‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks

First American takes IT systems offline after cyberattack women glasses

Mint Mobile discloses new data breach exposing customer data

Crypto drainer steals $59 million from 63k people in Twitter ad push

GTA 5 source code reportedly leaked online a year after RockStar hack

Get productive in the holidays with $200 off Microsoft Office 2019

Google Chrome now scans for compromised passwords in the background

Save $360 on three lifetime learning services with this bundle

How to change IP address

Access the dark web safely

Remove the Theonlinesearch.com Search Redirect

Remove the Smartwebfinder.com Search Redirect

How to remove the PBlock+ adware browser extension

Remove the Toksearches.xyz Search Redirect

Remove Security Tool and SecurityTool (Uninstall Guide)

How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo

How to remove Antivirus 2009 (Uninstall Instructions)

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

Locky Ransomware Information, Help Guide, and FAQ

CryptoLocker Ransomware Information Guide and FAQ

CryptorBit and HowDecrypt Information Guide and FAQ

CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to open a Windows 11 Command Prompt as Administrator

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices.

By detecting the attacks and identifying their origin, users can take targeted protection measures, and culprits can potentially be held accountable for their actions.

The ability to launch Bluetooth LE (BLE) spam attacks using the Flipper Zero portable wireless pen-testing and hacking tool was first demonstrated in September 2023 by security researcher 'Techryptic.'

At the time, the attack involved spamming Apple devices with bogus Bluetooth connection notifications, so it appeared more like a prank than anything truly dangerous.

The idea was quickly adopted by other developers who created a custom Flipper Zero firmware that could launch spam attacks against Android smartphones and Windows laptops.

Soon after, developer Simon Dankelmann ported the attack to an Android app, allowing people to launch Bluetooth spam attacks without needing a Flipper Zero.

However, people attending the recent Midwest FurFest 2023 conference discovered first-hand that the consequences of these Bluetooth spam attacks can go far beyond the scope of a harmless prank.

Many reported severe business disruption with their Square payment readers, and others faced more threatening situations, like causing an insulin pump controller to crash.

People using Bluetooth-enabled hearing aids and heart rate monitoring tools also reported disruption, which could put their well-being at risk.

Greynoise vulnerability researcher Remy shaerd a thread on Twitter about the dangers of these types of attacks, warning that conducting BLE spam can have serious health ramifications for those impacted.

"For BTLE enabled medical equipment, at minimum a disruption results in a degraded quality of life for those affected," warned Remy in a conversation with BleepingComputer about BLE attacks.

"Some conditions may not be life threatening to have disruptions. Others may not be so lucky."

While some claim that Apple has quietly introduced a mitigation for the BLE attacks in iOS 17.2, the problem has not been addressed in Android at this time.

Furthermore, BleepingComputer's tests sending BLE spam to iOS devices from an Android app continued to work after installing iOS 17.2.

BleepingComputer contacted Google about their plans for these attacks in Android, but a response was not immediately available.

The Wall of Flippers (WoF) project aims to detect attackers conducting BlueTooth LE spam attacks so people on the receiving end can respond appropriately.

The Python script, which, for now, can run on Linux and Windows, is designed to be run continuously, constantly updating the user with the status of nearby BTLE devices, any potential threats, and general activity.

The main display features an ASCII art header, tables of live and offline devices, and detected BLE attack packets.

Detect Bluetooth LE attacks using Android You can detect BLE attacks such as iOS crash that are executed by Flipper Zero or its Android app variant (Bluetooth LE Spam) using Python script. Btw, Apple already fixed iOS BLE crash issue #nethunter https://t.co/TdTl2WQ84v pic.twitter.com/0EpQyudqDl

The script scans for BTLE packets in the vicinity and analyzes the transmitted packets against a set of predefined patterns considered to be indicative of malicious activity.

Wall of Flippers can currently detect the following at this time, but the project is a work in progress and will continue to get updates:

While listening passively, WoF captures the MAC address of the spamming device, which is a primary device identifier, the signal strength, which may be used to determine the attacker's proximity, and the data contained in the packets.

Instructions on installing WoF and setting up the project can be found on the developer's GitHub repository.

BleepingComputer has not tested WoF and cannot provide guarantees about the safety of the script, so be sure to inspect the code before installing.

Flipper Zero can now spam Android, Windows users with Bluetooth alerts

Flipper Zero Bluetooth spam attacks ported to new Android app

Microsoft discovers critical RCE flaw in Perforce Helix Core Server

Microsoft: OAuth apps used to automate BEC and cryptomining attacks

New critical Citrix NetScaler flaw exposes 'sensitive' data

This will only immediately identify script kiddies really. MAC addresses even on BT transceivers can be spoofed. That said, the signal strength indicator can track someone foolish enough to stay still while using the attack, and given enough receivers and WoF running, will enable determined defenders to pick even a moving attacker out of a crowd. It's good to see defenders having sufficient tooling should they be determined to protect their crowds and conference attendees from potentially life threatening attacks. Before people go off on "device makers should fix their shit", let me point out that the onerous is on the person breaking the law, NOT and never will be on their victims. Blaming the victim is bullshit.

Now certainly it isn't the victim's fault, but device makers are not the victim, they are the blue team to the prankster-red team. As makers of such things as insulin pumps, they need to guarantee that if some kid with a flipper walks by, that their product will not malfunction. We can't sterilize the tech environment by hunting those who innocent(or not) misuse tech, we just need to adapt and update so that our devices are resistant and pranksters/jerks can't abuse it in future.

No one's blaming the Victim, the device manufacturers are the issue and they should immediately update or recall such products vulnerable to such low skill attacks, ble should either be updated or removed.

It's also irresponsible to lay the blame on the device manufacturers. Yes, they should update their devices, but please tell me HOW you're going to do that? IN DETAIL. It's easy to go around and do the blame game. It's a lot harder to actually propose solutions. This attack exploits the BLE specification's flaws, it literally can't be fixed and still be compliant to the specification. Turning off BT is not an option because that's how these devices function. This requires multi-tiered approaches that include criminal law, citizen detective work, and device side mitigations. Putting everything on the device manufacturer is not going to work, because tomorrow someone else will find something else script kiddies can exploit, and possibly even get people killed. And again, and again, and again. Please call me when you can describe what an actual "secure device" looks like, and I don't mean that stupid cliche "unplugged in a locked room" because that's not helpful nor possible in today's society.

This feels like a big brother type of solution, when the real fix is to improve BLE security in the first place. It's a pen testing device and it found a flaw in a 'secure' system, that doesn't mean we should ban the use of the tester. Maybe it's like putting wifi in everything, maybe an insulin pump shouldn't have Bluetooth? These are the things we need to look into, not catching pranksters as if they were cybercriminals

The real question is, why is ble hardcoded into everything, why does android and ios not allow us to turn ble off and/or block devices. The issue isn't with attackers showing vulnerability, yes it's wrong but the bigger issue is the devices that use ble. They should be updated and if used for medical reasons recalled for such a flaw.

Not a member yet? Register Now

GTA 5 source code reportedly leaked online a year after RockStar hack

Google Chrome now scans for compromised passwords in the background

Windows Repair (All In One)

McAfee Consumer Products Removal tool

Not a member yet? Register Now

Women Locs Sunglasses Read our posting guidelinese to learn what content is prohibited.