It’s dubbed as a ‘tamagotchi for hackers’, but the popularity of the Flipper Zero has turned it into a real threat for an increasing number of scenarios and devices. Recent days saw a surge in annoying spam attacks targeting Android, iOS, and Windows devices, but they all depend on one thing.
Unstoppable Notifications
Security researcher Jeroen van der Ham was traveling on a train in the Netherlands a few days ago when suddenly, a bunch of notifications started appearing on his iPhone, making it almost impossible to use his device. The same thing happened on the way back, both to him and other passengers on the train, but he soon recognized a passenger who had also been with him on the way there. He noticed that the passenger was doing something strange with his MacBook, and it all added up.
What's the purpose of posting this? It has the capability to effectively launch a DDOS notification attack on any iOS device, rendering it nonfunctional. Even if the device is in airplane mode, it's still susceptible. Apple should consider implementing safeguards to mitigate.
— Techryptic, Ph.D. (@tech) September 4, 2023
Bluetooth Spam
It turned out the cybercriminal was using a Flipper Zero to send Bluetooth pairing requests to all the iPhones within its range. These constant notifications were part of a kind of denial-of-service attack where a device receives so many messages and requests that it becomes “drowned” in them and can no longer respond or be used normally.
Flipper Zero: Flipper Xtreme
The ability to do this with the Flipper Zero is due to the recent release of a new firmware called Flipper Xtreme. Van der Ham recreated the attack in a controlled environment and confirmed that the same thing happened as in the train. Interestingly, this attack did not affect devices with iOS versions prior to 17.0. Other cybersecurity researchers also replicated the issue and published their findings on X.
Android and Windows Also Affected by Flipper Zero
This same issue also affects Android and Windows devices, as discovered by another researcher in this field who published their tests on their YouTube channel, Talking Sasquach. Bleeping Computer explains how the Bluetooth spam tool for the Flipper Zero has several operating modes, including several specific to iOS 17, Android, and Windows. The cybercriminal simply has to choose one to start flooding nearby devices with active Bluetooth with constant notifications.
Solution
Turn off Bluetooth. iOS users can avoid this attack by disabling Bluetooth from the device settings. It’s important to note that simply disabling Bluetooth from the control center is not enough. For Android, there are two solutions. The first is to go to Settings -> Google -> Devices and Sharing -> Nearby Sharing and disable the “Show notification” option. The second is to disable “Fast Pairing” through Settings -> Google -> Devices and Sharing -> Devices, then disable the “Show notifications” option. In Windows, go to Settings and, in the Bluetooth section, go to Devices -> Device settings and then disable the “Show notifications to connect using Swift Pair” option.
More Annoying Than Alarming Attack
Although this type of attack ends up being very annoying for affected users, this kind of vulnerability does not, in principle, allow for remote code execution or direct damage. Nevertheless, it could be used as a pathway for a subsequent phishing attack, for example, so knowing how to avoid such problems is advisable.