Clearing Up the Flipper Zero

A recent article from ABC News reported The Queensland Police are concerned about Flipper Zero, as it could be used to hack car keys and security systems. This is all misinformation and I am here to clear this up!

---

What is a Flipper Zero?

According to the ad listing on Kickstarter, the Flipper Zero is a portable multi-tool for pentesters and hardware geeks in a toy-like body. This device is designed to “hack” radio frequencies such as RFID, NFC, and Sub-1GHz signals.

You might notice the hack in quotation, the device doesn’t hack in the traditional sense of what you see in the movies, the device is designed to intercept signals, and if the protocol used is vulnerable, it will try and decrypt it.

Can it hack car keys and security systems?

The short answer is, yes the Flipper Zero can in a sense “hack” car keys and security systems.

What I mean by this is, that any modern car now has a key fob with a rolling code, where the key fob generates a unique code each time the button is pressed. A device like Flipper Zero will not be able to capture this communication. Let’s play devil’s advocate and say the Flipper Zero can intercept key fobs, those rolling keys only work once, so an attacker would require a few codes to do anything and to capture those signals would require close proximity. Modern cars also require the key fob to be in the vehicle to start.

You probably have heard in the news about the uptick of stolen cars, and replay attacks. Thieves who steal cars are not utilising devices like the Flipper Zero, they are utilising specifically designed keyless repeater kits that would cost thousands. These devices capture the signal your key fob is broadcasting and replay the code to your car to enter and start.

However, older cars, pre-1990s, with non-rotating codes can easily be stolen by intercepting the signal. The flipper could, in theory, intercept those signals, but as the device can only work with sub-1GHz frequency, that means the key signal needs to be utilising those frequencies. There has been no report of stolen cars that utilised a Flipper Zero.

Now how about security systems, such as garage fob or apartment entry? Yes, the Flipper Zero can copy and clone the fobs and key cards that utilise the NFC or RFID frequency. This might sound worrying, and it should, the device perfectly showcases how vulnerable these devices are. Companies need to invest more in the security of their products, which they won’t do unless something forces their hands.

Are there legitimate uses?

I own a Flipper Zero and use mine legitimately to understand and learn about radio frequency, and how vulnerable devices are. I managed to read and clone my garage fob and apartment access fob. A real-world legitimate use of the device was to clone my girlfriend’s garage key fob to allow me access to her apartment complex. If she had to ask for a second fob, this would have set her back a few hundred dollars.

It can also be used as an infrared remote control, but one useful feature is the Bad USB function. Bad USB function is very similar to a Rubber Ducky, in which you can have scripts on the device to do perform a function if it’s plugged into a computer. This is great if you’re working in IT, as you can automate repetitive tasks, such as setting up a computer.

Would a ban solve this issue?

I do not personally believe a ban on the device would not solve any issues. There are other devices available that offer the same capability or even enhanced capability, and as the project is open source anyone can recreate it. There should be updated laws that ban the sale of vulnerable or insecure devices on the market, forcing people to utilise more secure products.

Don’t blame the tool, we need to start addressing the insecure and vulnerable products.