This Makes Hacking TOO Easy - Flipper Zero

It looks like a children's toy but it's. actually one of the most versatile, hacking tools to ever hit the market and, if you've been on Tik Tok in the last 6 months there's a good chance you've seen, people using it to change gas station signs set off department store PA, systems and open up Tesla charging ports it's been deemed so nefarious that even, though it is legal shipments have been seized in the US Brazil and Israel which kind of makes sense because out of the box The Flipper zero can read and, emulate NFC rfad infrared and ey button. devices and even more worrisome is its, ability to read and emulate sub gz. frequencies like the ones used in car keys garage doors motion sensors. doorbells and more rest assured if. there's a wireless device this thing can, find a way to attack it disrupt it or become it which seems concerning right. but does it actually pose a risk to. society or is the hysteria simply a knee-jerk reaction from the uninformed. when we're done with the flipper zero, you're going to know what's true and, what is hazardous clickbait. misinformation you'll also know about our sponsor build Redux hey Gamers tired, of choppy performance and inconsistent frame rates level up your gaming, experience with build Redux they'll have. your new pc built and shipped directly to your doorstep check them out at the, link in the video description the fact, of the matter is that once you cut through the marketing in the fud the, actual capabilities of The Flipper zero. are not only limited but can almost. entirely be replicated using an Arduino, or Raspberry Pi along with readily available add-on boards take for example the sub gigahertz transceiver feature, which mischievous folks are using to, change gas signs open locks and Gates and set off customer service announcements in Walgreens customer service needed in the cough and cold Department according to Flippers documentation sub gigz is handled by the, Texas instrument, cc101 a chip that's been around since at, least 2007 and can be purchased on, Amazon complete with antenna breakout, board and free shipping for less than. $10, so is it bad that any slack JW yokal can go around changing the price shown on gas station signs well probably but. let's look at the bigger picture here if. you owned a gas station would you rather, some kid came along and pranked your. sign in a totally reversible manner or, would you rather that the vulnerability was exploited by someone else someone. with the kind of skills to take that $10 Amazon purchase and turn it into a far more costly incident speaking from, recent personal experience I'll take the. mostly harmless reminder to harden my. security 8 days out of the week the good, news is that the remedy is relatively, simple instead of sending the same code. each time for a particular action a. rolling Code system uses its keyh and. counter to cryptographically generate a new code each time an action is. performed the receiver stores a list of. upcoming codes and checks the scent code. against those just in case a few were, missed once a code is used it's removed, from the list of valid codes and a new. code is generated according to Anna pra, flippers head of sales the zero is specifically designed to not break these, systems problem solved then well sort of, there's bad news too while miss Pros. fatova seems proud that flippers moral code is strict enough that you don't, need to worry about your car being. stolen with a zero she also points out, that not only can rolling codes be, beaten but that if a device that, performed such function existed it would also be legal and while they might not. be as viral she is absolutely right there are plenty of other hacking gadgets like this one from Great Scott. gadgets that do exist can beat rolling, codes and are legal the hack RF was, first demonstrated in 2015 at Defcon and its party trick is that it can both jam and read the same RF signals as The, Flipper zero this setup allows it to. collect two codes from the transmitter, pass one of them along so the target doesn't get suspicious and then keep the stolen code then as long as it stays in jamming range it can continue to steal new codes and perform actions against the target at will or assuming it can. steal enough codes you can even make an

attempt at decrypting the key the point. here though is not that you shouldn't. bother updating to a rolling Code system but rather that there are much more, sophisticated attacks out there and if. the flipper zero was all it took to hack. your main frame you should be grateful for the wakeup call but what about lowf, frequency RFID the kind that might be used to open doors at an apartment building The Flipper can read save. emulate and even brute force them I find. this function pretty unnerving. personally in the wrong hands it could be extremely dangerous or even fatal and, in many cases the victim would have no power to update the security practices. of say the hotel they're staying in or the poorly maintained apartment that, they rent but we've got to remember once. again that the flipper zero isn't doing. anything particularly gamechanging here other than alerting us to the, availability of the these tools as a. method of copying tags The Flipper zero. is only useful if there's either very, old encryption or none at all if you. were worried about something more modern like the RFID on your passport getting. stolen it's probably not an issue since that's encrypted it should be noted that the key is the passports document number expiry date and date of birth which is why you should always keep your passport, in a safe place like the RFID blocking pocket of the LTT backpack LTT store.com now I know I said that it can brute for. RFID locks as well thankfully most RFID readers only read every few seconds as a. way to combat this sort of attack so if. you were to see a flipper zero used to, crack the vault in a movie Heist you. would know that the writers are taking. some artistic Liberties one thing the, RFID reader is quite useful for though is reading pet microchips while they may sometimes be encrypted it's not uncommon, for them to just be raw data and most, countries that use them have some sort of central database these databases, probably won't tell you any owner info. but they will at least tell you what, agency to get in contact with to get a. Lost Pet back to its family yay now NFC is a subset of RFID though at higher. frequencies and The Flipper zero can, read write and emulate NFC as well as. before the zero then can hack devices. that are using older encryption like, meair classic but if you present it with, anything newer it won't be useful for much one exception to that though is tap to pay credit cards which will spit out, a fair bit of easily readable. information though it shouldn't include. the postal or zip code card holder name or CVV so the attacker will likely also, need access to the physical card in. order to actually use it by which point. they might as well just snap a picture. rather than use a high-tech doohickey. it's even less of a danger reading a tap to pay credit card on someone's phone since banking apps typically add an. extra security layer by generating a new number for each payment similarly things. like Transit cards will only allow you to read the uid not the full contents, required for it to be usable Transit, systems that do have security flaws. related to their NFC are often quick to patch it to as happened here in Vancouver when trans links tap to pay system rolled out in 2016 the ability to rewrite single-use cards was being, exploited by people who were using their. Android's NFC system if you've got a Nintendo switch you might find one good. use case for the NFC is to emulate amiibos but once again you can get similar functionality with an Android. phone this time by using a bunch of. single-use NFC 215 tags that can be. purchased for about 30 cents a pop on, Amazon another functionality you could, get with the flipper zero but could also. get with an Android device is bad USB if, you've seen our video on the USB rubber. ducky bad USB is very similar it's a, keyboard emulator that can be used to, stealthily execute macros and scripts on, a Target device using an unlicensed, version of the ducky script coding language when we spoke to jacobe the, creator of the largest bad USB repo on, GitHub as well as the top contributor to, the payload hub for the rubber ducky, they said when compared against something like the rubber ducky or the, OMG cable The Flipper zero doesn't stand. a chance as far as performance goes but if you could plug it in behind someone's. setup it could be controlled with your,

phone and then the danger rating is no longer determined by the device itself. but rather by the creativity of the thread actor Ah that's an interesting. and important point we're already. recognizing this pattern where anything, The Flipper zero can do something else. can do and may be better but it's the, versatility that sets it apart The, Flipper Z can be controlled remotely. from both phones and computers using their extremely slick apps Q flipper also works on the steam deck as demonstrated in this Reddit post by the flipper zero CEO while this type of, Wireless attack could be dangerous on. its own a particularly ingenious nerell. could take things much further with the Zero's general purpose in and out pins. through gpio add-on boards can be used to tack on features like Wi-Fi a camera, or 2.4 GHz RF it just so happens that Logitech unifying receivers also use 2.4. GHz RF signals with the addition then of, less than $5 worth of electronics the, zero is able to connect to Old unpatched Logitech receivers and execute bad USB, ducky script without ever having to touch the computer that's a big yikes, but it still doesn't change our main. point so could a pie or an Arduino or realistically an Android phone so yes, the sky is the limit when it comes to, the capabilities of a microcontroller, into a robust gpio system I mean we've seen Geer counters light meters. ultrasonic distance sensors and there's plenty of people working on new. additions but the device is not the. danger it's the Ingenuity of people and. the power of the community that flipper devices Inc has built around their, particular Gadget I mean it's an incredible success story starting out as a Kickstarter campaign The Flipper zero. raised $5 million and then this is the, really shocking part delivered fully on, its promises not only did The Flipper team Peak the interest of tens of, thousands of people they fostered a community that's willing to innovate and evangelize which has pushed their Niche. Gadget into the mainstream Spotlight and turned it into a true Swiss army knife, of hacking devices and if the current, momentum is any indication new add-ons. programs and custom firmware are going, to continue to extend the lifespan and utility of the device as time goes on is, it as good for gaming as a Nintendo switch as stealthy as a rubber ducky as, aoral as a hack rf1 no but for something, so pocketable it is shockingly decent at, all of these things without crossing the, line into illegality whatever scary stories might have been told by. sensationalist media personalities from our point of view then the flipper zero has the potential for mischief and much, worse but it also has legitimate uses. the best of which is to find out if you're vulnerable to attacks that would, cost a determined Butthead less than a. 4K monthly subscription to float plane, without actually getting hit by them then once you're sure you're safe from. the plethora of basic vectors that it, can perform well you still have yourself, a cute little electronic dolphin friend. that can play Doom uh what it can't do. yet though is segue to our sponsor Squarespace if you want to build a brand online you need a website but if you, just learned how to turn on the little flashlight on your phone how are you, going to build a whole website well. Squarespace can help they're the. One-Stop No Frills allinone platform for expanding your presence on the internet. squ space lets you build beautiful. websites engage with your audience and. sell anything and everything from, products to content without needing to. spend four years getting a website building degree we love Squarespace so much we use it here at lmg for LTX Expo and linusmediagroup tocom and it custom templates make it easy to stand out with, a plethora of themes and customization options to fit your needs you can. maximize your visibility thanks to a, suite of integrated SEO features there's, also analytic insights to help you optimize for performance so you can see. what's working well and What needs tweaking get started today and head to, Squarespace, /lt to get 10% off your first purchase, if you enjoyed this video check out the, shenanigans we got into with the USB. rubber ducky why are these devices so cutely named when they're so Insidious.