Flipper Zero is a pocket-sized, hardware-hacking tool that’s useful for exposing vulnerabilities in outdated wireless systems and understanding how different electronics work.
What Is Flipper Zero?
Flipper Zero is a handheld penetration-testing device that can read, copy and emulate wireless signals in its environment.
Launched as a crowdfunded project in 2020, Flipper Zero has gone viral on TikTok. In some videos, users wield it to turn off electronic fast food menus, prank Walmart employees, open Tesla charging ports and adjust prices on gas station displays. And while most of these recordings depict harmless jokes, others show dubious applications of the tool — like unlocking iPhones and cloning hotel room keys — that leave many questioning the legality of the device and others like it.
What Is Flipper Zero?
Flipper Zero is a portable, multi-functional tool designed for penetration testing. The toy-like gadget, which features an orange-backlit screen and a five-position D-pad, contains sensors and radio transceivers that can read, copy and replicate various electronic signals sent out by wireless devices in its environment.
A product of a $4.8 million Kickstarter campaign, Flipper Zero gamifies ethical hacking for “hardware geeks” and recreational pentesters with a built-in Tamagotchi-like virtual pet dolphin to take care of. As users explore the interface and different module functionalities — like interacting with radio frequency identification and near-field communication tags, radio remotes as well as iButton and various digital access keys — they level up in the game and keep their pixelated companion happy.
Made with open-source hardware, Flipper Zero has a programmable interface that’s fully customizable, and it retails for $169.
How Does Flipper Zero Work?
Flipper Zero comes with a variety of built-in communication modules, each with a set of their own protocols. These modules “speak” with nearby devices through signals, while protocols interpret transmitted data. This capability allows the pen-testing gadget to act like a number of everyday devices. For example, it can be used to simulate TV remotes, garage door openers, smart light controllers, computer keyboards and even read pet-tracking microchips.
Flipper Zero can scan, capture and emulate the following signals and applications:
- Sub-GHz radio frequencies (RF)
- 125 kHz radio frequency identification (RFID)
- Near field communication (NFC)
- Infrared
- General purpose input/output (GPIO) pinout
- iButton
- Bad USB
- Universal second factor (U2F)
- Human interface device (HID) controllers
- Troubleshooting
The ability to speak the language of several different radio protocols “means that Flipper Zero can also interact with devices that might be used to exploit people,” Brian Callahan, a senior lecturer and director of the Rensselaer Cybersecurity Collaboratory at Rensselaer Polytechnic Institute, told Built In. Callahan said that Flipper Zero even has the ability to breach access control systems and lift information from contactless credit cards.
Even so, some experts say the controversy surrounding Flipper Zero is overhyped, posing as much risk as any cell phone with a card-skimming app.
What Can a Flipper Zero Device Do?
Flipper Zero is commonly used for penetration testing, device emulation, automating script and hardware interfacing.
Pentesting
Pentesting, a portmanteau of “penetration testing,” is a type of ethical hacking that launches authorized cyberattack simulations on a system as a way to expose vulnerabilities. By mimicking the actions of malicious hackers, Flipper Zero pentesters are able to identify cracks in cybersecurity that would have otherwise been exploited during a real-world attack.
Device Emulation
Flipper Zero can read, copy and emulate signals from a number of technologies, including the following modules:
Sub-GHz
Flipper Zero uses its Sub-GHz module to interact with wireless devices that operate on low-frequency radio bands, typically between 300 MHz and 900 MHz. This allows them to interact with vehicle remote key fobs, garage door openers, smart-home internet-of-things devices and alarm systems. It can also collect and decode data from local weather stations and relay information from tire pressure monitoring systems.
RFID
With the 125 kHz RFID module, users can read low-frequency RFID tags that are commonly used in access control systems. It can then capture the data from these RFID tags, store it and simulate the tag, breaching building entry systems, employee ID badges, parking lot access cards and hotel room keys. It can also be used to read an animal’s microchip implant.
NFC
NFC tags, which largely power tap-and-go technology used in contactless payment cards and building or employee access badges, can also be emulated using Flipper Zero. In some cases, this data can be stored onto the device.
Infrared
With Flipper Zero, users have their very own universal remote control. With a built-in infrared transceiver, it can mimic the behavior of different remotes by capturing infrared signals they emit, then storing and replaying those signals to control other commonplace IR-enabled devices, such as TVs, air conditioners and smart-home IoT devices.
Script Automation
Using its BadUSB functionality, Flipper Zero is seen as a generic HID controller, like a mouse or keyboard, when connected to a port. Once it’s inside the system, users can upload their own script or automate scripting language, enabling tasks that typically require physical access like change system settings, open backdoors and retrieve data.
Hardware Interfacing
With its GPIO pins, Flipper Zero can physically connect external electronic components such as sensors, actuators and relays. From there, the gadget can send and receive signals to interact with and control various hardware elements, which is great for DIY projects, prototyping and custom automation tasks.
Is Using a Flipper Zero Illegal?
No — but using Flipper Zero to do unlawful activities is still illegal.
“Similar to guns, lockpicks and even cars, Flipper Zero is just a tool that can be used both for good and evil,” Josh Amishav, founder and CEO at cybersecurity company Breachsense, told Built In. Nefarious use of the multi tool has resulted in an all-out ban in Brazil and restrictions in Canada. Flipper Zero’s bad rap has also gotten it removed from Amazon marketplace, which tagged it as a “card skimming device” that violates policy.
While Flipper Zero can be used to clone access control cards or intercept signals by bad actors, security professionals use specialized devices with the same functionalities to demonstrate risk and enhance the security of wireless communications.
Either way, more powerful products with specialized hardware are available on the market.
“The only thing special about [Flipper Zero] is the size and convenience — that’s it,” Michael Hasse, a cybersecurity consultant who worked on one of the first pre-McAfee virus patches, told Built In.
All of the same operations, and then some, can be performed with a regular laptop with USB add-ons, apps on a smartphone or a similarly configured Raspberry Pi.
“If the people who are so upset about the Flipper really wanted to make a difference,” Hasse added, “then they would be enacting laws around security requirements for wireless devices in general, not just banning a single tool arbitrarily.”
Frequently Asked Questions
What can Flipper Zero do?
Flipper Zeros read, copy and emulate transmitted signals — such as RFID, NFC, infrared and sub-GHz RF — which allows it to do things like control TVs, open garage doors, imitate access badges and read a pet’s microchip.
Can Flipper Zero unlock a car?
Yes, but Flipper Zero must first successfully record the infrared or sub-Ghz signal that’s emitted by the car key fob in order to emulate it on its own.
Are Flipper Zeros legal?
Flipper Zero is legal to own and use, but it is still against the law to use it to engage in any illegal activities.