Welcome to Evil Week, our annual deep dive into the slightly sketchy hacks we usually wouldn't recommend. Want to score free drinks, play intricate mind games, or perhaps launder money? We've got you covered with all the info you need to elevate your rudeness game.
As it's Aussiedlerbote's Week of Wickedness, let's explore a gadget that can be used for "mildly" naughty pursuits: the Flipper Zero. Though it may look like a toy, this pocket-sized device can be used for a variety of hacking and penetration testing tasks. It's like a Swiss Army knife for under $200.
With Flipper Zero, you can control your TV, bypass your Nintendo Switch, alter your work ID, unlock your hotel room door, and more. You can see where the "rude" part might come in, but it's essential to remember that it's just a tool, and its ability to commit crimes is vastly exaggerated.
Is Flipper Zero Legal?
Although Flipper Zero has the potential for illegal uses, it's legal in the United States. However, its legality has caused some concerns. In 2022, a shipment of 15,000 devices was seized by customs, but it was eventually released. In April 2023, the South Dakota Fusion Center alerted law enforcement agencies across the country that the device could be used by domestic terrorists, leading Amazon to ban its sale on its website, labeling it as a "skimming tool."
How Does Flipper Zero Work?
Essentially, Flipper Zero is a two-way remote control that can receive, read, save, and transmit various types of wireless signals, including RFID, NFC, Bluetooth, Wi-Fi, and radio. While there are other devices that perform some of these tasks, Flipper Zero brings them all together in an easy-to-understand format. Anyone can pick it up and use it to read an NFC card or switch off a neighbor's TV. The user-friendly nature of Flipper Zero can be seen as a tool to demystify technology or as a way to supply a powerful tool to individuals with limited technical knowledge to cause chaos. It's all about how you use it.
What Can You Do with Flipper Zero?
Here's a list of some common ways you can use the Flipper Zero (though there are numerous possibilities):
Use It as a Universal Remote
You can replace your infrared remote with Flipper Zero, allowing you to control your TV, stereo, AC, and more from a single device. Flipper Zero uses "Brute Force" to send its infrared code library to the device it's aimed at, allowing it to control any device with an infrared remote – as long as it's not paired with a specific remote. So, you can switch TV channels at the bar or silence your neighbor's TV at 2 AM (though you probably should).
Measure Your Pet's Temperature (if it's chipped)
If your pet has an RFID chip, Flipper Zero can read its ID number and even measure its temperature with a thermochip. Simply hold it close to the RFID chip for a few seconds, and you'll hear its ID number. If you're unsure where the chip is located, you can "scan" your pet with Flipper Zero to find out. Note that Flipper Zero cannot locate lost pets, but it can function as a scanner.
Clone Keyless Entry Fobs
If you have a keycard that unlocks a door, you can likely clone it with Flipper Zero – whether it's your work ID or hotel room keycard. However, this might be an unsettling dream scenario. You can only clone keys you already have. So, while you can't open any random hotel door, you can open the one you've already been given the key for (which you can usually find at the reception desk).
Read Your Credit Card Information
Flipper Zero can scan credit cards and sometimes even read their expiration dates, but it cannot transfer or read the CVV code. This is why Amazon banned the device on its website, but it's not actually as sinister as it sounds.
Induce an Android Phone Crash (select devices)
You can use Flipper Zero to send a large volume of Bluetooth messages to Android phones within range, causing them to crash. However, this requires downloading an unofficial developer version of a third-party app and performing specific steps.
Update: December 15, 2023: Previously, this was possible on iPhones, but with the iOS 17.2 update, Apple removed Flipper's ability to overload the iPhone with excessive Bluetooth requests. The phone may still receive messages but will not be affected. As of now, there are no known patches for Android phone crashes.
Open the Tesla Charging Plug (if the security flaw isn't fixed)
You cannot steal a Tesla with Flipper Zero, but you can trick a Tesla owner by using it to open their charging plug (assuming the security flaw isn't fixed yet).
Open Garage Doors or Security Doors
This is uncertain. Some older garage doors and security doors might be able to open with a device like this. Newer models use different security measures, such as rolling codes, which makes saving codes on this device ineffective.
Ring a Doorbell from a Distance
This works only with specific types of wireless doorbells (usually older models – Ring or Nest doorbells are likely secure). You must first learn and save the doorbell's frequency to succeed. Once done, you can ring the doorbell from a distance.
Clone Amiibo Figures (Nintendo)
Nintendo's Amiibo figures essentially contain RFID chips surrounded by figurines. With Flipper Zero, you can scan, simulate, and return the codes to your Nintendo Switch, unlocking extra features in your game without having to purchase the vinyl figure. Alternatively, you can use this and skip the Flipper middleman to unlock additional game functions without purchasing a physical figurine.
Explore the Invisible World around You
Many people disappointed with Flipper Zero's limitations will likely turn to other devices. However, Flipper Zero is still a valuable tool to investigate hidden aspects of our environment. You can use it to determine the location of your Wi-Fi signal's weakest points or to find out how often your iPhone emits infrared waves. You can test the security of all your devices (doorbells, garage doors, locks, etc.) to ensure that no one else can use Flipper Zero to bother you.
What Flipper Zero Can't Do
There are many misconceptions about what the Flipper Zero can do. It's not a universal hacking tool that can instantly crack everything. While you can't use Flipper Zero to steal a car, you can technically open it if you already have the key. Here are some things Flipper Zero cannot do – at least not right away:
Steal a Car
Although TikTok videos may suggest otherwise, you cannot open and start a car with the Flipper Zero, not even your own. The keyless entry sends a signal to the car's onboard receiver, and while Flipper Zero can read and replay the signal, it requires the original key to do so.
Alter Gas Prices
The TikTok video purporting to change gas prices remains a hoax.
Steal Money from an ATM
You can't empty an ATM with a handheld device like Flipper Zero.
Modify Traffic Lights
Due to its capabilities, Flipper Zero can control a series of external infrared LED lights that would mimic an Opticom (a device that can modify specific traffic lights). However, it's not Flipper Zero that changes the signals, but rather the LED lights itself. You can simulate this effect with other devices just as easily.
Open Other People's Hotel Room Doors
While Flipper can read and store the RFID signal required to open locked hotel room doors, you can't open other people's rooms without initially having their key.
Is Flipper Zero Evil?
Flipper Zero is not evil. While it's commonly used by skillful hackers to explore questionable territories, there are many legitimate uses for the device, like security research and home automation. It's a popular tool for hackers, yet its dark nature stems from how people choose to use it. It's a mere tool, and the evilness comes from how you wield it.
Sources:
Enrichment Data:
The Flipper Zero may be associated with hacking, but it has numerous legitimate uses distinct from its shady reputation:
- RFID and NFC Cloning
- Security Research: Flipper Zero can read and emulate RFID/NFC cards for security research or testing purposes, helping identify potential vulnerabilities in RFID/NFC systems.
- Infrared Signal Control
- Home Automation: Flipper Zero can control devices using infrared signals. This is convenient for home automation projects, where remote control can be especially useful.
- Sub-GHz Remote Analysis
- Garage Door and Car Key Fob Testing: Flipper Zero can analyze and reproduce sub-GHz remote signals, like those used for garage doors or car key fobs. This makes it an essential tool for understanding how these systems work and ensuring they are secure within legal limitations.
- GPIO for Hardware Hacking
- Experimental Projects: The Flipper Zero has GPIO pins, which allow users to interact with small electronic components for hardware tinkering and experimental projects.
- USB Emulation (BadUSB):
- Automation Tasks: By emulating keyboards, Flipper Zero can automate repetitive tasks, such as pressing keys in software development or testing environments.
- Light Painting with the Light Messenger:
- Artistic Projects: The Flipper Zero's accessory, the Light Messenger, allows users to create Persistence of Vision (POV) light paintings, involving text and images displayed in midair using the device's LEDs and accelerometer. A creative application of the device outside of its association with hacking.
