A few days ago, a custom third-party firmware for the Flipper Zero was released. The firmware could flood iPhones and iPads with spam Bluetooth messages, and it even had a feature that could cause the device to lock up completely. This left a few Android users feeling smug about the security of their chosen platform over that of iOS and iPadOS.
Well, now the Bluetooth spam application for the Flipper Zero can target Android devices and PCs running Windows.
Now, again, this trick isn't possible with a stock Flipper Zero. Instead, you need to load a developer build of Xtreme third-party firmware onto the Flipper Zero. After the firmware has been installed, it's a case of launching an app called BLE Spam and choosing the appropriate attack.
To flood Android devices with popups, the attack to choose is Android Device Pair.
Press the Start button and popups begin to flood Android devices within range of the Flipper Zero.
And the popups continue until the attack is stopped on the Flipper Zero, the device goes out of range, or the user turns Bluetooth off.
Using a stock Flipper Zero, I can spam Android devices within a 20 to 30-foot range. If I switch to an external antenna, I can boost this range out to well over 50 feet.
As for the Windows attack, this is a lot less annoying because it generates little notifications from the system tray. This attack also relies on a feature called Swift Pair to be enabled.
Now, while there's no malicious payload as part of this attack, let's not overlook the fact that it is a denial of service attack. While a device is being flooded with popups, it's rather hard to make proper use of it. And although it's not as bad as the iOS flood attack that actually locks up the iPhone or iPad, this is still annoying to those being targeted.
Again, the only way to protect against this attack is to disable Bluetooth. Since there's no risk -- yet -- of this locking up an Android device, I don't think you need to disable Bluetooth preemptively. But if you do find popups appearing, you can then take action.
The fastest way to disable Bluetooth on an Android device is by using the Quick Settings drop-down menu, which you can access by swiping down from the menu bar twice and then tapping the Bluetooth button to turn it off.