Flipper Zero Bluetooth spam attacks ported to new Android app

Trending 1 month ago


Recent Flipper Zero Bluetooth spam attacks person now been ported to an Android app, allowing a overmuch larger number of devices to instrumentality these annoying spam alerts.

Inspired by erstwhile investigation connected nan taxable and Flipper Zero applets targeting iOS devices, and later Android and Windows, package developer Simon Dankelmann developed an Android app tin of nan aforesaid Bluetooth spam.

The Android app, named 'Bluetooth-LE-Spam,' tin make BLE (Bluetooth Low Energy) advertisement packages spoofing various devices to adjacent Windows and Android devices, eliminating nan request for a Flipper Zero.

The task is still successful early development, but BleepingComputer's tests confirmed that it useful arsenic advertised.

Specifically, nan app tin broadcast relationship requests pinch group clip intervals arsenic predominant arsenic 1 second, targeting 'Fast Pair' connected Android aliases 'Swift Pair' connected Windows.

Generating spammy Bluetooth broadcastsGenerating Bluetooth broadcasts

One point to statement is that moreover though nan Android API allows mounting nan transmission (TX) powerfulness level, developers person constricted power complete nan existent information being broadcasted successful narration to nan TX powerfulness level.

This constraint by nan Android SDK tin consequence successful mediocre reception from nan target devices, which is not a problem successful Flipper Zero, which tin execute a much extended and precise scope erstwhile connecting to different devices.

In our tests, we recovered that immoderate broadcasts were caught by nan target only if nan Android instrumentality generating them was arsenic adjacent arsenic a fewer centimeters. In contrast, successful different cases, notifications were generated from respective meters away.

Windows 11 notification generated by nan appWindows 11 notification caused by nan spam app

An absorbing side-effect we noticed is that Bluetooth-connected devices for illustration mice and keyboards tin go unresponsive during spam broadcasts. This is different measurement of creating disruptive "denial of service" attacks connected a target.

For now, nan app stands arsenic a objection of a anticipation alternatively than a terrible threat to users, but knowing really to move disconnected these notifications successful nan arena you're targeted is good.

On Android, caput to Settings → Google → Nearby Share, and move nan toggle connected Show notification to nan "Off" position.

On Windows, unfastened Settings, prime 'Bluetooth & devices' from nan paper connected nan left, past click connected 'Devices,' scroll down to 'Device settings,' and move nan 'Show notifications to link utilizing Swift Pair' toggle to nan 'Off' position.

We urge against testing nan 'Bluetooth-LE-Spam' app connected your main instrumentality for reasons of security, arsenic BleepingComputer cannot supply immoderate guarantees that nan task is safe.