In the past week, I’ve had the pleasure of dabbling with the Flipper Zero. I have only just begun to scratch the surface of what this small device can do, but it has been fun and interesting, nonetheless.
Before going much further (for those that don’t know) let me explain what the Flipper Zero actually is.
“Swiss Army Knife for Sub-1GHz Radio Waves”
The Flipper Zero is a compact (pocketable) device that looks similar to some old MP3 players.
The main showpiece of the Flipper is its ability to receive, broadcast, and manipulate sub-1GHz radio frequencies. These frequencies are the backbone of many everyday wireless devices like home-automation, garage door openers, car key fobs, Bluetooth devices, and RFID (things like contactless payments, hotel keycards, and pet microchips).
It also has some other fun bits like infrared (TV remote), iButton (I often see this used by bar staff to open tills, etc.), GPIO pins for add-on cards/modules (like this Wi-Fi board), and it can act as a “bad USB” device.
First Impressions
It feels nice in the hand. It’s a good weight, the buttons click nicely, and it has clearly been made with some thought. It’s not quite as “discrete” as I’d like. Particularly once you’ve got a protective case on it (I find myself putting it in my backpack more than my pocket). It’s not something I’d keep in my pocket “just in case”, but its certainly pocketable if you know you’ll want it when out and about.
The device looks like an up-market children’s toy, but with the quality you’d expect it to have for the ~£180 price-tag. It’s Dolphin themed (now the name makes more sense) and the playful theme runs deep, with a Tamagotchi-like feature: a Dolphin character that you can check in on and has a Name, Mood, Level, etc. I’ve not done much with this ‘feature’ myself and can’t say it’s what drew me to the device, but I’m sure some people think it’s fun.
The main thing I’ve noticed:
The battery life is amazing. No, really…
It’s a slightly weird observation, and not one that most people focus on.
In fact, given the devices capabilities it absolutely makes sense for it to have good battery life. But the low power requirements also mean it’s the kind of device for which I think most manufacturers would use a low-capacity battery to save money.
The device was fully charged when I first got it; I’ve used it a few times each day for the past week, and I’ve not had to charge it once. Currently, it is sitting on my desk at 58% and I don’t see why I’d need to plug it in until later next week at the earliest. Battery life may not be the standout feature everyone else is talking about, but count me impressed…
A Shallow Splash
As alluded to in the first paragraph, I’ve barely touched the surface of what this device can do. In truth, the most fun I’ve had is in secretly adjusting our television volume without my wife realising, showing my co-workers the games (of course it can run DOOM), and scanning various cards in my wallet…
The card-scanning is slightly less scary than it sounds.
Yes it showed me the long card number on my debit card, and yes it showed me the expiry date. But:
- The security number (CVV) isn’t ever displayed by the device
- You must get within basically touching-distance for it to scan the card
- It makes an audible “beep” when scanning (possibly this can be disabled?)
It’s hardly discrete.
I suppose the Flipper could be used by someone with bad intentions, but they’d still need intimate access to the cards to get the CVV. If someone already has that kind of access to payment cards (alone with them, so as not to get caught), then the Flipper Zero is hardly an advantage compared to snapping pics of the cards with a phone.
It’s Not Just a Toy
The Flipper Zero does have some real-world applications where it can be used to bypass security and perform bad (often illegal) deeds. It can scan, store, and replicate RFID keycards with ease (think hotels, office spaces, etc.), and it can receive and broadcast basically any wireless signal below 1GHz, as well as Bluetooth, and it can do 2.4GHz with the Wi-Fi dev-board.
Although the practical “evil” applications are somewhat limited, the fact that reading & replicating keycards is absurdly easy will make me second-guess security at every hotel I visit from now on, and the Flipper Zero has plenty more to offer that I haven’t even looked in to yet.
A Touch of Customisation
The makers of the Flipper Zero encourage flashing your own firmware. They’ve released the base firmware as open source and provide tools that make it easy to flash all sorts of different firmware as needed.
I have personally flashed it with the “Unleashed” firmware. I’ve not played with the device for long enough to understand the benefits of this yet, but this seemingly unlocks some features, comes with some extra apps, adds some customisation options, and hints at other potential possibilities for future explorations.
Looking Forward
The Flipper Zero, with its host of functionalities and tools, stands as testimony to the versatility of modern technology, and is the ultimate “fiddle” tool for people who want to dabble in the world of short-range wireless hacking. But it is also a reminder that we should not take security for granted. From innocuous fun like tweaking TV volume through to gaining unauthorised access to rooms or buildings – the Flipper Zero could be used to do some serious damage in the right hands. This device makes hacking accessible, even to those with very little prior knowledge. It may be limited, but it shouldn’t be underestimated.
My initial week with the Flipper Zero has been an enlightening glimpse into its capabilities, opening avenues for both play and practical application. I’ll be exploring it more, and I’m keen to see where the Flipper (and other security tools) will come in to play on my cybersecurity journey.