A customized Flipper Zero firmware referred to as ‘Xtreme’ has added a brand new characteristic to carry out Bluetooth spam assaults on Android and Home windows units.
A safety researcher beforehand demonstrated the method towards Apple iOS units, inspiring others to experiment with its potential affect on different platforms.
The principle thought behind the spam assault is to make use of Flipper Zero’s wi-fi communication capabilities to spoof promoting packets and transmit them to units in vary of pairing and connection requests.
This kind of spam assault can confuse the goal, make it troublesome to discern between legit and spoofed units, and even disrupt the person expertise with continuous notifications popping up on the focused machine.
Xtreme provides “Bluetooth spam”
Earlier this month, Flipper Xtreme introduced on its Discord channel that “spam assaults” are coming within the subsequent main firmware launch.
The admins even shared a demo video showcasing a denial of service (DoS) assault on a Samsung Galaxy machine, the place a continuing feed of connection notifications renders the machine unusable.
Though the newest firmware hasn’t reached steady standing, the “spam assault” has been included into the newest improvement construct through a brand new app named ‘BLE Spam,’ accessible on GitHub.
YouTuber ‘Speaking Sasquach’ gave the dev firmware picture a spin on his Flipper Zero and reported that the assault works as anticipated on Home windows and Android.
The BLE Spam app at the moment provides customers eight flood assault choices, together with:
- Each methodology mixed
- iOS 17 Lockup Crash
- Apple Motion Modal
- Apple Gadget popup
- Android machine pair
- Home windows Gadget Discovered
Selecting any of the above causes Flipper Zero to start broadcasting the corresponding Bluetooth packets to pop-up connectivity prompts and notifications on units in vary.
The right way to block these spam assaults
These assaults are extra of an annoyance moderately than an actual risk. Nonetheless, as BLE Spam permits customers to craft customized notifications, these spams can get inventive and trickier, enjoying a task in social engineering or different risk eventualities.
Android 14 and Home windows 11 units, by default, show notifications on Bluetooth connection requests, so these Flipper Zero assaults might trigger issues. Fortunately, there’s a straightforward approach to block these notifications on each techniques.
On Android, head to Settings → Google → Close by Share, and switch the toggle on Present notification to the “Off” place.
The identical menu might be accessed by way of Settings → Linked Units → Connection preferences → Close by Share.
On Home windows, open Settings, choose ‘Bluetooth & units’ from the menu on the left, then click on on ‘Units,’ scroll right down to ‘Gadget settings,’ and switch the ‘Present notifications to attach utilizing Swift Pair‘ toggle to the ‘Off‘ place.
Customers should not be too fearful about rogue broadcasts of this sort, as these can not carry out code execution on recipient units or trigger direct hurt.
Nonetheless, noting the potential for phishing is essential, and realizing the way to cease the notifications in instances of persistent pranking can save individuals time and frustration.
