A brand new Python mission known as ‘Wall of Flippers’ detects Bluetooth spam assaults launched by Flipper Zero and Android gadgets.
By detecting the assaults and figuring out their origin, customers can take focused safety measures, and culprits can probably be held accountable for his or her actions.
Not an harmless prank
The flexibility to launch Bluetooth LE (BLE) spam assaults utilizing the Flipper Zero moveable wi-fi pen-testing and hacking instrument was first demonstrated in September 2023 by safety researcher ‘Techryptic.’
On the time, the assault concerned spamming Apple gadgets with bogus Bluetooth connection notifications, so it appeared extra like a prank than something actually harmful.
The concept was shortly adopted by different builders who created a customized Flipper Zero firmware that would launch spam assaults towards Android smartphones and Home windows laptops.
Quickly after, developer Simon Dankelmann ported the assault to an Android app, permitting individuals to launch Bluetooth spam assaults while not having a Flipper Zero.
Nevertheless, individuals attending the current Midwest FurFest 2023 convention found first-hand that the implications of those Bluetooth spam assaults can go far past the scope of a innocent prank.
Many reported extreme enterprise disruption with their Sq. fee readers, and others confronted extra threatening conditions, like inflicting an insulin pump controller to crash.
Folks utilizing Bluetooth-enabled listening to aids and coronary heart fee monitoring instruments additionally reported disruption, which may put their well-being in danger.
Greynoise vulnerability researcher Remy shaerd a thread on Twitter concerning the risks of these kind of assaults, warning that conducting BLE spam can have severe well being ramifications for these impacted.
“For BTLE enabled medical gear, at minimal a disruption leads to a degraded high quality of life for these affected,” warned Remy in a dialog with BleepingComputer about BLE assaults.
“Some situations is probably not life threatening to have disruptions. Others is probably not so fortunate.”
Whereas some declare that Apple has quietly launched a mitigation for the BLE assaults in iOS 17.2, the issue has not been addressed in Android right now.
Moreover, BleepingComputer’s exams sending BLE spam to iOS gadgets from an Android app continued to work after putting in iOS 17.2.
BleepingComputer contacted Google about their plans for these assaults in Android, however a response was not instantly out there.
Wall of Flippers
The Wall of Flippers (WoF) mission goals to detect attackers conducting BlueTooth LE spam assaults so individuals on the receiving finish can reply appropriately.
The Python script, which, for now, can run on Linux and Home windows, is designed to be run constantly, continually updating the consumer with the standing of close by BTLE gadgets, any potential threats, and basic exercise.
The primary show options an ASCII artwork header, tables of dwell and offline gadgets, and detected BLE assault packets.
Detect Bluetooth LE assaults utilizing Android
You’ll be able to detect BLE assaults corresponding to iOS crash which might be executed by Flipper Zero or its Android app variant (Bluetooth LE Spam) utilizing Python script.
Btw, Apple already mounted iOS BLE crash challenge #nethunter https://t.co/TdTl2WQ84v pic.twitter.com/0EpQyudqDl— Cellular Hacker (@androidmalware2) December 21, 2023
The script scans for BTLE packets within the neighborhood and analyzes the transmitted packets towards a set of predefined patterns thought of to be indicative of malicious exercise.
Wall of Flippers can at present detect the next right now, however the mission is a piece in progress and can proceed to get updates:
- Flipper Zero detection (BT should be enabled)
- Flipper archiving (saving previous information)
- iOS crash and popup BTLE detection
- Android crash and popup BTLE detection
- Home windows Swift Pair BTLE detection
- LoveSpouse BTLE detection
Whereas listening passively, WoF captures the MAC tackle of the spamming system, which is a main system identifier, the sign power, which can be used to find out the attacker’s proximity, and the information contained within the packets.
Directions on putting in WoF and organising the mission could be discovered on the developer’s GitHub repository.
BleepingComputer has not examined WoF and can’t present ensures concerning the security of the script, so remember to examine the code earlier than putting in.