Rewterz Threat Update – Flipper Zero and Android Bluetooth Spam Attacks Discovered by ‘Wall of Flippers’

Severity

High

Analysis Summary

A new Python project named ‘Wall of Flippers’ has detected Bluetooth spam attacks that are launched using Flipper Zero and Android devices. By identifying the origin of these attacks, the users can take protective measures, and the attackers can be held accountable for their malicious actions.

A security researcher demonstrated the ability to launch Bluetooth LE (BLE) spam attacks by utilizing the Flipper Zero portable wireless penetration testing and hacking tool in September 2023. The demonstrated attack involved spamming Apple devices with fake Bluetooth connection notifications, making it look more like a prank than a malicious activity. This idea was soon adopted by other developers who made a custom Flipper Zero firmware used to launch spam attacks against Windows laptops and Android smartphones.

The attack was ported to an Android app by a developer that allowed people to launch Bluetooth spam attacks without needing a Flipper Zero device. The consequences of these Bluetooth spam attacks were very soon discovered and these can go far beyond being just a harmless prank. Many people started reporting severe business disruption with their Square payment readers, and others faced life-threatening situations such as causing an insulin pump controller to crash due to the spam attacks.

People who use Bluetooth-enabled heart rate monitoring tools and hearing aids also reported disruption that could put their lives at risk. A researcher shared the dangers of these types of attacks and warned that performing BLE spam can have serious health consequences for the people who are impacted. Medical equipment that has BTLE enabled, even a small disruption can result in a degraded quality of life for the affected victims. Some claims have been heard that Apple has silently introduced a mitigation for the BLE attacks in iOS 17.2, but the problem has yet not been addressed in Android as of now.

The Wall of Flippers (WoF) project has a goal to detect attackers who perform Bluetooth LE spam attacks so the potential targets can respond quickly and effectively. The Python script can run on Linux and Windows continuously and constantly updates the user about the status of nearby BTLE devices of any potential threats or just general activity. The script scans for BTLE packets within the vicinity and analyzes the transmitted packets against a set of patterns that are predefined.

Wall of Flippers is a work-in-progress project and can detect the following currently:

• Flipper Zero detection (BT must be enabled)
• Flipper archiving (saving past data)
• iOS crash and popup BTLE detection
• Android crash and popup BTLE detection
• Windows Swift Pair BTLE detection
• LoveSpouse BTLE detection

Installation Instructions and how to set up WoF can be found on the developer’s GitHub repository.

Impact

• Operational Disruption
• System Crash

Remediation

• Keep all software, including operating systems, browsers, and applications, up to date with the latest security patches.
• Monitor network traffic for unusual or suspicious activity.
• Regularly back up critical data and systems.
• Enable antivirus and anti-malware software and update signature definitions on time. Using multi-layered protection is necessary to secure vulnerable assets.
• Conduct regular security audits and penetration testing to identify and address vulnerabilities proactively.
• Regularly back up critical data and ensure that a robust backup and recovery plan is in place.