A brand new Python challenge known as ‘Wall of Flippers’ detects Bluetooth spam assaults launched by Flipper Zero and Android units.
By detecting the assaults and figuring out their origin, customers can take focused safety measures, and culprits can probably be held accountable for his or her actions.
Not an harmless prank
The flexibility to launch Bluetooth LE (BLE) spam assaults utilizing the Flipper Zero transportable wi-fi pen-testing and hacking device was first demonstrated in September 2023 by safety researcher ‘Techryptic.’
On the time, the assault concerned spamming Apple units with bogus Bluetooth connection notifications, so it appeared extra like a prank than something actually harmful.
The concept was shortly adopted by different builders who created a customized Flipper Zero firmware that might launch spam assaults in opposition to Android smartphones and Home windows laptops.
Quickly after, developer Simon Dankelmann ported the assault to an Android app, permitting individuals to launch Bluetooth spam assaults without having a Flipper Zero.
Nonetheless, individuals attending the current Midwest FurFest 2023 convention found first-hand that the implications of those Bluetooth spam assaults can go far past the scope of a innocent prank.
Many reported extreme enterprise disruption with their Sq. fee readers, and others confronted extra threatening conditions, like inflicting an insulin pump controller to crash.
Individuals utilizing Bluetooth-enabled listening to aids and coronary heart charge monitoring instruments additionally reported disruption, which might put their well-being in danger.
Greynoise vulnerability researcher Remy shaerd a thread on Twitter concerning the risks of a majority of these assaults, warning that conducting BLE spam can have critical well being ramifications for these impacted.
“For BTLE enabled medical gear, at minimal a disruption ends in a degraded high quality of life for these affected,” warned Remy in a dialog with BleepingComputer about BLE assaults.
“Some situations is probably not life threatening to have disruptions. Others is probably not so fortunate.”
Whereas some declare that Apple has quietly launched a mitigation for the BLE assaults in iOS 17.2, the issue has not been addressed in Android at the moment.
Moreover, BleepingComputer’s exams sending BLE spam to iOS units from an Android app continued to work after putting in iOS 17.2.
BleepingComputer contacted Google about their plans for these assaults in Android, however a response was not instantly out there.
Wall of Flippers
The Wall of Flippers (WoF) challenge goals to detect attackers conducting BlueTooth LE spam assaults so individuals on the receiving finish can reply appropriately.
The Python script, which, for now, can run on Linux and Home windows, is designed to be run constantly, continuously updating the person with the standing of close by BTLE units, any potential threats, and normal exercise.
The principle show options an ASCII artwork header, tables of reside and offline units, and detected BLE assault packets.
Detect Bluetooth LE assaults utilizing Android
You may detect BLE assaults similar to iOS crash which are executed by Flipper Zero or its Android app variant (Bluetooth LE Spam) utilizing Python script.
Btw, Apple already mounted iOS BLE crash difficulty #nethunter https://t.co/TdTl2WQ84v pic.twitter.com/0EpQyudqDl— Cellular Hacker (@androidmalware2) December 21, 2023
The script scans for BTLE packets within the neighborhood and analyzes the transmitted packets in opposition to a set of predefined patterns thought of to be indicative of malicious exercise.
Wall of Flippers can at the moment detect the next at the moment, however the challenge is a piece in progress and can proceed to get updates:
- Flipper Zero detection (BT should be enabled)
- Flipper archiving (saving previous information)
- iOS crash and popup BTLE detection
- Android crash and popup BTLE detection
- Home windows Swift Pair BTLE detection
- LoveSpouse BTLE detection
Whereas listening passively, WoF captures the MAC handle of the spamming system, which is a major system identifier, the sign power, which can be used to find out the attacker’s proximity, and the information contained within the packets.
Directions on putting in WoF and establishing the challenge could be discovered on the developer’s GitHub repository.
BleepingComputer has not examined WoF and can’t present ensures concerning the security of the script, so you should definitely examine the code earlier than putting in.