[Dandu] recently wrote in to tell us how he managed to revive his Parrot Flower Power after the manufacturer told him it couldn’t be repaired. To save you the trouble of opening Google in another tab, the Parrot Flower Power is a Bluetooth Low Energy (BLE) “smart” device for your flower pot. Because of course that’s a thing.
When [Dandu] noticed his Flower Power was no longer being detected by his iOS devices, he contacted support who told him that sadly this was a hardware failure and that he should just throw it away. But he had his doubts about this diagnosis as other devices such as his Raspberry Pi could still communicate with it. Upon closer inspection, he realized that the Flower Power didn’t have a name, and could only be contacted by its MAC address directly. Reasoning the lack of a name might be upsetting the “It Just Works” sensibility of his iGadget, [Dandu] started researching if there was some way to get the device to take a new name remotely.
Luckily for our hero, BLE is kind of broken. Searching for a solution to his problem brought him to a blog post by the creator of BLEAH which demonstrated exactly what [Dandu] was looking to do. Following along, it took only a single command to push a new name to the Flower Power’s BLE configuration. With that, his “broken” device was brought back to life. Why the device lost its name, or how to prevent it from happening in the future are questions for another day. [Dandu] will take the win.
If you’re interested in the popular new technology that’s compromising our security in the name of convenience and improved battery life, the rabbit hole starts here.
6 thoughts on “Curing A Parrot’s Amnesia With BLEAH”
It’s crazy you can just push config info into BLE devices like this. Did they really not think this would be a problem?
The bleah creator’s view of BLE is, um, naive. However, developers are equally so. So yes, it quite often is this easy. It can be more secure (but still not perfect) with very little effort.
Welcome to the Internet of Things.
S in the IoT means “security” :)
I read the title and thought I was having some kind of mini-stroke causing words to lose all meaning, but then I read the article and everything made sense again. Whew!
“other devices such as his Raspberry Pi could still communicate with it.”
“Reasoning the lack of a name might be upsetting the “It Just Works” sensibility of his iGadget”
It’s funny how ‘It Just Works’ means that it’s the one device that doesn’t work.
And the consumers eat it up!
Wow, Apple marketing really is double plus good isn’t it?!
Please be kind and respectful to help make the comments section excellent. (Comment Policy)