Flipper Zero it is a portable open source device that needs no introduction. It combines different functions in a single compact tool: it is able to read, copy and emulate radio frequency tags, radio controls and digital access keys; can interact with various radio protocols, access control systems, infrared devices, integrates various skills in the field of IT securitycan be used for activities pentesting and hardware exploration.
In September we saw how Flipper Zero makes iPhones go crazy with a DoS-like attack. A firmware customized for Flipper Zero, called Xtremeseems to be inspired by what is already possible in the iOS field to launch a similar attack against Android devices and Windows systems.
Xtreme firmware for Flipper Zero can cause problems with Android and Windows devices – here’s why
The idea behind the new attack mode is widely known: devices Android e Windows with the Bluetooth module active you may receive continuous connection requests. By sending specific ones ad packages, foreseen by the Bluetooth standard, Flipper Zero turns into a device that can prevent the normal use of a smartphone, a tablet or a portable PC. Because the operating system, via the Bluetooth module, continuously reports the advertisements produced by Flipper Zero.
As seen in this video, the continuous flow of advertising packets launched by Flipper Zero makes a Samsung Galaxy smartphone practically unusable which, in very rapid succession, displays the message “New Bluetooth device found“.
Although the latest version of the Xtreme firmware is not yet listed as “stable”, the mechanism that continuously generates Bluetooth messages (called BE Spam) is already an integral part of the latest build published on GitHub.
How to Block BLE Spam Attacks
We had already remarked, in the article cited at the beginning, that threats such as BE Spam they are more annoyances than real safety issues. Android and Windows devices, by default, show a notification when each request arrives connection via Bluetooth.
To avoid being targeted by Bluetooth ads continuously sent via Flipper Zero, you can access the Google settings on Android, tap the entry Devices and sharingto select Sharing nearby then disable the option Show notification.
In Windows, just type Bluetooth in the search box, select Bluetooth and other device settings then turn off the “switch” Show notifications for connecting with Quick Pair.
