Bluetooth devices, such as some wireless headphones, usually generate a signal, identifier or beacon, which is captured by nearby equipment, such as mobile phones or PCs. This is how we receive the notification that such a Bluetooth device wants to connect to our cell phone and we managed to make the connection between both of us. Taking advantage of this Bluetooth pairing model that is used in a similar way by Android, iPhone and Windows, there are applications that are capable of impersonating Bluetooth devices and even spamming the pairing notification to nearby devices. They basically attack with notifications like the ones seen below..
Spamming Android with Bluetooth device spoofing
nRF Connect is an app that requires a simple setup like the one shown in the video above to spam Android devices. In the configuration, a series of hexadecimal characters are basically added, which correspond to Google's "Fast Pair" pairing technology and the identifier of the Bluetooth device that we want to impersonate (in this list you can see the hexadecimal codes of many devices Bluetooth that we can use).
Once the "hack" is activated, the app generates the Bluetooth pairing message a couple of times on nearby devices. To generate the message again, we must change the hexadecimal code of the device we are impersonating and activate the switch again. Unfortunately, as can be seen, the operation of the app seems inconsistent and that is what I experienced after a couple of hours of testing. To seriously bother, buying a Flipper Zero may be the alternative..
This works even if nearby Bluetooth devices do not have Bluetooth enabled and apparently even if they activate airplane mode. There is only one way to protect yourself from these attacks, which is explained below.
Windows devices can also be attacked with this same app and with an even easier configuration, which is shown in the screenshot above. Unfortunately I have not been able to affect Windows devices with this application and that configuration..
One-click Bluetooth Spoofing with Bluetooth LE Spam
Inspired by the previous app, a developer published an app on GitHub that with one touch generates many Bluetooth pairing messages to nearby devices, whether Android, Windows or Apple (iPhone, iPad). In my case, the messages did not appear at the moment the app generated them but rather a few minutes later, so I would say that this spamming technique in general seems inconsistent to perform. However, with this app, once the messages started appearing consecutively (there were like 10 or 15), it was very annoying to have to discard each pairing notification from non-existent Bluetooth devices one by one.
How to avoid receiving Bluetooth pairing notifications
On Android you have to go to Settings, Google, Devices and sharing, Devices and deactivate the option that says "Search nearby devices" . The “hack” indicated above is effective because this option is activated by default on Android devices, so unless it is disabled (which is unlikely), any user nearby could be a victim.
In the case of Windows, the option that must be deactivated to avoid this Bluetooth spoofing attack is to go to Settings Bluetooth and other devices and there deactivate the option that says "Show notifications for connection with quick pairing" , which is also activated by default in Windows.
Source : Mobile Hacker
Beware of “bomb” messages on WhatsApp that make you lose your
How to connect your mobile phone to the car or other devices AUTOMATICALLY via BLUETOOTH
How to know if your WiFi is secure and if the computers in your home could be hacked from the Internet
