At the beginning of the month, news went viral on social networks and media specialized in cybersecurity.
A small device, called
“Flipper Zero”
, could open the doors of a Tesla car.
Although it was later clarified that it was a phishing attack, it didn't matter.
It was one more brick in a wall that has been built based on this
“Tamagotchi” to hack
computers and phones, inflated by the TikTok algorithm, Instagram stories and the desperate cry for attention from social networks.
But what can this device really do and how dangerous is it?
The Flipper Zero is a pocket-sized multifunction device that allows you to interact with access systems and connections.
Through a monochrome screen with a friendly dolphin, you can clone cards with NFC or RFID (such as credit or hotel room cards), open access doors to work, intercept a WiFi signal, steal a foreign
password
or flood with notifications a phone simply to annoy (as happened in last year's edition of Ekoparty).
Considered by many a kind of “hacker Swiss army knife,” the Flipper Zero sparked a lot of controversy due to videos demonstrating potentially criminal acts, to the point that Amazon removed it from its catalog and does not allow it to be officially purchased.
In Argentina, it can be purchased in Mercado Libre for prices ranging from 500 thousand pesos to one million (with a parallel dollar close to one thousand pesos).
Used by security researchers in the field of physical security and “pentesting” - that is, testing systems to understand their vulnerabilities - the truth is that the device is very practical for certain demonstrations
but much more limited and expensive, in general. comparison
with other options on the market.
Video
Flipper Zero went viral on TikTok for opening cars and gates, stealing passwords, and hacking networks.
“Just as you cannot build a house with a knife,
you cannot carry out professional pentesting work
with a Flipper Zero,” “Teno”, hacker and computer security researcher, with 33 years in the IT industry, explained to this medium. .
Once again, social networks did their thing: exaggerating, in this case, with the stigmatization of a device for its potential criminal uses, instead of trying to understand that the problem is not the device
but how vulnerable the systems that it is are. around us.
Here, what the Flipper Zero is, what it can do, what it cannot do and why there was so much controversy regarding its uses and applications.
Flipper Zero: what is it
"Teno", hacker and researcher with more than 30 years in the IT field.
Photo: Fernando de la Orden
The Flipper Zero was developed for the interaction of access control systems, networks and protocols such as
NFC, WiFi, Bluetooth and more
.
“It can read, copy and emulate radio frequency-based systems, such as the RFID protocol, NFC, different remote controls, as well as those based on infrared and even those of the USB type,” explains Teno.
NFC
(Near Field Communication) and
RFID
(Radio Frequency Identification) are two widely used wireless communication protocols.
For example,
the Telepass
on the highways is by RFID.
SUBE,
or contactless credit cards, work using NFC.
From a technical point of view, the Flipper is built around a proprietary microcontroller, that is, a kind of small computer embedded in a board, developed from a “kickstarter” that started in August 2020 and raised $
4.8 million.
by the hacker community.
“This microcontroller is equipped with different RF (and other) interfaces that puts in a 'convenient package' a series of pentesting and PoC [proof of concept] tools and with an open source firmware invites the entire community to develop modifications ,
add modules and so on
,” adds the specialist.
“It also has a series of contacts that allow these capacities to be exceeded, in the style of Arduino or Raspberry Pi
microcontrollers
(called
GPIO
).
We can say that it behaves like a kind of Tamagotchi, but the objective is not entertainment, but rather bringing security issues down to earth and putting them within reach,” Teno continued, in his explanation.
Prepared to deploy a denial-of-use attack on WiFi networks, using a commonly used ESP32 SoC (System on Chip) as an accessory.
Photo: Fernando de la Orden
The
Tamagotchi
part has to do with the fact that the dolphin on the screen, in monochrome orange and 128x64 pixels, is the “operator” through which all hacks pass, which can be improved and
gained experience
depending on the functions that are applied in investigations.
The researcher, who has been analyzing and “breaking” systems for more than 30 years and publishes his research on his blog, spent a week with the Flipper to see what he could do with this device and also how to achieve the same results. with technologies already available (and cheaper).
And the first point to highlight when speaking with sources in the cybersecurity environment is
the exaggeration
that was given to Flipper Zero, since many technologies of this type already existed.
“Just as you can't build a house with a pocketknife, you can't do professional pentesting work with a Flipper Zero.
For example, if we compare a WiFi audit performed with
ESP32Marauder
(one of the many WiFi modules for Flipper Zero) against a Pineapple Enterprise WiFi, the quality of the attacks, the certification levels and the stability of a product manufactured for this specific purpose does not They have no comparison.
Pinneaple is much better and more serious,” Teno explains.
What you can do with the Flipper Zero (and what you can't)
A notebook to detect Bluetooth activities of a Flipper Zero that can cause denial of use of cell phones, headphones and other BT accessories (Wall Of Flippers Application) Photo: Fernando de la Orden
Clarín
contacted different computer security researchers who recounted the uses they gave to Flipper Zero.
A hacker from Córdoba, recognized in the industry for his contributions to the security of financial applications, said that he was able to clone access cards to his hotel room: “I was in Barbados, I had the key to enter the room.
I cloned my card with the Flipper
(attacking the reader and the card) to then emulate it when entering my room and being able to move without it,” he recalls.
“I also used it to attack
machines to get stuffed animals and prizes
, since they now work with a reader, I was able to find other people's balances and play with those loaded amounts.
It was only as a proof of concept and for the only time,” she clarifies.
Other common uses have to do with cloning building key fobs.
“In San Pablo, Córdoba, Buenos Aires I was able to clone RFID entry cards to enter the door of the building,” he remembers.
Attacks on electronic car key fobs were among the most viral on networks.
This researcher was also able to replicate them.
“With the Flipper I managed to capture the lock code of a 2021 Fiat model, emulate it and open the car.
I was also able to open and close remote gates by 'listening' to the command signal and then replicating it with radio frequency.”
Finally, remember having “
turned off supermarket air conditioners
, raised or lowered the temperature, changed channels or turned off televisions” in the appliance aisle.
Flipper Zero deploying an attack trying to open automatic doors and gates, being detected, in the background image, with a software-defined tuner.
Photo: Fernando de la Orden
Christian Gehmlich, security researcher at Banco Galicia, launched a podcast showing various attacks and, among them, you can see how
public WiFi networks and USB chargers can be attacked
to access other people's devices.
"It is important to keep in mind that this device is used to carry out proofs of concept in a simple and direct way. To carry out this type of attack on a large scale, other types of equipment and broader knowledge are required than just pressing a button. couple of buttons," he warns.
From an improvised laboratory in his home, Teno showed this medium different types of hacks that can be carried out with this device: he deployed an attack to deny the use of
WiFi
networks (that is, making them inaccessible), he filled a phone with Bluetooth notifications cell phone (something very annoying that can "crash" the device), emulated the opening of automatic doors and played with different homemade modules that he mounted on the top of the device.
All attacks were carried out successfully.
Now, was it possible to do all this before Flipper Zero?
Of course.
Teno reviews a large number of devices that, for a long time, could fulfill these functions.
“Deauther, based on the ESP8266 microcontroller, exploits a weakness in the WiFi protocol where, without knowing the password of a network, it allows connected users to be expelled within the range.
WiNX for ESP32 also allows attacking networks.
ESP32Marauder is almost the 'maximum' evolution in terms of WiFi and Bluetooth attacks with microcontrollers,” he lists.
“With respect to USB-type attacks,
there are also very low-cost things
that can perform the same sophisticated attacks that Flipper Zero does.
On the market, the Raspberry Pi Pico and Digistump, for very little money, allow even much more sophisticated attacks, in the style of the professionals Rubber Ducky and Bash Bunny.
Hardening things up a bit and in a very small size, we have Pwnagotchi
, which is a pocket AI
(the size of a pack of 10 puchos) that exclusively attacks WiFi networks in a very efficient way and that I have been actively using since 2018, with which I have obtained
over 1000 passwords
with no more effort than carrying it in a fanny pack and sitting down to have a coffee in a little bar,” he closes.
This is not something that escaped its creators.
One of them, Alex Kulagin, said in an interview with Gizmodo: “It's important to know that Flipper isn't actually cutting-edge technology.
We package all of this, like the access control systems we use every day, into a single device.
But it's not like it can interact with most of the super modern, cutting-edge technologies.”
What, then, is
the “danger”
that has been talked about so much on social media about the Flipper Zero?
What the Flipper Zero teaches us
Flipper Zero with home-made ESP32 module and a USB-Bluetooth module from Nordic Photo: Fernando de la Orden
Due to all the functions that the Flipper allows to perform, the device caused a stir around the world.
Amazon removed it from its catalog.
In Canada, the Government decided to ban it.
And on commercial flights, the United Kingdom began to detain him from getting into the cabin.
All the researchers consulted agreed that the Flipper
is practical and convenient, but the diagnosis does not go beyond an amateur tool.
"Today, in our field, we have more specific tools for
RFID, NFC and these technologies
, which are much more complete - and allow us to expand the spectrum of cards for cloning, for example - than the Flipper Zero, only the Flipper has the convenience of transportability,” added Joaquin Rodriguez Varela, co-founder and security researcher at Patagonia Security.
“Surely there are extensions to Flipper to solve specific problems, but the use I give it is more to
expose a vulnerability of a system in the field
, comfortable to transport, practically very
stealth
[camouflage] because it does not attract attention and can be used without taking out a laptop, which generates suspicion,” he adds.
Teno agrees with this: “At the end of the day, although there are others that fulfill similar functions, the Flipper earned its place as the most popular for simply having a screen and simple access to the functions, without much need for technical knowledge and yes with quite a bit of curiosity on the part of the user.
While the screen and menus are slow, that doesn't seem to matter
and many units have been sold, and several 'commercial' expansion boards, as well as pre-assembled boards with the DIY spirit in mind ”.
The device fits in a pocket, hence the practicality that the researchers highlight.
Photo: Fernando de la Orden
“In short, it is a very versatile bug and the size is very small, but by no means is it dangerous as they say.
For example, it is just as dangerous as a laptop,” adds Rodriguez Varela.
“He effectively has a commercial machine that he positioned as a
'tool to steal cars'
or open house gates.
Like all advertising, the fine print has disappointed more than one person and has sent several hackers to take their car to the workshop... to unlock the lock.
The notable case for me was that of the Bluetooth that we saw, where one of the many flaws of the protocol was exposed and brought almost to the fore something that the manufacturers do not want us to know:
that we compromise security for convenience
(who doesn't like wireless headphones?)”, reflects Teno.
Now, everything that hackers showed can be done in this article, can be done.
Does this type of hack talk about Flipper or does it talk about the technologies we use on a daily basis?
“We have an obsession with focusing on when someone shows us that something is insecure, when
the reality is that the Flipper Zero is not something extraordinary
, but rather it makes evident the ordinary nature of the systems on which our security and access controls depend” , a hacker who preferred to remain anonymous reflects in dialogue with this medium.
“
The Flipper is a euphemism for security
: we never worry about the errors that security teams have and we focus on who finds the flaws, to have a culprit.
And the Flipper Zero has a popularity effect that meant that many systems that we have used for 20 years, and that are known to be vulnerable,
can be compromised by anyone
,” he continues.
“What is the real question we have to ask ourselves?
Are we willing to live with insecure and broken systems, as long as no one explains to us how to break them, or do we live in a time in which showing that the things around us are broken
helps us understand how to protect ourselves
?
The device was intended, in the words of one of its creators, to “raise awareness that if something can be hacked with a $100 toy, maybe it's too insecure” to be used.
Flipper Zero is, ultimately, another chapter in the
intricate relationship
that technological advancement has with cybersecurity.
The dolphin appears just above the tip of the iceberg of all this.
Different microcontrollers used in ethical hacking, along with the Flipper Zero with a homemade WiFi module.