A brand new Python mission known as ‘Wall of Flippers’ detects Bluetooth spam assaults launched by Flipper Zero and Android gadgets.

By detecting the assaults and figuring out their origin, customers can take focused safety measures, and culprits can doubtlessly be held accountable for his or her actions.

Not an harmless prank

The flexibility to launch Bluetooth LE (BLE) spam assaults utilizing the Flipper Zero transportable wi-fi pen-testing and hacking software was first demonstrated in September 2023 by safety researcher ‘Techryptic.’

On the time, the assault concerned spamming Apple gadgets with bogus Bluetooth connection notifications, so it appeared extra like a prank than something actually harmful.

The thought was shortly adopted by different builders who created a customized Flipper Zero firmware that might launch spam assaults in opposition to Android smartphones and Home windows laptops.

Quickly after, developer Simon Dankelmann ported the assault to an Android app, permitting individuals to launch Bluetooth spam assaults with no need a Flipper Zero.

Nevertheless, individuals attending the latest Midwest FurFest 2023 convention found first-hand that the results of those Bluetooth spam assaults can go far past the scope of a innocent prank.

Many reported extreme enterprise disruption with their Sq. fee readers, and others confronted extra threatening conditions, like inflicting an insulin pump controller to crash.

Folks utilizing Bluetooth-enabled listening to aids and coronary heart fee monitoring instruments additionally reported disruption, which may put their well-being in danger.

Greynoise vulnerability researcher Remy shaerd a thread on Twitter in regards to the risks of some of these assaults, warning that conducting BLE spam can have critical well being ramifications for these impacted.

“For BTLE enabled medical gear, at minimal a disruption ends in a degraded high quality of life for these affected,” warned Remy in a dialog with BleepingComputer about BLE assaults.

“Some circumstances will not be life threatening to have disruptions. Others will not be so fortunate.”

Whereas some declare that Apple has quietly launched a mitigation for the BLE assaults in iOS 17.2, the issue has not been addressed in Android at the moment.

Moreover, BleepingComputer’s exams sending BLE spam to iOS gadgets from an Android app continued to work after putting in iOS 17.2.

BleepingComputer contacted Google about their plans for these assaults in Android, however a response was not instantly accessible.

Wall of Flippers

The Wall of Flippers (WoF) mission goals to detect attackers conducting BlueTooth LE spam assaults so individuals on the receiving finish can reply appropriately.

The Python script, which, for now, can run on Linux and Home windows, is designed to be run constantly, continuously updating the consumer with the standing of close by BTLE gadgets, any potential threats, and normal exercise.

The primary show options an ASCII artwork header, tables of reside and offline gadgets, and detected BLE assault packets.

Detect Bluetooth LE assaults utilizing Android

You possibly can detect BLE assaults corresponding to iOS crash which can be executed by Flipper Zero or its Android app variant (Bluetooth LE Spam) utilizing Python script.
Btw, Apple already fastened iOS BLE crash difficulty #nethunter https://t.co/TdTl2WQ84v pic.twitter.com/0EpQyudqDl

— Cell Hacker (@androidmalware2) December 21, 2023

The script scans for BTLE packets within the neighborhood and analyzes the transmitted packets in opposition to a set of predefined patterns thought of to be indicative of malicious exercise.

Wall of Flippers can presently detect the next at the moment, however the mission is a piece in progress and can proceed to get updates:

• Flipper Zero detection (BT have to be enabled)
• Flipper archiving (saving previous knowledge)
• iOS crash and popup BTLE detection
• Android crash and popup BTLE detection
• Home windows Swift Pair BTLE detection
• LoveSpouse BTLE detection

Whereas listening passively, WoF captures the MAC handle of the spamming system, which is a main system identifier, the sign power, which can be used to find out the attacker’s proximity, and the information contained within the packets.

Directions on putting in WoF and establishing the mission will be discovered on the developer’s GitHub repository.

BleepingComputer has not examined WoF and can’t present ensures in regards to the security of the script, so you should definitely examine the code earlier than putting in.