If you managed to get your hands on one Pinball Zerogood news, the little accessory has even gained new features.
The Flipper Zero is a divisive gadget. A true all-purpose machine for hackers, the small device can also highlight the IT weaknesses of our everyday gadgets. This is exactly what is happening with the device’s new feature, which helps crash smartphones and PCs. But don’t panic, it is possible to alleviate the problem.
A denial of service attack in Bluetooth
A modified version of the software, nicknamed “Flipper Xtreme”, allows Android phones and Windows computers to be flooded with Bluetooth notifications. A denial of service attack making the device difficult to use. The technique is similar to the “Lockup Crash” attack used a few weeks ago to crash iPhones running iOS 17.
Concretely, thanks to the “BLE Spam” application, the Flipper Zero will pretend to be a pair of Bluetooth headphones and will try to connect in a loop to a phone. By exploiting the “Fast Pair” functionality (which theoretically allows devices to be connected in one click), the little gadget will bring up repeated pop-up windows, making the mobile unusable. Same thing on a Windows machine.
As things currently stand, this attack is not dangerous strictly speaking since it does not allow code to be executed remotely on a device. On the other hand, as it is possible to use Flipper Zero to create misleading notifications, the best thing to do is to protect yourself from this type of attack by diving into the bowels of your mobile.
How to protect yourself?
On Android, go to the Settings app, select the “Google” entry, then “Devices and sharing” and finally “Nearby sharing”. From there, turn off the “Show notification when sharing between nearby devices” option.
As for Windows, you have to go to “Settings”, then “Peripherals”, “Bluetooth and other devices” and uncheck the box “Show notifications for connecting using Swift Pair”.
This little manipulation should allow you to protect yourself from a possible denial of service attack carried out by a Flipper Zero. If these attack vectors are worrying, especially when they can be exploited by a semi-consumer device, it is always better to know the weaknesses of your machines in order to be able to fill them rather than one day clicking on a bogus notification , which nevertheless seems harmless.
Source : Bleeping Computer
14