Flipper Zero is a small handheld tool designed for pentesters to perform a multitude or scans on wireless devices. In August 2020, the concept for the device was pitched on the popular crowdsource website Kickstarter. The initial goal set by the developers was $60,000 USD, however, the concept was so popular that it reached its goal in only 8 minutes and ended up with over $4.8 Million raised. The creator of the tool is a Moscow-based Russian company known as Flipper Devices, lead by CEO Pavel Zhovner.
In 2021 the first devices started to ship out to buyers all over the world. One of the most surprising aspects of the Flipper Zero is its relatively low price—at only $160 USD it is both affordable and easily obtainable. The only real setback so far has been the device shortages in certain geographical areas, such as the US, due to supply chain and customs issues.
Fresh out of the box the device comes with many impressive capabilities. It can scan wireless radio frequency (RF) ranges, as well as read radio-frequency identification (RFID), near field communication (NFC), and infrared signals.
In addition to being able to scan these ranges, the Flipper Zero also has the ability to transmit an emulated signal of each of these. These features can be used to copy and transmit garage door signals or to steal credit card data using the Tap to Pay feature. In addition to its out-of-the-box capabilities, Flipper Devices also sells a WiFI board which can give the device additional capabilities and extended range.
Flipper Devices also sells a development board that can connect to the device. The board can be used by a knowledgeable person to create all new capabilities with the Flipper Zero. When paired with the ability to download and install custom programs on the device, this opens up a panoply of prospective capabilities for this device. Websites for developing and sharing open source code, such as GitHub, have already customized code published on them for download.
In the year since the device was released, videos of users showing off the device’s capabilities have flooded social media. Some of the demonstrations are minor and mischievous, such as causing automatic soap dispensers to start dispensing soap, locking the security wheels on a shopping cart, or causing the charging door cover on a Tesla to open up.
Other more dangerous demonstrations include showing how to steal someone’s credit card information or hotel key using the NFC capabilities of the device. There are also a large number of videos demonstrating the ability to steal garage door signals and transmit them, or to copy and emulate a car’s key fob, allowing the user to unlock the car. Modern cars that rely on technology that senses a key or key card have proven to be particularly susceptible to the Flipper Zero.
On the flip side, the Flipper Zero can be a powerful tool in the hands of an ethical penetration tester, helping to demonstrate the ways in which a client could be hacked. There have been a few instances where users have utilized the RFID scanner in the device to read the RFID implant in the back of a stray pet, using the information to reunite the pet with its owner.
The Flipper Zero device is a powerful tool for cybersecurity professionals and hackers alike. Its affordability makes it easy to obtain, and its small size makes it easy to use covertly. These attributes combined mean you could see a significant increase in hackers using Flipper Zero in the wild. Fortunately, there are things you can do to minimize your risk. First, use a wallet or card holder that offers RFID protection. Second, be aware of people attempting to get close to your purse, wallet, or pocket (the NFCs can only operate within a few inches of the reader). Finally, be aware of your surroundings. If you see someone suspicious loitering around your house, car, or parking lots, try not to use your RF devices. Sometimes the old-fashioned method of using a physical key is the safest option.