top of page
  • Writer's pictureJonah White

Flipper Zero: From the beginning to what it's currently being used for

The Flipper Zero has been out for more than two years now. What are people currently using it for? Is it something that should be prevented from purchasing like Amazon and PayPal have done in the past? Or is it a young hacker's first tool to get into cybersecurity?


What is the Flipper Zero?


The website details that the Flipper Zero is your "cyber buddy," offering many different "tricks" that dolphins commonly associate with when attending a zoo or places like Sea World. The website's front describes, "The idea of Flipper Zero is to combine all the hardware tools you'd need for exploration and development on the go."


Initially inspired by the "Tamagotchi" project, the Flipper Zero aimed to become something more readily usable by providing a robust casing, handy buttons, and adding the joy of a small friend inside the software to join you on your adventures as you learn more about cybersecurity with hardware hacking or IoT hacking.


Development should always be fun!


What tools are integrated into one tiny device?

  • Sub-1 GHz Transceiver

  • 125kHz RFID

  • NFC

  • Bluetooth

  • Infrared Transceiver (I've used this one easily)

  • MicroSD Card

  • 1-Wire keys

And even tools for hardware exploration:

  • Completely Autonomous

  • SPI/UART/I2C to USB converter

  • Firmware Flashing Tool

  • Fuzzing Tool

Where has the Flipper been seen?


One I've seen so far is gas station signs being changed:




Using the Sub-1 GHz transceiver, users can manipulate the signs of gas stations (but not change the gas price).


Hacking Telsa's EV charging ports




The video is corny, with "hacker music" in the background. Still, the user depicts many Telsa vehicles in his area and displays him using the Sub-1 GHz receiver again to send the open command for charging one's electric car.


My personal favorite is the restaurant Pager:

This is something I stumbled on Twitter with how this user experimented with restaurant pagers that worked on radio signals; while listening and copying the commands used by the Transceiver to communicate with the pagers, the hacker was able to light up an entire table of beepers with one control, I hope to copy this project some day with another brand.

But there have been some setbacks with people receiving their Flippers.

When I first purchased it, nothing at the time blocked my Flipper from landing on my doorstep. Still, since the Flipper has become infinitely more popular, countries like the US, Brazil, and Israel have stopped shipping containers filled with Flipper Zeros. Even online marketplaces like Amazon banned the Flipper in light of labeling it as a 'card skimming device.'


One of my favorite tech YouTuber companies, Linus Tech Tips or Linus Media Group, released a video on what exactly strikes fear into the hearts of governments and law enforcement when this type of tool is released to the public. Showing more use cases that the Flipper has been seen doing, but also prefacing that this tool can be theoretically copied using a Raspberry Pi or Arduino. One problem that the Flipper Zero has for cracking Car locks is that it doesn't support cracking rolling codes that are now widely used to prevent your car fob from being copied and later played back to break into your car or, even worse, steal it.


The Flipper is not the only pirate in the sea.


The one thing people have to remember is that more tools will be released, possibly even better than the Flipper Zero, but devices that do the same thing the Flipper does have been around for a while, such as the HackerRF One, Proxmark3, the YARD Stick One, or the Ubertooth One for Bluetooth. RFID, or radio frequency hacking, has been around for a while. The Flipper Zero is another tool that can perform the same actions but is more of a 'pocket knife' all-in-one toolkit.


It's a wake-up call

The Flipper Zero is an alert to update or look at one's RFID or radio frequency security strategies in this widely wirelessly connected world. The Flipper Zero is excellent at copying and brute forcing RFID cards that could be used to get inside apartment complexes. If you haven't changed your RFID card or badge to unlock gates, doors, or garages, you might want to change or update those tags or keys when you accidentally bump into someone, and they brush against that RFID device.


But again, the Flipper zero only applies to old, sometimes outdated, RFID technology that uses next to nothing in encrypting the data on your RFID authentication device.


But there is a silver lining in all of this. The Flipper can be used to read RFID tags of lost pets that you may find, meaning your Flipper can read the microchip to give you a code to search within large databases of lost pets like FindPet or PetKey.


Conclusion

So does the Flipper Zero pose another threat to our daily technologies? Sort of. The best action is to keep good physical cyber security hygiene and learn to better protect yourself from RFID, NFC, evil USB, Bluetooth, and other IoT threats. A small step one can take is if something is not in use, turn it off or store it in RFID protective casing, such as a bag or wallet, that protects people from bumping into someone and essentially swiping cash away or credit card details without their knowledge.

17 views

コメント


bottom of page