Zero fin

Flipper Zero can now perform denial of service attacks on Android devices.

Adrian Kingsley Hughes/ZDNET

A few days ago, a third-party custom firmware for the Flipper Zero was released. The firmware can flood iPhones and iPads with unwanted Bluetooth messages, and it even has a feature that can cause the device to lock up entirely. This has left a few Android users feeling proud about the security of their chosen platform compared to iOS and iPadOS.

Well, Flipper Zero’s Bluetooth spam app can now target Android devices and Windows PCs.

Also: Flipper Zero can be used to disable iPhones running iOS 17, but there is a way to thwart the attack

Now, again, this trick is not possible with the Flipper Zero stock. Instead, you need to download an upgraded version of third-party Xtreme firmware on the Flipper Zero. After installing the firmware, an application called BLE Spam is launched and the appropriate attack is selected.

To flood Android devices with pop-ups, the attack of choice is Android Device Pair.

Press the Start button and pop-ups will start flooding Android devices within range of Flipper Zero.

Flipper Zero next to the phone

Flooding an Android smartphone with popups using BLE Spam on Flipper Zero.

Adrian Kingsley Hughes/ZDNET

The popups continue until the Flipper Zero attack is stopped, the device goes out of range, or the user turns off Bluetooth.

Flipper Zero next to the phone

Popups are random and annoyingly jump in front of whatever you do.

Adrian Kingsley Hughes/ZDNET

With Flipper Zero, I can spam Android devices within a 20-30 foot range. If I switch to an outdoor antenna, I can boost that range to over 50 feet.

As for the Windows attack, this is less annoying because it generates few notifications from the system tray. This attack also relies on a feature called Swift Pair to be enabled.

Zero fin

Flipper Zero can also attack Windows devices.

Adrian Kingsley Hughes/ZDNET

Now, even though there is no malicious payload as part of this attack, let’s not lose sight of the fact that it is a denial of service attack. While the device is full of pop-ups, it is difficult to utilize it properly. And while it’s not as bad as an iOS flood attack that actually locks an iPhone or iPad, it’s still annoying for those targeted.

Also: 7 cool and useful things you can do with Flipper Zero

Again, the only way to protect against this attack is to disable Bluetooth. Since there’s no risk – yet – of locking out your Android device, I don’t think you need to proactively disable Bluetooth. But if you find pop-ups appearing, then you can take necessary action.

The quickest way to disable Bluetooth on an Android device is to use the Quick Settings drop-down menu, which you can access by swiping down from the menu bar twice and then tapping the Bluetooth button to turn it off.

Leave a Reply

Your email address will not be published. Required fields are marked *