+4 votes
80 views
Attacking nearby cell phones and PCs with Bluetooth pairing message SPAM and how to protect yourself

in Technology by (552k points)
reopened | 80 views

1 Answer

+5 votes
Best answer

Spamming Android with Bluetooth device spoofing
One-click Bluetooth Spoofing with Bluetooth LE Spam
How to avoid receiving Bluetooth pairing notifications

image

Bluetooth devices, such as some wireless headphones, usually generate a signal, identifier or beacon, which is captured by nearby equipment, such as mobile phones or PCs. This is how we receive the notification that such a Bluetooth device wants to connect to our cell phone and we managed to make the connection between both of us. Taking advantage of this Bluetooth pairing model that is used in a similar way by Android, iPhone and Windows, there are applications that are capable of impersonating Bluetooth devices and even spamming the pairing notification to nearby devices. They basically attack with notifications like the ones seen below..

image image

Spamming Android with Bluetooth device spoofing

nRF Connect is an app that requires a simple setup like the one shown in the video above to spam Android devices. In the configuration, a series of hexadecimal characters are basically added, which correspond to Google's "Fast Pair" pairing technology and the identifier of the Bluetooth device that we want to impersonate (in this list you can see the hexadecimal codes of many devices Bluetooth that we can use).

Once the "hack" is activated, the app generates the Bluetooth pairing message a couple of times on nearby devices. To generate the message again, we must change the hexadecimal code of the device we are impersonating and activate the switch again. Unfortunately, as can be seen, the operation of the app seems inconsistent and that is what I experienced after a couple of hours of testing. To seriously bother, buying a Flipper Zero may be the alternative..

This works even if nearby Bluetooth devices do not have Bluetooth enabled and apparently even if they activate airplane mode. There is only one way to protect yourself from these attacks, which is explained below.

image image

Windows devices can also be attacked with this same app and with an even easier configuration, which is shown in the screenshot above. Unfortunately I have not been able to affect Windows devices with this application and that configuration..

One-click Bluetooth Spoofing with Bluetooth LE Spam

image

Inspired by the previous app, a developer published an app on GitHub that with one touch generates many Bluetooth pairing messages to nearby devices, whether Android, Windows or Apple (iPhone, iPad). In my case, the messages did not appear at the moment the app generated them but rather a few minutes later, so I would say that this spamming technique in general seems inconsistent to perform. However, with this app, once the messages started appearing consecutively (there were like 10 or 15), it was very annoying to have to discard each pairing notification from non-existent Bluetooth devices one by one.

How to avoid receiving Bluetooth pairing notifications

image

On Android you have to go to Settings, Google, Devices and sharing, Devices and deactivate the option that says "Search nearby devices" . The “hack” indicated above is effective because this option is activated by default on Android devices, so unless it is disabled (which is unlikely), any user nearby could be a victim.

In the case of Windows, the option that must be deactivated to avoid this Bluetooth spoofing attack is to go to Settings Bluetooth and other devices and there deactivate the option that says "Show notifications for connection with quick pairing" , which is also activated by default in Windows.

Source : Mobile Hacker

Beware of “bomb” messages on WhatsApp that make you lose your

How to connect your mobile phone to the car or other devices AUTOMATICALLY via BLUETOOTH

How to know if your WiFi is secure and if the computers in your home could be hacked from the Internet


by (3.5m points)
edited

Related questions

+3 votes
1 answer
+5 votes
1 answer
+3 votes
1 answer
+4 votes
1 answer
+5 votes
1 answer
asked Nov 15, 2021 in Dispose of hardware by backtothefuture (552k points) | 100 views
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users