A brand new Python mission referred to as ‘Wall of Flippers’ detects Bluetooth spam assaults launched by Flipper Zero and Android units.
By detecting the assaults and figuring out their origin, customers can take focused safety measures, and culprits can doubtlessly be held accountable for his or her actions.
Not an harmless prank
The power to launch Bluetooth LE (BLE) spam assaults utilizing the Flipper Zero transportable wi-fi pen-testing and hacking software was first demonstrated in September 2023 by safety researcher ‘Techryptic.’
On the time, the assault concerned spamming Apple units with bogus Bluetooth connection notifications, so it appeared extra like a prank than something actually harmful.
The thought was shortly adopted by different builders who created a customized Flipper Zero firmware that would launch spam assaults in opposition to Android smartphones and Home windows laptops.
Quickly after, developer Simon Dankelmann ported the assault to an Android app, permitting folks to launch Bluetooth spam assaults without having a Flipper Zero.
Nevertheless, folks attending the latest Midwest FurFest 2023 convention found first-hand that the results of those Bluetooth spam assaults can go far past the scope of a innocent prank.
Many reported extreme enterprise disruption with their Sq. fee readers, and others confronted extra threatening conditions, like inflicting an insulin pump controller to crash.
Folks utilizing Bluetooth-enabled listening to aids and coronary heart fee monitoring instruments additionally reported disruption, which may put their well-being in danger.
Greynoise vulnerability researcher Remy shaerd a thread on Twitter concerning the risks of these kind of assaults, warning that conducting BLE spam can have severe well being ramifications for these impacted.
“For BTLE enabled medical gear, at minimal a disruption leads to a degraded high quality of life for these affected,” warned Remy in a dialog with BleepingComputer about BLE assaults.
“Some situations might not be life threatening to have disruptions. Others might not be so fortunate.”
Whereas some declare that Apple has quietly launched a mitigation for the BLE assaults in iOS 17.2, the issue has not been addressed in Android right now.
Moreover, BleepingComputer’s exams sending BLE spam to iOS units from an Android app continued to work after putting in iOS 17.2.
BleepingComputer contacted Google about their plans for these assaults in Android, however a response was not instantly out there.
Wall of Flippers
The Wall of Flippers (WoF) mission goals to detect attackers conducting BlueTooth LE spam assaults so folks on the receiving finish can reply appropriately.
The Python script, which, for now, can run on Linux and Home windows, is designed to be run constantly, continually updating the consumer with the standing of close by BTLE units, any potential threats, and common exercise.
The principle show options an ASCII artwork header, tables of dwell and offline units, and detected BLE assault packets.
Detect Bluetooth LE assaults utilizing Android
You may detect BLE assaults comparable to iOS crash which can be executed by Flipper Zero or its Android app variant (Bluetooth LE Spam) utilizing Python script.
Btw, Apple already fastened iOS BLE crash situation #nethunter https://t.co/TdTl2WQ84v pic.twitter.com/0EpQyudqDl— Cell Hacker (@androidmalware2) December 21, 2023
The script scans for BTLE packets within the neighborhood and analyzes the transmitted packets in opposition to a set of predefined patterns thought of to be indicative of malicious exercise.
Wall of Flippers can presently detect the next right now, however the mission is a piece in progress and can proceed to get updates:
- Flipper Zero detection (BT should be enabled)
- Flipper archiving (saving previous knowledge)
- iOS crash and popup BTLE detection
- Android crash and popup BTLE detection
- Home windows Swift Pair BTLE detection
- LoveSpouse BTLE detection
Whereas listening passively, WoF captures the MAC deal with of the spamming gadget, which is a major gadget identifier, the sign energy, which can be used to find out the attacker’s proximity, and the info contained within the packets.
Directions on putting in WoF and establishing the mission might be discovered on the developer’s GitHub repository.
BleepingComputer has not examined WoF and can’t present ensures concerning the security of the script, so remember to examine the code earlier than putting in.
