A new custom firmware for Flipper Zero, known as ‘Xtreme,’ has introduced the capability to launch Bluetooth spam attacks on Android and Windows devices. Initially demonstrated against Apple iOS devices, this technique has attracted interest from researchers exploring its effects on other platforms.
The concept behind these spam attacks is to utilize Flipper Zero’s wireless communication features to spoof advertising packets and transmit them to devices within range of pairing and connection requests. These attacks, while not posing a direct threat, can be disruptive by causing confusion and persistent notifications, potentially impacting the user experience.
Flipper Xtreme recently announced “spam attacks” on its Discord channel, even demonstrating a denial-of-service (DoS) attack on a Samsung Galaxy device with a constant stream of connection notifications.
Although the latest firmware version hasn’t reached a stable release, the “spam attack” is already available in the latest development build through the ‘BLE Spam’ app on GitHub. This application offers users eight flood attack options, allowing for creative and potentially tricky spamming, which could play a role in social engineering and other threat scenarios.
While these attacks may not lead to code execution or direct harm, being aware of their potential for phishing is essential, and learning how to block notifications on Android and Windows can help users deal with any persistent pranking effectively.
