Home Cyber Security ‘Wall of Flippers’ detects Flipper Zero Bluetooth spam assaults

‘Wall of Flippers’ detects Flipper Zero Bluetooth spam assaults

‘Wall of Flippers’ detects Flipper Zero Bluetooth spam assaults


Flipper Zero

A brand new Python undertaking known as ‘Wall of Flippers’ detects Bluetooth spam assaults launched by Flipper Zero and Android gadgets.

By detecting the assaults and figuring out their origin, customers can take focused safety measures, and culprits can doubtlessly be held accountable for his or her actions.

Not an harmless prank

The power to launch Bluetooth LE (BLE) spam assaults utilizing the Flipper Zero transportable wi-fi pen-testing and hacking instrument was first demonstrated in September 2023 by safety researcher ‘Techryptic.’

On the time, the assault concerned spamming Apple gadgets with bogus Bluetooth connection notifications, so it appeared extra like a prank than something really harmful.

The concept was shortly adopted by different builders who created a customized Flipper Zero firmware that would launch spam assaults in opposition to Android smartphones and Home windows laptops.

Quickly after, developer Simon Dankelmann ported the assault to an Android app, permitting individuals to launch Bluetooth spam assaults without having a Flipper Zero.

Nevertheless, individuals attending the latest Midwest FurFest 2023 convention found first-hand that the results of those Bluetooth spam assaults can go far past the scope of a innocent prank.

Many reported extreme enterprise disruption with their Sq. cost readers, and others confronted extra threatening conditions, like inflicting an insulin pump controller to crash.

Morganitel tweet

Individuals utilizing Bluetooth-enabled listening to aids and coronary heart fee monitoring instruments additionally reported disruption, which might put their well-being in danger.

Greynoise vulnerability researcher Remy shaerd a thread on Twitter in regards to the risks of some of these assaults, warning that conducting BLE spam can have critical well being ramifications for these impacted.

Remy tweet

“For BTLE enabled medical tools, at minimal a disruption ends in a degraded high quality of life for these affected,” warned Remy in a dialog with BleepingComputer about BLE assaults.

“Some circumstances might not be life threatening to have disruptions. Others might not be so fortunate.”

Whereas some declare that Apple has quietly launched a mitigation for the BLE assaults in iOS 17.2, the issue has not been addressed in Android at the moment.

Moreover, BleepingComputer’s assessments sending BLE spam to iOS gadgets from an Android app continued to work after putting in iOS 17.2.

BleepingComputer contacted Google about their plans for these assaults in Android, however a response was not instantly obtainable.

Wall of Flippers

The Wall of Flippers (WoF) undertaking goals to detect attackers conducting BlueTooth LE spam assaults so individuals on the receiving finish can reply appropriately.

The Python script, which, for now, can run on Linux and Home windows, is designed to be run constantly, consistently updating the consumer with the standing of close by BTLE gadgets, any potential threats, and basic exercise.

The primary show options an ASCII artwork header, tables of dwell and offline gadgets, and detected BLE assault packets.

The script scans for BTLE packets within the neighborhood and analyzes the transmitted packets in opposition to a set of predefined patterns thought-about to be indicative of malicious exercise.

Wall of Flippers can at the moment detect the next at the moment, however the undertaking is a piece in progress and can proceed to get updates:

  • Flipper Zero detection (BT have to be enabled)
  • Flipper archiving (saving previous knowledge)
  • iOS crash and popup BTLE detection
  • Android crash and popup BTLE detection
  • Home windows Swift Pair BTLE detection
  • LoveSpouse BTLE detection

Whereas listening passively, WoF captures the MAC tackle of the spamming system, which is a main system identifier, the sign power, which can be used to find out the attacker’s proximity, and the info contained within the packets.

Directions on putting in WoF and organising the undertaking may be discovered on the developer’s GitHub repository.

BleepingComputer has not examined WoF and can’t present ensures in regards to the security of the script, so you’ll want to examine the code earlier than putting in.



Please enter your comment!
Please enter your name here