A civilization Flipper Zero firmware called 'Xtreme' has added a caller characteristic to execute Bluetooth spam attacks connected Android and Windows devices.
A information interrogator antecedently demonstrated nan technique against Apple iOS devices, inspiring others to research pinch its imaginable effect connected different platforms.
The main thought down nan spam onslaught is to usage Flipper Zero's wireless connection capabilities to spoof advertizing packets and transmit them to devices successful scope of pairing and relationship requests.
This type of spam onslaught tin confuse nan target, make it difficult to discern betwixt morganatic and spoofed devices, and moreover disrupt nan personification acquisition pinch non-stop notifications popping up connected nan targeted device.
Xtreme adds "Bluetooth spam"
Earlier this month, Flipper Xtreme announced connected its Discord transmission that "spam attacks" are coming successful nan adjacent awesome firmware release.
The admins moreover shared a demo video showcasing a denial of work (DoS) onslaught connected a Samsung Galaxy device, wherever a changeless provender of relationship notifications renders nan instrumentality unusable.
Although nan latest firmware hasn't reached unchangeable status, nan "spam attack" has been incorporated into nan latest improvement build via a caller app named 'BLE Spam,' available connected GitHub.
YouTuber 'Talking Sasquach' gave nan dev firmware image a rotation connected his Flipper Zero and reported that nan onslaught useful arsenic expected connected Windows and Android.
The BLE Spam app presently gives users 8 flood onslaught options, including:
- Every method combined
- iOS 17 Lockup Crash
- Apple Action Modal
- Apple Device popup
- Android instrumentality pair
- Windows Device Found
Choosing immoderate of nan supra causes Flipper Zero to statesman broadcasting nan corresponding Bluetooth packets to pop-up connectivity prompts and notifications connected devices successful range.
How to artifact these spam attacks
These attacks are much of an annoyance alternatively than a existent threat. However, arsenic BLE Spam allows users to trade civilization notifications, these spams tin get imaginative and trickier, playing a domiciled successful societal engineering aliases different threat scenarios.
Android 14 and Windows 11 devices, by default, show notifications connected Bluetooth relationship requests, truthful these Flipper Zero attacks could origin problems. Thankfully, there's an easy measurement to artifact these notifications connected some systems.
On Android, caput to Settings → Google → Nearby Share, and move nan toggle connected Show notification to nan "Off" position.
The aforesaid paper tin beryllium accessed through Settings → Connected Devices → Connection preferences → Nearby Share.
On Windows, unfastened Settings, prime 'Bluetooth & devices' from nan paper connected nan left, past click connected 'Devices,' scroll down to 'Device settings,' and move nan 'Show notifications to link utilizing Swift Pair' toggle to nan 'Off' position.
Users shouldn't beryllium excessively worried astir rogue broadcasts of this kind, arsenic these cannot execute codification execution connected recipient devices aliases origin nonstop harm.
However, noting nan imaginable for phishing is crucial, and knowing really to extremity nan notifications successful cases of persistent pranking tin prevention group clip and frustration.