The Flipper Zero has gone viral, as social media platforms are flooded with video clips showing people how to use the $200 hacking device to unlock cars, secured gates and even doors to private buildings.
“It’s really versatile. It’s really easy to use and it’s opening up a whole new world, “ said information security expert Matthew Jakubowski, CEO of Crowd Control. “It’s able to clone certain things like badges or garage door openers.”
The small, portable tool is jammed packed with electronic sensors and radios that can clone and replay signals from any other wireless device. Flipper Zero is designed to be used by beginners as well as advanced security experts.
“You could write some scripts that will actually run a bunch of commands when you plug it into a computer, “ Jakubowski added.
However, both Jakubowski and fellow security expert Chris Carlis of the Dolos Group, say the Flipper Zero viral videos are a bit overblown.
“The potential dangers of the Flipper, they’re not as severe as being made out on these videos,” Carlis said.
They say video of the cloning device unlocking a car could only work one time because most cars have rolling code technology.
Local
“If you are walking away from your car and you hear it lock and then you hear it do the beep again sort of thing, take a second to like check back because that could’ve been someone cloning it, “ Jakubowski warned.
Also, Flipper Zero must be nearby to clone a remote-control signal and extremely close to clone your key fob or security badge.
Feeling out of the loop? We'll catch you up on the Chicago news you need to know. Sign up for the weekly Chicago Catch-Up newsletter here.
“With the Flipper Zero the read range is effectively zero. You have to hold it right on the badge,” Carlis said. “There are other tools that attackers could use to read from up to maybe 18 inches away effectively.”
Amazon confirmed to NBC5 Investigates that they banned the Flipper Zero from being sold on its website in April.
An Amazon spokesperson provided the following statement in an email:
“Third party sellers are independent businesses and are required to follow all applicable laws, regulations, and Amazon policies when listings items for sale in our store. We have proactive measures in place to prevent prohibited products from being listed and we continuously monitor our store. Those who violate our policies are subject to action including potential removal of their account.“
“They classified it as a skimmer. So, it’s a credit card skimmer which they don’t allow,” Jakubowski explained.
However, Carlis warned there are easier ways for attackers to get a person’s credit card information.
"You’re more at risk for someone taking just a picture of your credit card and flipping it over and getting the little CID number on the back, which a skimmer is not going to give you," Carlis said.
Both security experts use a Flipper Zero for their personal devices.
“Occasionally, I forget to grab my badge on the way out of the office and I used to have to head back and pick that up. But now I’ve made a copy of my work badge on my Flipper Zero and it’s in my bag, “ Carlis said.
“It’s a nice little Swiss Army knife of electronics, “ Jakubowski added. “I’ve had multiple studios I have to get access to and so instead of brining four or five key cards I used to bring, now I can just bring this.”
NBC 5 Investigates reached out to Flipper Zero multiple times to ask them about their device but they never responded.
