Flipper Zero can now spam Android, Windows users with Bluetooth alerts

A custom Flipper Zero firmware called 'Xtreme' has added a new feature to perform Bluetooth spam attacks on Android and Windows devices. A security researcher previously demonstrated the technique against Apple iOS devices, inspiring others to experiment with its potential impact on other platforms. The main idea behind the spam attack is to use Flipper Zero's wireless communication capabilities to spoof advertising packets and transmit them to devices in range of pairing and connection requests. This type of spam attack can confuse the target, make it difficult to discern between legitimate and spoofed devices, and even disrupt the user experience with non-stop notifications popping up on the targeted device. Earlier this month, Flipper Xtreme announced on its Discord channel that "Spam attacks" are coming in the next major firmware release. The admins even shared a demo video showcasing a denial of service attack on a Samsung Galaxy device, where a constant feed of connection notifications renders the device unusable. Although the latest firmware hasn't reached stable status, the "Spam attack" has been incorporated into the latest development build via a new app named 'BLE Spam,' available on GitHub. YouTuber 'Talking Sasquach' gave the dev firmware image a spin on his Flipper Zero and reported that the attack works as expected on Windows and Android. Choosing any of the above causes Flipper Zero to begin broadcasting the corresponding Bluetooth packets to pop-up connectivity prompts and notifications on devices in range. These attacks are more of an annoyance rather than a real threat. As BLE Spam allows users to craft custom notifications, these spams can get creative and trickier, playing a role in social engineering or other threat scenarios. Roid 14 and Windows 11 devices, by default, display notifications on Bluetooth connection requests, so these Flipper Zero attacks could cause problems. Thankfully, there's an easy way to block these notifications on both systems. On Android, head to Settings Google Nearby Share, and turn the toggle on Show notification to the "Off" position. The same menu can be accessed through Settings Connected Devices Connection preferences Nearby Share. Users shouldn't be too worried about rogue broadcasts of this kind, as these cannot perform code execution on recipient devices or cause direct harm. Noting the potential for phishing is crucial, and knowing how to stop the notifications in cases of persistent pranking can save people time and frustration. Flipper Zero can be used to launch iOS Bluetooth spam attacks. Windows 11 to let admins mandate SMB encryption for outbound connections. Microsoft disables bad spam rule flagging all sent emails as junk.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Flipper Zero can now spam Android, Windows users with Bluetooth alerts

'Wall of Flippers' detects Flipper Zero Bluetooth spam attacks - A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. By detecting the attacks and identifying their origin, users can take targeted protection measures, and culprits can ...
1 year ago Bleepingcomputer.com
Flipper Zero can now spam Android, Windows users with Bluetooth alerts - A custom Flipper Zero firmware called 'Xtreme' has added a new feature to perform Bluetooth spam attacks on Android and Windows devices. A security researcher previously demonstrated the technique against Apple iOS devices, inspiring others to ...
1 year ago Bleepingcomputer.com
Flipper Zero Bluetooth spam attacks ported to new Android app - Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts. Inspired by previous research on the topic and Flipper Zero applets targeting iOS ...
1 year ago Bleepingcomputer.com Rocke
Unraveling the Wonders of Bluetooth - Continuing its evolution, Bluetooth 3.0 + HS arrived in 2009, introducing the concept of Bluetooth High Speed, leveraging Wi-Fi technology for faster data transfer over short distances. Bluetooth 4.0, introduced in 2010, marked a significant ...
1 year ago Feeds.dzone.com
Canada to ban the Flipper Zero to stop surge in car thefts - The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. The Flipper Zero is a portable and programmable pen-testing tool that helps experiment with and debug various ...
1 year ago Bleepingcomputer.com
Canada to ban the Flipper Zero to stop surge in car thefts - The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. The Flipper Zero is a portable and programmable pen-testing tool that helps experiment with and debug various ...
1 year ago Bleepingcomputer.com
New BLUFFS attack lets attackers hijack Bluetooth connections - Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle attacks. Daniele Antonioli, who discovered the attacks, ...
1 year ago Bleepingcomputer.com CVE-2023-24023
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
1 year ago Bleepingcomputer.com
CVE-2022-49910 - In the Linux kernel, the following vulnerability has been resolved: ...
4 weeks ago
CVE-2023-53057 - In the Linux kernel, the following vulnerability has been resolved: ...
4 weeks ago
This tiny device is sending updated iPhones into a never-ending DoS loop - One morning two weeks ago, security researcher Jeroen van der Ham was traveling by train in the Netherlands when his iPhone suddenly displayed a series of pop-up windows that made it nearly impossible to use his device. "My phone was getting these ...
1 year ago Arstechnica.com
Flipper Zero maker unveils ‘Busy Bar,’ a new ADHD productivity tool - Flipper Devices, the company behind the popular Flipper Zero, has launched an open-source productivity tool called Busy Bar, designed to help reduce distractions for people with ADHD. BUSY Bar is the second standalone hardware device launched by ...
1 month ago Bleepingcomputer.com
How To Prioritize Threat Intelligence Alerts In A High-Volume SOC - This article explores practical strategies and frameworks for prioritizing threat intelligence alerts in high-volume SOC environments, helping security teams focus on what matters most while reducing alert fatigue and improving overall security ...
1 month ago Cybersecuritynews.com
CVE-2025-21969 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown - Canadian Prime Minister Justin Trudeau has identified an unlikely public enemy No. 1 in his new crackdown on car theft: the Flipper Zero, a $200 piece of open source hardware used to capture, analyze and interact with simple radio communications. In ...
1 year ago Arstechnica.com
CVE-2024-49950 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 ...
7 months ago Tenable.com
CVE-2021-47038 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock ...
1 year ago Tenable.com
Zero Trust 2025 - Emerging Trends Every Security Leader Needs to Know - Forward-thinking organizations are embedding Zero Trust principles into broader business strategies rather than treating them as isolated security initiatives. Security leaders must champion this integrated approach to Zero Trust implementation to ...
1 month ago Cybersecuritynews.com
Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover - Attackers can exploit a critical Bluetooth security vulnerability that's been lurking largely unnoticed for years on macOS, iOS, Android, and Linux device platforms. The keystroke injection vulnerability allows an attacker to control the targeted ...
1 year ago Darkreading.com CVE-2023-45866
Zero-Trust Architecture in Modern Cybersecurity - Clearly, organizations need more robust cybersecurity protections in place, which is leading many to adopt a zero-trust architecture approach. Zero-trust flips conventional security on its head by shifting from an implicit trust model to one where ...
1 year ago Feeds.dzone.com
Undocumented commands found in Bluetooth chip used by a billion devices - Armed with this new tool, which enables raw access to Bluetooth traffic, Tarlogic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions. "Tarlogic Security ...
2 months ago Bleepingcomputer.com
Zero Trust Security Framework: Implementing Trust in Business - The Zero Trust security framework is an effective approach to enhancing security by challenging traditional notions of trust. Zero Trust Security represents a significant shift in the cybersecurity approach, challenging the conventional concept of ...
1 year ago Securityzap.com
15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
4 weeks ago Cybersecuritynews.com
CVE-2024-53208 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync This fixes the following crash: ================================================================== BUG: KASAN: ...
5 months ago Tenable.com
Microsoft extends Windows Server 2012 ESUs to October 2026 - Microsoft provides three more years of Windows Server 2012 Extended Security Updates until October 2026, giving administrators more time to upgrade or migrate to Azure. The company also prolonged the end date for Windows Server 2012 and extended ...
1 year ago Bleepingcomputer.com