Remember Bluetooth spam attacks iPhones suffering for a long time? Well, Wall of Flippers is here to become a remedy for that!
The Flipper Zero, a tiny pen-testing device, has become a darling of the security community. It’s packed with tools for exploring hardware, software, and wireless protocols. But like any powerful tool, it can be misused. Enter the rising tide of Bluetooth spam attacks fueled by Flipper Zero and a growing arsenal of custom firmware. But fear not, for a new hero has emerged: Wall of Flippers.
In September 2023, the world witnessed the birth of Flipper Zero Bluetooth spam. Researchers demonstrated the ability to bombard Apple devices with bogus connection requests, triggering an endless torrent of pop-ups and wreaking havoc on notifications.
While initially seen as a prank, the potential for more malicious applications loomed large. Soon, custom firmware emerged, expanding the attack canvas to Android and Windows, spamming users with unwanted advertisements, and potentially compromising device security.
What is Wall of Flippers?
Wall of Flippers is an open-source Python project offers a beacon of hope. Running on Linux and Windows, Wall of Flippers (WoF) continuously monitors nearby Bluetooth LE activity, alerting users to potential threats and providing valuable information.
Wall of Flippers scans for specific patterns in BLE packets indicative of malicious activity. It currently detects:
- Flipper Zero activity (BT must be enabled)
- iOS crash/popup-inducing BLE attacks
- Android crash/popup-inducing BLE attacks
- Windows Swift Pair BLE attacks
- LoveSpouse BLE attacks
Wall of Flippers captures crucial data like the attacker’s MAC address, signal strength, and packet content, empowering users to:
- Block the offending device
- Report the attacker
- Gather evidence for further investigation
How to install Wall of Flippers
Here’s a step-by-step guide on how to install WoF on Windows:
- Install Python:
- Go to the Python download page and download the latest version of Python for Windows
- Once the download is complete, run the installation file and follow the prompts to install Python
- Install pip:
- Open a command prompt or terminal window
- Run the following command to install pip:
- $ pip install –upgrade pip
- Install bleak:
- Run the following command to install bleak:
- $ pip install bleak
- Run the following command to install bleak:
- Clone the WoF repository:
- Open a command prompt or terminal window
- Run the following command to clone the WoF repository:
- $ git clone https://github.com/K3YOMI/Wall-of-Flippers
- Navigate to the WoF directory:
- CD into the WoF directory:
- $ cd ./Wall\ of\ Flippers
- CD into the WoF directory:
- Run the WoF script:
- Run the following command to start the WoF script:
- $ py WallofFlippers.py
- Run the following command to start the WoF script:
If you encounter any issues during the installation process, you can refer to the Wall of Flippers documentation on GitHub for more information.
Is FlipperZero really the bad guy here?
Flipper Zero, a powerful pen-testing tool, has recently come under scrutiny for its role in the Bluetooth spam situation. However, it’s important to recognize that the tool itself is not the root of the problem.
Flipper Zero can be used for both positive and negative purposes, much like any other tool. It’s the intent behind its use that warrants scrutiny, not the tool itself.
One reason why blaming Flipper Zero is overly simplistic is that similar attacks can be launched from multiple platforms. Attackers can use Linux computers or Android devices with specific apps to carry out the same type of attacks. Focusing solely on Flipper Zero ignores these alternative attack vectors and fails to address the larger issue.
Moreover, it’s important to acknowledge that Flipper Zero has legitimate uses in security research, hardware hacking, and exploring wireless protocols. By painting it solely as a tool for nefarious purposes, we downplay its potential benefits and the valuable role it can play in the hands of responsible users.
Featured image credit: Flipper Zero.
