Flipper Zero Scared The Hell Out Of Us At SecTech.
Flipper Zero scared the hell out of us at SecTech after a 5-minute run-through of some of its stand-out capabilities we think every access control manufacturer and security integrator needs to buy one to get across the risks.
In short, Flipper Zero is a portable multi-tool designed to hack digital solutions, including access control systems, automation controllers, RF protocols, and plenty more. We’ve written about Flipper before but without seeing it in action.
Flipper Zero Scared The Hell Out Of Us
We ran through some of its capabilities after SecTech Perth, including its ability to emulate every access control card and credit card we had at the table. Frankly, it’s scary and we’ve ordered one so we can undertake a comprehensive review.
The unit is 100 x 40 x 25mm in size, weighs 102 grams, is constructed of poly, has an operating temp of 0-40C, and an input voltage of 5V. While Flipper looks like a toy, the product’s specifications are serious stuff. There’s an ARM Cortex-M4 32-bit 64 MHz applications processor and an ARM Cortex-M0+ 32 MHz network processor, with Flash memory of 1024 KB and FAT32 formatted microSD card support.
Flipper Zero can read, clone, store and then emulate the 125kHz credentials with ease and has no trouble doing the same to 13.56MHz credentials. Thanks to its NFC module, which supports all standards, including NXP Mifare, Flipper can read, write, store and emulate HF credentials, too. And if you think face recognition can save you, there may be issues with keeping that data secure.
Flipper Zero Scared The Hell Out Of Us At SecTech
Flipper’s integrated Bluetooth Low Energy module allows the unit to interact with Bluetooth devices. BLE support allows Flipper Zero to operate as BLE host or peripheral device, connecting to 3rd-party devices and a smartphone simultaneously. There’s Wi-Fi, capability, too, expanding the risks to emulation of mobile devices.
Flipper Zero allows hardware exploration, firmware flashing, debugging, and fuzzing. It can be connected to any piece of hardware using GPIO pins to control hardware via its buttons, as well as running its own code.
We are going to be enlisting the help of a couple of propellor-heads to get a handle on the device but it’s obvious that this unit – and others like it which cost far less – have opened a new front in electronic security risk, and burying our heads in the sand will not make this risk go away.
From what we saw after SecTech Perth, Flipper’s capabilities make a sound argument for using mechanical keyways in high security applications – or selecting only the highest security readers and credentials. Stay tuned to SEN for more – you can read more about Flipper here.
“Flipper Zero Scared The Hell Out Of Us At SecTech.”