In early October, an incident occurred that raised questions about the safety of the use of modern gadgets in public places. The security researcher Jerun Van der Ham became a victim of an attack on his iPhone during a train trip in the Netherlands. His smartphone began to receive a flux of pop-up notifications about the Bluetooth connection, which made the device almost unsuitable for use and led to rebooting. The situation repeated during the second trip, when not only the researcher, but also other passengers received the same notifications.
Van der Ham tied failures with the presence of a certain passenger in the carriage – he worked on his MacBook, to which the iPhone was connected through USB. The man continued his work, not paying attention to how passengers around him reloaded. As a result, the researcher concluded that it was this passenger that is a source of problems.
After the studies, Van Der Ham found out that the cause of attacks is the Flipper Zero device that can interact with various types of wireless communication, including RFID, NFC, Bluetooth, Wi-Fi and standard radio.
Van Der Ham recreated the attack in the controlled environment, which worked as well as during his train trip. Van Der Ham sewed his device with a special Flipper Xtreme firmware, which he acquired in a Discord channel dedicated to the Flipper Zero. The firmware allows you to send a constant stream of packages Bluetooth Low Energy to the devices (BLE supports functions such as the transfer of notifications and updating the statuses of devices without the need for constant connection, which significantly reduces power consumption compared to the classic Bluetooth). BLE has become widespread with the release of Bluetooth 4.0 and continues to develop in subsequent versions of the Bluetooth standard.