Wireless communication is integral to the modern world. Whether it is phones, Wi-Fi connectivity, or bank cards, these devices employ different types / wavelengths of wireless signals for their operations. Though infiltrating these signals traditionally demands a deep understanding of cybersecurity, the introduction of Flipper Zero hacking tool has revolutionized the process.
What Is Flipper Zero?
Retailing at a reasonable $169, Flipper Zero is a compact, handheld penetration testing instrument tailored for hacking enthusiasts spanning a range of skill levels. Though its dimensions are unassuming, being even smaller than a typical mobile device, its capabilities are vast. This gadget comes equipped with an assortment of radios and sensors, making it possible to detect and replicate signals from a variety of wireless devices like keyless systems, IoT devices, garage openers, NFC and RFID cards, and more. A product of open-source initiatives, it received significant backing and support during its Kickstarter campaign in 2020.
Under its hood, the device operates on a 32-bit Arm processor with a maximum speed of 64 megahertz. While this might not seem like a game-changer, it is the collaboration of this processor with numerous analog and serial peripherals, and notably, a refined radio transceiver that makes all the difference.
Its surge in popularity can be attributed to its appearance on TikTok, where it was featured in a series of videos. Hackers were seen creatively manipulating electronic menus, triggering unknown Teslas’ charging ports, or even playfully adjusting fuel rates at gas stations. However, it is crucial to note that these videos may give a slightly exaggerated impression of Flipper Zero's capabilities. It is plausible that many of these demonstrations were orchestrated with significant behind-the-scenes coordination.
Flipper Zero's Technical Features
Housed within the compact body of the Flipper Zero are several antennas designed to detect, archive, and mimic wireless signals. Its range of compatibility includes:
- Near Field Communication (NFC): A staple in bank and building access cards.
- 125kHz RFID: Predominantly found in older proximity cards and animal tagging microchips.
- Infrared: The foundation of a multitude of remote controls.
- Sub-1 GHz: Frequented by gadgets like garage remotes and keyless mechanisms.
Additionally, Flipper Zero offers:
- 18 multi-purpose connectors to facilitate interaction with other devices.
- A USB 2.0, type C port to connect with computers.
- An iButton 1-Wire support system, commonly associated with asset monitoring.
- Provision for expandable memory via an SD card slot.
- A user-friendly LCD screen combined with a five-button control interface.
- Lastly, it runs on the FreeRTOS operating system, optimized for microcontrollers.
How to Use a Flipper Zero
Users simply need to position the Flipper Zero close to a signal's origin, select the appropriate program, and prompt the "Read" function. Once stored, these signals can be replicated at convenience. However, it is noteworthy that while NFC signals from bank cards can be detected, their duplication is restricted.
Delving into the detailed functionalities and operation techniques of the Flipper Zero could warrant a lengthy dedicated blog post. Fortunately, the official Flipper blog provides an abundance of valuable insights on navigating your Flipper Zero. The Flipper Zero documentation serves as a comprehensive source for understanding the device's intricacies. Furthermore, various online forums and platforms, including Reddit, host dedicated sections brimming with guidance and expert community advice on operating the Flipper Zero.
How Much Does Flipper Zero Cost?
Starting at a price of $169, Flipper Zero offers compatibility with any FAT32 formatted microSD card, although the card is not needed out of the box and is not included in the Flipper Zero price. Additional Flipper Zero accessories include a protective silicone casing priced at $15, a screen shield for $7.50, a Wi-Fi development module for $29, and prototype boards at $10. The official Flipper Zero website allows one order to contain up to:
- 2 Flippers
- 3 Silicone Cases
- 3 Wi-Fi Devboards
- 5 Screen Protectors
- 5 Prototyping Boards
Where to Buy Flipper Zero
You can procure the Flipper Zero for less than $200 via its official US site. If it is sold out, some resellers list it on other platforms like Etsy and eBay. However, buying from unofficial sellers might pose risks and cost more. Notably, Amazon banned its sale after tagging it as a card-skimming device. If you cannot acquire one, there are also a few Flipper Zero alternatives popping up on the market.
What Can You Do with a Flipper Zero?
Right off the bat, the Flipper Zero impresses with a range of functions. Arguably the most notable feature is its ability to scan various RFID cards by holding them up to the Flipper. Once read, the data is saved to its SD card, allowing the Flipper to replicate these cards. However, this functionality also raises concerns about security vulnerabilities. Some Flipper Zero users have even had success cloning hotel key cards.
With its built-in infrared module, the Flipper Zero boasts versatility, controlling devices from TVs to air conditioners (see YouTube for hundreds of comical videos of TVs being mysteriously controlled by Flippers in businesses, schools, etc). Additionally, it can check the functionality of infrared remotes.
Furthermore, the Flipper can duplicate iButton key fobs and radio remotes that operate on the 433-MHz frequency. It can read near-field communication (NFC) devices like MIFARE key cards and identify signals from contactless credit card chips. However, replicating the latter's unique transaction codes remains a challenge.
Many have asked, “can Flipper Zero hack Wi-Fi?” Enhancing the Flipper's functionality is possible with additional boards, including a Wi-Fi board. Adding a $45 board introduces Wi-Fi, primarily to facilitate updates. However, with some tweaks to the Flipper and its Wi-Fi board, users can control Wi-Fi signals more intricately. This includes launching Wi-Fi network attacks and flooding access points with deauthorization packets. The Flipper is capable of producing various test signals to troubleshoot hardware, like testing servos with PWM.
The Flipper Zero can also mimic USB keyboards and mice. It can run scripts to manage a GUI — a treasure for automation enthusiasts but a potential security risk for others. It also functions as a UART-to-USB bridge, connecting with devices lacking USB support. Its sub-GHz antenna efficiently detects car key fob signals but replaying them often proves futile due to modern vehicle's “rolling codes” systems.
Here are a few additional things the Flipper Zero can do:
- Capture data from a car's tire pressure sensor.
- Detect a dog's body temperature through its microchip.
- Capture and duplicate the signal of a garage door opener.
- Recognize the facial recognition signals and frequencies emitted by iPhones.
Is Flipper Zero Legal?
In the US, owning a Flipper Zero is lawful, as is its use. Flipper Zero announced on their social media that a batch of their products was confiscated by U.S. Customs and Border Patrol in September 2022, although there have not been any similar incidents reported since then.
But remember, it is about how you use it, similar to possessing a firearm or lock-picking set. Always refer to local laws and seek legal counsel if unsure. Typically, if you are using the Flipper for personal items and gadgets, you are on safe ground. But interference with others' belongings might lead to legal troubles. The device's firmware safeguards against broadcasting restricted frequencies based on its location.
"With great power comes great responsibility"
– Uncle Ben
Interestingly, while the Flipper Zero is not banned in the US, Brazil's National Telecommunications Agency has previously confiscated Flipper Zero shipments, citing potential criminal misuse.
Can Flipper Zero Unlock Cars?
Many security experts agree that the Flipper Zero will never be able to capture car key fob’s rolling codes AND determine the encryption algorithm unless a severe vulnerability is found. Introduced circa 1990, rolling codes (sometimes called a hopping code) bolstered the security of keyless entry systems such as garage door openers and keyless car systems. Essentially, a rolling code thwarts unauthorized access attempts by changing the code every time, preventing attackers from replaying a recorded transmission to unlock a system.
Nevertheless, there is a potential method to exploit this with Flipper Zero. Imagine unlocking your car remotely, but it does not respond (either because you are too distant or a signal jammer interferes). While the car might not catch the signal, a nearby Flipper could. It can then store and later replicate that signal when close to the car to unlock it. But here is the catch: if the original fob sends another signal before the Flipper replays its stored code, the Flipper's code becomes obsolete. Plus, using the Flipper to unlock the car might desynchronize your original fob, leaving you locked out, requiring re-syncing through dealerships or extra fobs.
If your vehicle has rolling codes, always double-check its lock status visually or audibly. And remember, older vehicles without rolling codes are prime targets for these replay attacks, though they are rarer these days.
Flipper's Amusing Trick with Tesla's Charging Ports
Flipper aficionados found a curious quirk with Tesla charging port doors. These doors on Tesla vehicles, controlled wirelessly, do not employ rolling codes. Thus, a Flipper Zero can easily intercept and replay this signal, unexpectedly popping open Tesla charging ports. While this does not compromise the car's interior security, the prank is a favorite on social platforms like YouTube and TikTok.
Honda's Rolling-PWN Vulnerability
In a surprising revelation, some Honda models were found to have a chink in their rolling code armor. Dubbed "Rolling-PWN," this vulnerability lets attackers capture keyfob signals with devices like Flipper Zero and subsequently unlock or even start these Hondas.
Kevin2600 and Wesley Li, researchers, discerned that Honda's system resynchronizes its codes if it receives consecutive lock/unlock signals. This means it might accept outdated codes, which should have been discarded. Thus, a skilled attacker can capture, store, and replay these codes later to unlock the Honda and even start it. Driving away, though, remains a hurdle as the actual keyfob needs to be nearby.
After initially dismissing the vulnerability, Honda acknowledged it but emphasized the intricate nature of the attack and assured that the vehicle could not be driven away. Honda also stressed its ongoing efforts to enhance security in upcoming models.
How to Protect Yourself from Flipper Zero
With innovative hacking tools like the Flipper Zero cropping up, it is imperative for individuals and businesses to shield themselves from potential risks. Here is your guide to fortifying against these threats:
- Opt for RFID-Shielding Solutions – Recent tests indicate that RFID-blocking wallets and cards can obstruct Flipper Zero's ability to intercept signals from your credit cards.
- Stay Aware of Your Surroundings – Flipper Zero has a pretty short signal capture range when it comes to credit cards and access badges. Be observant about those close to you, especially when in crowded places or in lines. Protecting your access badge from potential scans by not wearing it openly on your waist can be crucial.
- Augment Badge Security with PINs – Elevate your workplace's security by adding a PIN requirement alongside access badges, much like multi-factor authentication (MFA). Even if a Flipper clones the badge, the trespasser would need the PIN to enter.
- Mandate Badge Usage for Building Exit – It is not about confining anyone, but tracking movements. Ensuring badges are used at entry, exit, and specific internal points gives you a comprehensive view of badge activity. Such visibility can help detect anomalies, such as simultaneous badge usage at distant points or double entries without an exit.
- Embrace Rolling Code Protocols – When creating a device or system employing wireless signals, think of rolling code measures to fortify signal security, similar to what car manufacturers and garage systems do.
- Engage Ethical Hackers – Companies can maintain an advantage over potential threats by engaging the services of ethical hackers and penetration testers to pinpoint system vulnerabilities before they face genuine attacks. Since 2010, Compass IT Compliance has been dedicated to assisting firms in recognizing the risks tied to hacking tools like the Flipper Zero, providing straightforward solutions to address these risks and ensuring employees are updated about emerging threats.
Is Flipper Zero Worth It?
Priced under $200 on its official store (though it can skyrocket with third-party sellers), Flipper Zero's value proposition varies per individual.
Undeniably, for its price point, Flipper Zero stands out in terms of capabilities, making it a comprehensive tool for those keen on exploring NFC, RFID, and sub-GHz wireless networks. Its GPIO feature appeals to hardware enthusiasts.
Beyond its tangible functionalities, Flipper Zero offers a learning curve that might be its main attraction. It is not just about the endpoint but the exploration journey. While it is no universal hacking device, it necessitates innovation and perseverance to harness its full potential.
So, if you are on the hunt for an engaging device to fuel your creativity, enhance skills, or even playfully interrupt your sibling’s TV time, Flipper Zero fits the bill. It is an educational gem that continually facilitates learning, from understanding GitHub and installing firmware to grasping diverse networking protocols and working with GPIO.
You May Also Like
These Related Stories
Penetration Testing: Understanding Red, Blue, & Purple Teams
The Best Cyber Monday Gift: A Security Risk Assessment
Get Email Notifications
No Comments Yet
Let us know what you think