Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. Inspired by previous research on the topic and Flipper Zero applets targeting iOS devices, and later Android and Windows, software developer Simon Dankelmann developed an Android app capable of the same Bluetooth spam. The Android app, named 'Bluetooth-LE-Spam,' can generate BLE advertisement packages spoofing various devices to nearby Windows and Android devices, eliminating the need for a Flipper Zero. The project is still in early development, but BleepingComputer's tests confirmed that it works as advertised. Specifically, the app can broadcast connection requests with set time intervals as frequent as 1 second, targeting 'Fast Pair' on Android or 'Swift Pair' on Windows. One thing to note is that even though the Android API allows setting the transmission power level, developers have limited control over the actual data being broadcasted in relation to the TX power level. This constraint by the Android SDK can result in poor reception from the target devices, which is not a problem in Flipper Zero, which can achieve a more extended and precise range when connecting to other devices. In our tests, we found that some broadcasts were caught by the target only if the Android device generating them was as close as a few centimeters. In contrast, in other cases, notifications were generated from several meters away. An interesting side-effect we noticed is that Bluetooth-connected devices like mice and keyboards can become unresponsive during spam broadcasts. This is another way of creating disruptive "Denial of service" attacks on a target. For now, the app stands as a demonstration of a possibility rather than a severe threat to users, but knowing how to turn off these notifications in the event you're targeted is good. On Android, head to Settings Google Nearby Share, and turn the toggle on Show notification to the "Off" position. We recommend against testing the 'Bluetooth-LE-Spam' app on your main device for reasons of security, as BleepingComputer cannot provide any guarantees that the project is safe. Flipper Zero can now spam Android, Windows users with Bluetooth alerts. Fake 'RedAlert' rocket alert app for Israel installs Android spyware. Samsung Galaxy gets new Auto Blocker anti-malware feature. Huawei, Vivo phones tag Google app as TrojanSMS-PA malware. Roid adware apps on Google Play amass two million installs.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000