Flipper Zero Bluetooth spam attacks ported to new Android app

Flipper Zero Bluetooth spam attacks ported to new Android app

October 31, 2023 at 04:13PM

Software developer Simon Dankelmann has created an Android app called ‘Bluetooth-LE-Spam’ that can generate Bluetooth Low Energy (BLE) spam alerts on Android and Windows devices. The app can simulate various devices and send frequent connection requests, potentially disrupting Bluetooth-connected devices like mice and keyboards. While the app is currently in early development and more of a demonstration, users can disable notifications by adjusting settings on Android and Windows devices. Testing the app on main devices is not recommended for security reasons.

Based on the meeting notes, there is a new Android app called ‘Bluetooth-LE-Spam’ that has been developed by software developer Simon Dankelmann. This app allows the generation of Bluetooth Low Energy (BLE) advertisement packages to target nearby Windows and Android devices with spam alerts.

The app is still in early development, but tests have confirmed that it works as advertised. It can broadcast connection requests with set time intervals, specifically targeting ‘Fast Pair’ on Android or ‘Swift Pair’ on Windows. It is important to note that the Android API has constraints on controlling the actual data being broadcasted in relation to the transmission power level, which can result in poor reception from target devices.

An interesting side-effect of the spam broadcasts is that Bluetooth-connected devices like mice and keyboards can become unresponsive, potentially causing disruptions or “denial of service” attacks. However, at this stage, the app is considered more of a demonstration of a possibility rather than a severe threat to users.

In the event that you are targeted by such spam notifications, it is possible to turn them off. On Android, you can go to Settings → Google → Nearby Share and turn off the toggle for “Show notification.” On Windows, open Settings, select ‘Bluetooth & devices,’ then go to ‘Devices’ and scroll down to ‘Device settings.’ From there, you can turn off the toggle for ‘Show notifications to connect using Swift Pair.’

It is recommended not to test the ‘Bluetooth-LE-Spam’ app on your main device for security reasons, as there are no guarantees regarding the safety of the project.

Full Article