Flipper Zero can now provide denial of service attacks on Android devices. Adrian Kingsley-Hughes/ZDNet
A few days ago, a custom third-party firmware for Flipper Zero was released. The firmware could flood iPhones and iPads with spam Bluetooth messages, and it had a feature that could completely lock up the device. This has left some Android users confused about the security of their chosen platform compared to iOS and iPadOS.
Well, now the Bluetooth Spam app for Flipper Zero can target Android devices and PCs running Windows.
Also: Flipper Zero can be used to crash iPhones running iOS 17, but there’s a way to thwart the attack
Now, again, this strategy is not possible with the stock Flipper Zero. Instead, you need to load a developer build Extreme 3rd party firmware In Flipper Zero. After installing the firmware, it’s a case of launching an app called BLE Spam and choosing the appropriate attack.
To flood Android devices with popups, the attack of choice is Android Device Pair
Press the start button and popups start flooding Android devices within Flipper Zero’s range.
Flooding an Android smartphone with popups using BLE spam in Flipper Zero. Adrian Kingsley-Hughes/ZDNet
And the popups continue until the attack on Flipper Zero is stopped, the device moves out of range, or the user turns off Bluetooth.
Popups randomly and annoyingly jump in front of whatever you’re doing Adrian Kingsley-Hughes/ZDNet
Using a stock Flipper Zero, I can spam Android devices within a 20- to 30-foot range. If I switch to an external antenna, I can extend this range to over 50 feet.
For Windows attacks, it’s much less annoying because it generates little notifications from the system tray. This attack also relies on a feature called Swift Pair to enable it.
Flipper Zero can also attack Windows devices. Adrian Kingsley-Hughes/ZDNet
Now, even though there is no malicious payload as part of this attack, let’s not ignore the fact that this is a denial of service attack. When a device is flooded with popups, it is rather difficult to use it properly. And while it’s not as bad as an iOS flood attack that actually locks up an iPhone or iPad, it’s still annoying for those being targeted.
Also: 7 cool and useful things to do with your Flipper Zero
Again, the only way to protect against this attack is to disable Bluetooth. Since there’s no risk — yet — of it locking up an Android device, I don’t think you need to disable Bluetooth beforehand. But if you see popups, you can take action
The quickest way to disable Bluetooth on an Android device is to use the Quick Settings drop-down menu, which you can access by swiping down twice from the menu bar and then tapping the Bluetooth button to turn it off.