Flipper Zero Bluetooth spam attacks ported to new Android app

Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. Inspired by previous research on the topic and Flipper Zero applets targeting iOS devices, and later Android and Windows, software developer Simon Dankelmann developed an Android app capable of the same Bluetooth spam. The Android app, named 'Bluetooth-LE-Spam,' can generate BLE advertisement packages spoofing various devices to nearby Windows and Android devices, eliminating the need for a Flipper Zero. The project is still in early development, but BleepingComputer's tests confirmed that it works as advertised. Specifically, the app can broadcast connection requests with set time intervals as frequent as 1 second, targeting 'Fast Pair' on Android or 'Swift Pair' on Windows. One thing to note is that even though the Android API allows setting the transmission power level, developers have limited control over the actual data being broadcasted in relation to the TX power level. This constraint by the Android SDK can result in poor reception from the target devices, which is not a problem in Flipper Zero, which can achieve a more extended and precise range when connecting to other devices. In our tests, we found that some broadcasts were caught by the target only if the Android device generating them was as close as a few centimeters. In contrast, in other cases, notifications were generated from several meters away. An interesting side-effect we noticed is that Bluetooth-connected devices like mice and keyboards can become unresponsive during spam broadcasts. This is another way of creating disruptive "Denial of service" attacks on a target. For now, the app stands as a demonstration of a possibility rather than a severe threat to users, but knowing how to turn off these notifications in the event you're targeted is good. On Android, head to Settings Google Nearby Share, and turn the toggle on Show notification to the "Off" position. We recommend against testing the 'Bluetooth-LE-Spam' app on your main device for reasons of security, as BleepingComputer cannot provide any guarantees that the project is safe. Flipper Zero can now spam Android, Windows users with Bluetooth alerts. Fake 'RedAlert' rocket alert app for Israel installs Android spyware. Samsung Galaxy gets new Auto Blocker anti-malware feature. Huawei, Vivo phones tag Google app as TrojanSMS-PA malware. Roid adware apps on Google Play amass two million installs.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Flipper Zero Bluetooth spam attacks ported to new Android app

'Wall of Flippers' detects Flipper Zero Bluetooth spam attacks - A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. By detecting the attacks and identifying their origin, users can take targeted protection measures, and culprits can ...
11 months ago Bleepingcomputer.com
Flipper Zero Bluetooth spam attacks ported to new Android app - Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. Inspired by previous research on the topic and Flipper Zero applets targeting iOS ...
1 year ago Bleepingcomputer.com
Flipper Zero can now spam Android, Windows users with Bluetooth alerts - A custom Flipper Zero firmware called 'Xtreme' has added a new feature to perform Bluetooth spam attacks on Android and Windows devices. A security researcher previously demonstrated the technique against Apple iOS devices, inspiring others to ...
1 year ago Bleepingcomputer.com
New BLUFFS attack lets attackers hijack Bluetooth connections - Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle attacks. Daniele Antonioli, who discovered the attacks, ...
1 year ago Bleepingcomputer.com
Unraveling the Wonders of Bluetooth - Continuing its evolution, Bluetooth 3.0 + HS arrived in 2009, introducing the concept of Bluetooth High Speed, leveraging Wi-Fi technology for faster data transfer over short distances. Bluetooth 4.0, introduced in 2010, marked a significant ...
10 months ago Feeds.dzone.com
Canada to ban the Flipper Zero to stop surge in car thefts - The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. The Flipper Zero is a portable and programmable pen-testing tool that helps experiment with and debug various ...
9 months ago Bleepingcomputer.com
Canada to ban the Flipper Zero to stop surge in car thefts - The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. The Flipper Zero is a portable and programmable pen-testing tool that helps experiment with and debug various ...
9 months ago Bleepingcomputer.com
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
1 year ago Bleepingcomputer.com
This tiny device is sending updated iPhones into a never-ending DoS loop - One morning two weeks ago, security researcher Jeroen van der Ham was traveling by train in the Netherlands when his iPhone suddenly displayed a series of pop-up windows that made it nearly impossible to use his device. "My phone was getting these ...
1 year ago Arstechnica.com
Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown - Canadian Prime Minister Justin Trudeau has identified an unlikely public enemy No. 1 in his new crackdown on car theft: the Flipper Zero, a $200 piece of open source hardware used to capture, analyze and interact with simple radio communications. In ...
9 months ago Arstechnica.com
CVE-2021-47038 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock ...
9 months ago Tenable.com
CVE-2024-49950 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 ...
1 month ago Tenable.com
Zero-Trust Architecture in Modern Cybersecurity - Clearly, organizations need more robust cybersecurity protections in place, which is leading many to adopt a zero-trust architecture approach. Zero-trust flips conventional security on its head by shifting from an implicit trust model to one where ...
8 months ago Feeds.dzone.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
6 months ago Securityaffairs.com
Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover - Attackers can exploit a critical Bluetooth security vulnerability that's been lurking largely unnoticed for years on macOS, iOS, Android, and Linux device platforms. The keystroke injection vulnerability allows an attacker to control the targeted ...
11 months ago Darkreading.com
Zero Trust Security Framework: Implementing Trust in Business - The Zero Trust security framework is an effective approach to enhancing security by challenging traditional notions of trust. Zero Trust Security represents a significant shift in the cybersecurity approach, challenging the conventional concept of ...
10 months ago Securityzap.com
Implementing Zero Trust and Mitigating Risk: ISC2 Courses to Support Your Development - PRESS RELEASE. Zero trust security is a proactive and robust approach to cybersecurity that addresses modern threats by continuously verifying and monitoring all network activities. While its implementation can be complex and resource-intensive, the ...
5 months ago Darkreading.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
10 months ago Darkreading.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices - Bluetooth vulnerabilities in Android, Linux, macOS, iOS, and Windows are critical as hackers could exploit them to gain unauthorized access to the vulnerable devices. Such flaws in Bluetooth protocols enable the threat actors to steal sensitive data, ...
10 months ago Cybersecuritynews.com
What Is Android System WebView and Should You Uninstall It? | Definition from TechTarget - Android developers use WebView when they want to display webpages or Hypertext Markup Language content in a Google app or other application. Android System WebView is a system component for the Android operating system (OS) that enables Android apps ...
2 months ago Techtarget.com
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com
Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
9 months ago Go.theregister.com
The Role of Zero-Knowledge Proofs in LLM Chains - In today's digital age, data privacy has become a paramount concern for individuals and organizations alike. With the increasing amount of personal and sensitive information being stored and transmitted online, there is a growing need for robust ...
10 months ago Feeds.dzone.com
Google Groups is ending support for Usenet to combat spam - Google has officially announced it's ceasing support for Usenet groups on its Google Groups platform, a move partly attributed to the platform's increasing struggle with spam content. The upcoming changes will take effect from February 22, 2024, ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)