Payments, locks, car doors: many of these items can work via radio frequency and proximity today. A device called Flipper Zero has been drawing attention on TikTok. The videos show that, with it, it is possible to copy the signs of badges and keys. The device looks incredibly useful — and dangerous.
Flipper Zero costs US$ 200 in the US — in Brazil, the cheapest offers on Mercado Livre are around R$ 1,700. It was developed by Alex Kulagin and Pavel Zhovner, who put the project on Kickstarter in 2019. Since then, more than 150,000 devices have been sold.
On its website, the product is described as a multi-tool in a toy format for pentesters (people who do penetration tests) and geeks.
It has the size and style of Tamagotchi, the virtual pet that was successful in the 90s and 2000s. Coincidence or not, Flipper Zero’s “mascot” also has its own animal: it is a dolphin, which appears in the interface between a menu and other.
“He loves hacking digital things like radio protocols, access control systems, hardware and much more,” the presentation reads. “It’s completely open source and customizable, so you can use it any way you want.”
@flipperzero How to use Frequency Analyzer on Flipper Zero to find the right frequency of radio remote if Sub-GHz signal does not received #flipperzero #radio #gadget #electronics #hardware ♬ original sound – Flipper Zero Official
Is it all the same?
Basically, the Flipper Zero can read radio frequencies below 1 GHz, 125 kHz RFID, NFC, infrared signals, GPIO pins and more — the documentation is all on the site🇧🇷
On TikTok, many videos show utilities and tricks for the device. In one of them, the user receives only one card to unlock the door of his condominium. He uses Flipper Zero to copy the code and “paste” it into RFID keyrings purchased on Amazon.
In another, Flipper Zero is used to emulate an Amiibo NFC card, tricking the Nintendo Switch — according to the comments in the video, you can do the same thing with a cell phone.
@strawlrus My landlord isn’t going to like this one… 🫡 #subghz #infrared #nfc #rfidimplant #rfidchip #RFID #accesscontrolsecurity #flipperzero #pentesting #computerscience #teslacheck #teslamodel3 #teslamodels #nintendoswitch #amiibo #flipperzero #flipper #flipperdevices ♬ animal crossing ~ new horizons lofi – Closed on Sunday
Journalist Dhruv Mehrotra of wiredtested one of these for a week and found that it is not as powerful as it seems.
Mehrotra was unable to clone his work entry badge using the device, for example. It is possible to read contactless credit and debit card numbers, but it is not possible to pay with the device, due to hardware limitations.
In the sights of the police
Still, some things are possible. The journalist recorded the signal from the neighbor’s remote control. He believes it is possible to open older cars, which do not use rolling code encryption.
The authorities and big companies are keeping an eye on the potential of Flipper Zero, in case it falls into the hands of malicious people.
PayPal has already secured the payment of more than $1.3 million dollars to the company, and US customs authorities have withheld a shipment of devices, releasing them without explanation after a month.
Bob Zahreddine, a lieutenant with the Glendale Police Department and an executive with a cybercrime law enforcement group, tells the wired that Flipper Zero is customizable and has the potential to be used in all types of crime. Even so, he is not aware of any crime in which the device was used.
The device has firmware restrictions that prevent frequencies prohibited in a certain country from being transmitted. The product’s Discord server does not allow discussions of alternative firmware. Even so, as it is open source, there is the possibility of changing it to circumvent these limitations.
Kulagin, however, does not see a big problem in this potential. “Old cars are vulnerable to Flipper. But they, by definition, are not safe — it’s not Flipper’s fault”, ponders the creator. “There are bad people, but these people can cause problems using any computer. We do not intend to break the law.”
With information: Wired.
https://tecnoblog.net/noticias/2022/12/23/flipper-zero-tamagotchi-de-us-200-que-clona-nfc-faz-sucesso-no-tiktok/