Flipper Zero: The ‘Tamagotchi for Hackers’ Becomes a Real Threat for Devices
A new and concerning threat has emerged for owners of Android, iOS, and Windows devices, all thanks to the rising popularity of Flipper Zero. This device, often referred to as a ‘tamagotchi for hackers’, has recently been discovered to unleash new and highly annoying attacks. However, all of these attacks have one thing in common.
Security researcher Jeroen van deer Ham experienced the annoyance firsthand while traveling by train in the Netherlands. Suddenly, his iPhone was bombarded with a barrage of notifications, rendering his device almost unusable. To his surprise, the same thing happened on his return journey, affecting not only him but also other passengers. Van deer Ham soon noticed a fellow passenger who had been present on both trips, engaging in suspicious activity with his MacBook. It didn’t take long for him to connect the dots.
It turned out that the culprit was utilizing a Flipper Zero to send Bluetooth pairing requests to all iPhones within its range. These incessant notifications were part of a denial of service attack, overwhelming the targeted devices with an overwhelming number of messages and requests. Consequently, the affected devices became unresponsive and practically unusable.
Flipper Xtreme: The Firmware Behind the Attack
The ability to execute such attacks using Flipper Zero is made possible by the recently released firmware called Flipper Xtreme. Van deer Ham replicated the attack in a controlled environment, confirming that the same issue he encountered on the train was indeed caused by this firmware. Interestingly, devices running iOS versions prior to 17.0 remained unaffected by this attack. Other cybersecurity researchers also replicated the problem and shared their findings.
Android and Windows Vulnerabilities
Another researcher in the field, known as Talking Sasquach, discovered that this problem extends to Android and Windows devices as well. He published evidence of the attack on his YouTube channel. According to Bleeping Computer, the Flipper Zero’s Bluetooth spam tool offers various modes of operation, including specific ones for iOS 17, Android, and Windows. The cybercriminal simply needs to select the appropriate mode to flood nearby Bluetooth-enabled devices with constant notifications.
Solutions: Disabling Bluetooth
For iOS users, preventing this attack is as simple as disabling Bluetooth from the device settings. It is important to note that merely disabling Bluetooth from the control center is not sufficient. Android users have two solutions. The first involves navigating to Settings -> Google -> Devices and sharing -> Share with Nearby and deactivating the “Show notification” option. The second solution requires disabling “quick pairing” through Settings -> Google -> Devices and sharing -> Devices and then turning off the “Show notifications” option. Windows users can go to Settings, access the Bluetooth section, proceed to Devices -> Device Settings, and disable the “Show notifications to connect using Swift Pair” option.
Annoying, Yet Not Catastrophic
Although this type of attack can be incredibly frustrating for affected users, it does not pose an immediate threat of remote code execution or direct damage. However, it could potentially serve as a gateway for subsequent phishing attacks. Therefore, it is crucial to be aware of how to avoid such problems.
In Xataka | The Fraud of Yes: Police Warn of the Risk of Responding with an Apparently Harmless Word