After a year with the Flipper Zero, here’s what I’ve learned [March, 24' Update] (2024)

Disclaimer:Like many devices dedicated to hacking, the FlipperZero itself is perfectly legal and complies withall regulations. It serves as an amazing tool for learning and experimenting with all kinds of devices. Yet, it has the ability to be used for illegal purposes.IT Audit Labs does not condone any illegal activities enabled by the Flipper Zero andrecommendsthat anyone who uses the Flipper Zero ensures that they’recomplying withlocallawsand regulations.

March,2024 Updates: See below for recent updates on The Flipper Zero, including a new gaming peripheral, a potential ban in Canada, as well as anew competitor in the M1.

My name is Cameron Birkland, and outside of my day job as a security engineer, I’vebeen spendingquite a bit of time experimentingwith the FlipperZero.

Due to its small form factor and numerousabilities to “hack” objects within reasonable proximity, the Flipper Zero has received some extensive news coverage, and not alwaysin a positive light. Suddenly, it’snot so hard for someone with little knowledge of radio frequencies to capture and replay a garage door remote, orperform a DoSattack on an entire room of smartphones.Over the course of this article, Icoverwhat I’velearned about the device, reviewits capabilities, how its functionality can be expanded through firmware or additionalhardware, and share a few tips for how you can get started.

What is a FlipperZero?

Referred to as a “portable multi-tool device for geeks”,The Flipper Zerois essentiallyaportable,all-in-one solution for breakinginto the world of Sub-1 GHz frequencies, RFID, NFC, infrared, or even the lesser-knowniButton.The Flipper Zero takes all these featuresand packs theminto a device smaller than yoursmartphone,all with anapproachable, easy-to-useinterface.

With readily available apps and plugins, just about anyonecan pick one up and start capturing signalsthat were otherwise limited to those withspecialized tools and extensive knowledge, all in adiscrete, pocket-sizedpackage.

What can you do with a Flipper Zero?

The Flipper Zero is most notable for its ability to receive and transmitsub-1GHz frequencies. This gives it the ability to interact with many household objects, including:

With minimal effort, your FlipperZerocan read the signalsent by a remote, save it, and replay it as many times as you want.I’vepersonally used this functionality to operatemy garage door opener as well as a remote-controlled outlet.

NFC and RFID

As mentioned above, the FlipperZero can read and emulate common RFID and NFC cards/tags as well as write toNFC tags. This allows the Flipper Zero to interact with a range of cards, keys, chips, or anything RFID or NFC enabled,for example,a pet microchip– there are even documented cases of people reuniting lost pets using the device!

Door Keycards

Another popular use case is readingand emulatingdooraccesscards/key fobs.

Modern access systems that utilizecomplex protocolsare less susceptibletothisrisk, but if youhave access and permission, information is available online as to whether a particular system is susceptible to having its cards copied by the FlipperZero.

Bluetooth Low Energy Devices (BLE)

Bluetooth Low Energyisa lower energy, lower bandwidth alternative to Bluetooth, and you guessed it,devices utilizingthis protocolarealso vulnerable to the FlipperZero.

One of the more popular use casesfor this protocol enablesBluetooth devicesto notify a user whetherit’sready to be paired.In the case of the iPhone, this has been particularly prevalent, as firmware options like Xtremehave an “Apple BLE Spam” app pre-installed,enablingsomeone with a FlipperZero to perform a DoS attack on any active iOS devicewithin a certain proximity(keeping in mind that it is a Low Energy form of Bluetooth, so the range isn’t going to be quite as powerful as regular Bluetooth).Therearen’tnecessarily any implications to thisuse casebeyond it being an annoyance,butit’sanother reason the Flipper has seen so much attention--Ifyou experiencean endless string of pairing requests, Apple TV notifications, and other seemingly randompop-ups, look around and you might just see a Flipper Zero.

Flipper Zero firmware, peripherals,and other ways to expand its functionality

Despite the Flipper Zero’s wide range of capabilitiesoffered by its internal hardware,theyare dramaticallyenhanced through the installation of firmware or the addition of compatible hardware.

Flipper Zero Firmware

Afewof the most popular firmware options are Unleashed,Xtreme, and RogueMaster.Each of theseaddsseveralfeatures to its out-of-the-boxfirmware, with each containinga slightly different feature set.I recommend checking each firmware’s GitHubpagefor all the details, but some key features includethe ability tochangethe UI in both Xtreme and RogueMaster, additional NFC, RFID, and Sub-GHz protocols, support for saving and sending rolling code protocols (which is restricted in the original Flipper Zero firmware), the ability to executea “bad keyboard” attackover Bluetooth, and toomany plugins and games to list here.

Peripheral Devices

The Flipper Zero hasa row of GPIO(General-Purpose Input/Output)pinsthat allow you to interfaceyour Flipper Zero with externalhardware.

The WiFidevboardis an example of a“hat” that works as a plug-and-play attachment for the FlipperZero. You can find unofficial accessories on sites such as Tindie, where you canpurchasethem pre-made, which is what I did with my NRF24 boardbelow:

An NRF24 chipallows you to communicate with devices that use the 2.4GHz frequency, but aren’tnecessarily Bluetoothor WiFi(for example, a wireless mouse/keyboard).Adding the NRF24 board to my Flipper Zero allowed me to sniff and intercept data sent between a Logitech Unifying receiver and keyboard, enabling a wireless,bad keyboard attack.

2024 Update: Video Game Peripheral Now Available

The FlipperZero Teamhave released a new peripheral they call The Video Game Module.Themodule attaches to the Flipper Zero using the GPIO pins on the top and adds a few useful features, including an HDMI port, agyroscope and accelerometer, as well as 14 GPIO pins to interface with the module.What makes this module so interesting is that it utilizesthe Raspberry Pi RP2040 Microcontroller, effectively making ita standalone device. It even has its own USB-C port, so you can interfacedirectly with the Raspberry Pi microcontroller.Despite being called a video game module, the potential use cases for the module extend well beyond video games.

If you’rea cybersecurity professional, here’swhat you need to know

While The Flipper Zero may seem to be similar tomany of the other “hacking” devices available,like those that can be found onHak5,its ability to interact with frequencies and items we find throughout our modern world takesit beyond the scope of a computer.

In the wrong hands, there can be physical security implicationsconcerning people’s homes and businesses. It’sclearthat some of the older, commonly usedprotocols, such as Security+ 2.0can no longer be considered secure, and the means to captureand replay these protocols are easier than ever.

Likemany available“hacking” devices, the Flipper Zero is a capable device that is not to be underestimated. This doesn’tmean thatall physical security is compromised and anyone with a Flipper Zero is dangerous, but it should certainly be consideredwhen it comes to the security of your home, business, and personal devices.

2024 Update: The Flipper Zero could be banned in Canada...

In an effort to curb vehicle theft, the Ministry of Innovation, Science, and Industryin Canadahas announced its intentof“Pursuing all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with law enforcement agencies.”

The Flipper Zero is their primary target, but their intent is broad enough to include devices such as the HackRFOne,which is a Software Defined Radio (SDR) that has similar functionality tothe Flipper Zero.

The primary concern is that legislation to ban devices like the Flipper Zero would stifle innovation and curiosity, particularly in the cybersecurity space.Devices like the Flipper Zero lower the barrier for someone to take up an interest in cybersecurity, particularly when it comes to sub-GHz frequencies.Banningthesale of these devices would only prevent them from getting in the hands of common citizens, while a “criminal”,or someone that really wants it, would notbe deterred by a law banning its purchase.Finally, this law does not address the root cause – manufacturing devices that are vulnerable to simple attacks in the first place. Legislation efforts would be better placed towards addressing the reason vehicles are vulnerable, rather than the device that exploits those vulnerabilities.

How to get started with the Flipper Zero

If you’rejust starting out, the best place to buy the Flipper Zero is from the Official Flipper Zero Store-it’seasy to come across supposed “deals”from third-party sellers, but there’stoo many scamsout there to make deal hunting worthwhile.

Irecommend pickingup the screen protectoras the plastic screen scratches easily, and the silicone caseis useful if the device is dropped. If you’reinterested in Wi-Fi penetration testing or want to update the FlipperZero’s firmware wirelessly, the WiFidevboardis a good accessory to pick up as well.

Once you’veordered the Flipper Zero, Irecommend getting acquainted with some of the projects you can find on the Flipper ForumandtheFlipper Zero subreddit.Then, start experimenting! It is rewarding when you finally capture that first signal oropen your first garage door. Keep in mind that the Flipper Zero has many different functions, so if one experiment doesn’twork out, don’tbe discouraged – there'splenty to do!Obviously,just be responsible out there.

2024 Update: What is the M1 and how does it compare to the Flipper Zero?

As of February 2024, a new device with some striking similarities to the Flipper Zero was announced on Kickstarterby the company Monstatek.The campaign has been very successful, raising well over $1,000,000.Known as the M1, the hardware and features are nearly paritywith the Flipper Zero, with the exception of the M1 having built-in Wi-Fi.These devices are extremely similar in sizeand shape, and the button layout on the new M1 is identical.A notable difference between the two devices is thatthe Flipper Zero takes on a more “fun” personality with its dolphincharacter, while the M1 has a cleaner, moremature look.The M1 has a retail price of $165 and the Flipper Zero sells for $169.

Given the novelty ofthe Flipper Zero, it’ssurprising to see such a similar device attemptingto occupy the same niche.Because the devices are so extremely similar, therearefew advantages to owning both of them – theyhave the same capabilitiesin a similarly-sized case.

Want to know more?

This blog post was initially inspired by our bi-monthly podcast – The Audit – check out the full podcast episode below, or you can listen in on Apple Podcastsor Spotify.

For even more information on the FlipperZero, I’velisted a few relevant links below, and if you have any other questions, feel free to send them over via ourContact page.

Thank you for reading!

- Cameron Birkland