grounds at all times. Being alone with your thoughts is still better than scrolling all day.
Speaking from experience, it is not.
My school day was from 8AM to 4PM, lunch at 1, post-lunch recess at 1:30. Recesses lasted 30 minutes, with usually 4 per day.
Years of having approximately 2 hours of alone-with-my-thoughts time (as a child to preteen, not an adult), every weekday. Not fun, and to this day I don't feel like it has given me any mental benefit.
Sounds like your school sucked and a phone was the band-aid. I doubt you are alone in this kind of ‘education’ (using the word very lightly) induced misery, but escapism via device is not much good when the real problem is the systemic misuse of time and resources in our schools.
My school was actually very academically good, and psychopedagogycally too. The teachers were often kind and so was the rest of the staff. Hell, even the classmates were cool most of the time.
I consider myself quite lucky when reading Americans' complaints about their schools and recesses, with sentences such as "bring back recess!". I shudder to think of what goes on in some districts compared to what I had, which was overall quite sufficient and well spaced-out.
The real problem was just me. Or, if I had to put the blame on someone else, it was my parents and the school authorities which didn't really help much. Not out of bad faith or anything, just of simple ignorance or unwillingness to think of it as important enough to warrant the help I actually needed.
And to the other OC's point: not all phone use is bad. Not all "scrolling" is bad. I was quite internet-literate for my age at that time, in which, by the way, the internet wasn't the algorithmic ML doom-driven nightmare it can sometimes be today.
With all respect saving an odd one out from boredom of solitude has to give way to saving the vast majority from being stuck to their phones all the time.
Is it common for most students to be on their phone all the time during recess (to not even socialize between themselves, even to show each other stuff on them), and in class? Is there a reason why the no-phone policy can't be scoped to the classroom only?
And about me, it wasn't just solitude. It was also nothingness. There was a computer room but it was just used for IT class and locked when not in use for that purpose. There was no library, no board games. (Not that I would have played any if they were, as I had no one to play with)
> Is it common for most students to be on their phone all the time during recess (to not even socialize between themselves, even to show each other stuff on them), and in class?
Yes. The default state appears to be primary (maybe even sole) interaction via phone. That's not to say that they're not showing each other stuff, but it's phone-to-phone - as in, sending each other social media messages, not passing a physical device back and forth.
I'm not quite so exercised about it as most people seem to be - the historically universal assumption about "the youth" is that everything they do differently is terrible, which has not typically turned out to be the case. As a (former, for now) teacher, however, the distraction-potential for / from phones is extreme. That goes for in-class, out-of-class, at-home, everywhere. I'm in favor of banning them entirely in schools, and (as a parent, who's still a few years away from facing it with my kid) limiting access at home.
Personal anecdote: my time teaching middle-school kids coincided with the brief pre-smartphone era in which they taught themselves to T9 with perfect fluency, without looking at the screen. The first few times I saw that I was so flabbergasted I couldn't even get mad. I don't know the exact age-range of that group, but it was a very precise demographic slice. I still tip my cap to those of you who learned that trick.
Was this before the discovery of the book?
yes, its is at my kids schools
This is pretty common i think.
20 years ago when i was at school phones had to be turned off at the gate and not turned back on until you left, a 3310's text message ringtone meant someone was getting suspended. Some small exceptions were made... If you stayed late for sports practise you could turn them on outside the locker rooms to call for a lift ect...
From what i understand from my nieces / nephews the rule is still in place at the same school.
As a teacher, how resentful of your students do you have to be to determine this was the best course of action?
Those darn kids and their phones! Keep it down! I’m tryna watch some tv here!
"nearby" + plaform specificity? This screams Bluetooth.
Side note: iOS's BT stack has a handful of oddly specific requirements for peripherals. It wouldn't surprise me that those requirements precipitate from... cough design oversights.
This was around a decade ago, but I remember having a use case where sending too much data to the Bluetooth stack on iPhone would crash the Bluetooth stack so hard that only a factory reset would fix it.
I have no doubt that lingering vulnerabilities exist in that stack.
To be fair to apple, Bluetooth is a hot mess
I don't think we need to be particularly fair, given Apple's courageous decision to remove wired headphone ports from their devices.
If that kid (and their parents consent) is on HN I’d like to buy them a soda and see about hiring them as an intern.
we’re both in the DC area and I have a few interesting robotics projects for aspiring hackers
As long you give scripts they can execute this might work out
It's a highschool. That's plenty old enough to write your own exploits.
Oh no my phone turned off. Someone call the police.
But how? My phone is off!
Do this in the wrong school district and they'll put you in prison. Absolutely ridiculous.
Do this around people with type 1 diabetes, and there's a chance you're wiping out their glucose monitor (a sizeable number of the continuous glucose monitor systems rely on a cellphone app, smartphones are becoming ubiquitous hardware/software.)
It might be a funny stunt, but there could be some serious consequences.
>a sizeable number of the continuous glucose monitor systems rely on a cellphone app
I thought medical hardware had to go through stringent approval processes with health authorities?
This is just an awful design in general. An auxiliary control system for your body should be much more resistant against electronic interference and self contained to prevent this kind of vulnerability.
Yeah, interfering with people's medical equipment is bad but whoever put such trash on the market should also get a prison sentence if it lead to harm.
>I thought medical hardware had to go through stringent approval processes with health authorities?
Yeah this is the case. You have to have a phone from a list of approved devices which is not very long.
In fairness, diabetics should be carrying standalone blood glucose monitors as a backup. You never know what could happen to your phone.
As far as I know there is no general method of resisting electronic interference?
Not using a wireless communication method reduces the chances that electronic interference will cause a problem. Obviously there's no way to completepy prevent issues but it's not so hard to implement things such that a misbehaving Bluetooth (or whatever) radio doesn't lead to a dangerous situation.
People already die of diabetes due to not having enough money.
Your proposed law would increase the price of treatment and lead to more deaths.
> People already die of diabetes due to not having enough money.
Not in civilised countries.
This hack doesn't wipe the phone. It just hangs it. It can be restarted.
This is ridiculous. Critical safety functions should not be dependent on a unreliable medium that can be easily disrupted. There must always be a fallback mechanism.
People who use such a feature would surely have a backup strategy in case their phone dies, the battery dies, is stolen, is lost, or is unavailable for any number of reasons (fucked up OTA update? hacked? some dumb app crashing their device?), right? If they don't and just rely on that single consumer-grade device working all the time, I feel sorry for them.
This glucose monitor excuse gets trotted out for these topics every time, but someone wielding a Flipper is probably the least of your concerns if device and connectivity reliability is so critical.
> People who use such a feature would surely have a backup strategy in case their phone dies, the battery dies, is stolen, is lost, or is unavailable for any number of reasons (fucked up OTA update? hacked?
People become inured to extreme risks. It's common to come across people with history of anaphylaxis who only carry one or zero epipens, despite the extreme risk of death.
And it is their negligence there. It should not be the fault of the prankster who used the Flipper Zero to temporarily crash consumer information devices (people's iPhones).
Some schools ban phones completely. And the school is not responsible if the children can't call 911 if there's some emergency for example.
And some buildings are constructed of materials which will obstruct the mobile signal as well. Nobody is held responsible for that when they can't call 911.
And I believe it's perfectly legal for me to use radio-blocking paint on the walls of my own house, that might obstruct the signals for the neighbours as well, if I'm hypothetically in a weak signal area. In that case the mobile operator has no right to force their signals through my home, it's within my right to block it as long as I don't use any form of illegal jamming.
Nah, if you effect other people's property, you are morally responsible for the foreseeable outcomes. You don't get to absolve yourself of responsibility because you've decided that their preparedness didn't meet your expectations.
Some examples, e.g. court judgements?
You need laws to stop you from being a shitbag, messing with other peoples' stuff?
The person you're replying to was also careful to say you are morally responsible. That has nothing to do with legal issues.
Sorry. Yes I agree that you can be morally culpable for it, but not legally. I didn't notice the distinction there.
I should also apologize. I was over-aggressive in my response. Just ticks me off to see a comment that seems like it's defending messing with property of others (which you actually didn't imply, but instead I inferred it).
Well, given the recent trend in school shootings, someone would have panicked thinking that a student going postal would first attempt to turn off devices around to stop other people from calling for help.
This reminds me of a time back in high school when a friend bought a cell jammer on ebay and we walked around school just waiting for people to start texting before turning it on and losing our heads at their confusion. Stupid to do, but bored high schoolers do stupid things…
The article isn't very specific, but I would speculate that the iPhone for someone somewhat high up in the school was affected.
"Victims" really.
I remember in school doing the old "net send /domain blahahahhahaaa" and eventually making a crude BAT script that autoran when you inserted a CD to spew line after line of corny middleschooler copypasta.
Maybe it was a blessing in disguise, all those highschoolers would be much better off without a smartphone while in school (barring emergencies) and perhaps outside of school too.
Wow Must be embarrassing for school if a student is doing their job for them.
Brings back high school memories when we used to shutdown peoples mIRC client with a special message that you could send as a personal message to them.
I don't know it anymore but I remember it started with a whole bunch of aaaaaaa, but also included other characters. The beauty is the attack left no trace at all, so they never knew what hit them.
Interfering with radio (phone) signals seems to be one of those perhaps unexpectedly serious crimes especially for how easy it seems to be even by accident.
If only other similar service rights were given the same protection. Like the constant data leaks/thefts.
> especially for how easy it seems to be even by accident.
This does seem to be one of those places where you would have to prove intent to get a conviction but IANAL.
Probably a Flipper Zero. I saw someone do this with one recently. Even before that, I wanted one. It is a pocket sized software defined radio for sub-gigzhertz signals. It can record and play back RF signals.
Does this work if bluetooth is off? Like off-off (since Appl has off for ___ hrs-on and off-off
Reminds me of the classic iPhone MEMS oscillator helium issue [0]. Not sure a backpack-portable tank would contain enough helium to cause problems though, even in an enclosed classroom; the bluetooth possibilities are probably more plausible.
Reminds me of the Effective Power bug [1] from 2015 though that didn't require special hardware.
[1]: https://en.wikipedia.org/wiki/SpringBoard#%22effective_power...
Ah yes, classic case of someone being arrested for the crime of doing something the police think only they should be allowed to do.
Do policemen regularly turn off your phone?
Nobody was arrested
Probably someone tired of the blue and green bubble BS on iPhones.
> phone turns off
> victims
I'll just be a Flipper Zero with a new Firmware - https://github.com/Flipper-XFW/Xtreme-Firmware Maybe something else but this is the easiest/most obvious.
I don't really understand why this is mainstream news. It's happened before, because it's harmless and funny - https://www.kktv.com/2023/11/30/device-brought-tennessee-hig...
In a world where the loser Doomers think China/Aliens can cripple us with a cyberattack this is exactly what is needed more to make people harden their phones, aka run updates.
Wild guess: A handheld EMP generator. You can make them out of a battery and an ignition coil.
Nope. That would turn off nearby Android devices and laptops as well.