Android Alert: New Wave of Bluetooth Spam


In a recent development, the notorious Flipper Zero Bluetooth spam attacks have taken a new form as they infiltrate the realm of Android through a dedicated app. This innovation by software developer Simon Dankelmann, dubbed ‘Bluetooth-LE-Spam,’ extends the reach of these annoying spam alerts to a broader range of devices.

Android App Emulates Flipper Zero’s Bluetooth Spam

Building on prior research and Flipper Zero applets targeting iOS, Dankelmann’s Android app mirrors the Bluetooth spam capabilities. The application generates Bluetooth Low Energy (BLE) advertisement packages, mimicking various devices, and can be directed towards nearby Windows and Android devices without the need for a physical Flipper Zero device.

Despite being in the early stages of development, BleepingComputer’s tests have confirmed the app’s functionality, showcasing its potential to disrupt unsuspecting users.

Technical Insights: Challenges and Implications

The ‘Bluetooth-LE-Spam’ app operates by broadcasting connection requests at intervals as short as 1 second, specifically targeting ‘Fast Pair’ on Android or ‘Swift Pair’ on Windows. However, limitations in the Android API regarding transmission (TX) power level control may impact the effectiveness of the attacks. Some broadcasts were only successful when the Android device was in close proximity, while others reached devices several meters away.

An unintended consequence observed during tests revealed that Bluetooth-connected devices such as mice and keyboards could become unresponsive during spam broadcasts, indicating a potential for disruptive “denial of service” attacks.

Mitigating the Threat: Turning Off Notifications

While the ‘Bluetooth-LE-Spam’ app currently serves as a proof of concept rather than an imminent threat, users are advised to take precautions. To disable notifications on Android, navigate to Settings → Google → Nearby Share and toggle the ‘Show notification’ to the “Off” position. Additionally, on Windows, users can disable ‘Swift Pair’ notifications by accessing Settings → Bluetooth & devices → Devices → Device settings and turning off the ‘Show notifications to connect using Swift Pair’ toggle.

[Update 11/4]: Notably, Mishaal Rahman suggests a more effective solution on Android—disable ‘Fast Pair’ via Settings > Google > Devices & sharing > Devices and turn off “Scan for nearby devices.”

Flipper Xtreme Introduces ‘Xtreme’ Firmware

In a parallel development, a custom Flipper Zero firmware known as ‘Xtreme’ introduces a new feature enabling Bluetooth spam attacks on Android and Windows devices. Initially demonstrated against Apple iOS devices, this technique leverages Flipper Zero’s wireless communication capabilities to inundate devices with spoofed advertising packets.

The ‘BLE Spam’ app, incorporated into the latest development build, offers eight flood attack options, each capable of causing various connectivity prompts and notifications on nearby devices.

Conclusion: Balancing Awareness and Caution

While these Bluetooth spam attacks may currently be more of an annoyance than a genuine threat, the potential for creative and deceptive spam scenarios raises concerns. Users are encouraged to remain vigilant and follow recommended steps to block notifications on Android and Windows devices, mitigating the impact of these disruptive campaigns.

In conclusion, understanding the nuances of these emerging threats is crucial in safeguarding against potential phishing attempts and ensuring a seamless user experience amid the evolving landscape of digital security.

#Bluetooth Spam#Flipper Zero#Android Security#Digital Threats#Cybersecurity Awareness

Thanks & Regards:Ashwini Kamble

Digital Marketer

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?