Tagged: flipper zero

Flipper Zero Starts a Petition To Fight Canada Ban

Back in early February we reported about how the Canadian government is making plans to completely ban the Flipper Zero, and popular pentesting tool. The wording from Dominic LeBlanc, Canada's Minister of Public Safety, also implies that software defined radio devices could also be banned.

The reason for the ban is because the Canadian government claims that Flipper Zero and 'consumer hacking devices' are commonly being used as tools for high tech vehicle theft. However, as mentioned in the previous post, this has been debunked.

The team behind Flipper Zero have recently started a petition on change.org to stop the ban. At the time of this post the petition has already reached over 8,000 signature. The team have also penned a comprehensive "Response to the Canadian government" blog post, explaining why the ban makes no sense. In the post they debunk the myth of Flipper Zero being used for car theft, and show the real way high tech car theft is being done.

Canada Moves to Ban Flipper Zero and Possibly Software Defined Radios

Dominic LeBlanc, Canada's Minister of Public safety has recently declared that they plan to ban devices "used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero". The text specifically calls out the Flipper Zero, however the wording appears to imply that any device that can copy a signal will be banned. This means the ban could extend to RX/TX SDRs like the HackRF and possibly even RX only SDRs like RTL-SDRs.

The Flipper Zero is an affordable handheld RF device for pentesters and hackers. It is not based on SDR technology, however it uses a CC1101 chip, a digitally controlled RX/TX radio that is capable of demodulating and modulating many common digital modulations such as OOK/ASK/FSK/GFSK/MSK at frequencies below 1 GHz. There are many CC1101 devices on the market, but the Flipper Zero has gained huge popularity on social media because of it's excellent software support, as well as its cute marketing tactic. In the past it was even featured on the popular Linus Tech Tips YouTube channel.

Flipper Zero has had a long line of setbacks including PayPal freezing 1.3M of its cash, and US customs temporarily seizing its shipments, then passing a $70,000 bill on to them for storage fees and Amazon banning the product on their marketplace.

In our opinion, we believe that the ban appears to be misguided. The Flipper Zero is a basic device that can only perform a simple replay attack, which is to record a signal, and replay it at a later time. These sorts of attacks do not work on vehicles built after the 90's which now use rolling codes or more sophisticated security measures. To defeat rolling code security, a more sophisticated attack called Rolljam can be used. A Rolljam device can be built for $30 out of an Arduino and two cheap transceiver modules.

However, according to arstechnica the biggest cause for concern in terms of car theft is a different sort of attack called "signal amplification relay".

The most prevalent form of electronics-assisted car theft these days, for instance, uses what are known as signal amplification relay devices against keyless ignition and entry systems. This form of hack works by holding one device near a key fob and a second device near the vehicle the fob works with. In the most typical scenario, the fob is located on a shelf near a locked front door, and the car is several dozen feet away in a driveway. By placing one device near the front door and another one next to the car, the hack beams the radio signals necessary to unlock and start the device.

This sort of attack is a lot less sophisticated in many ways as all you are doing is amplifying a signal, and no clever hardware like the Flipper Zero or a software defined radio is even required. The X video below demonstrates such a hack where a criminal holds up a loop antenna to a house. The loop antenna is connected to a signal amplifier which amplifies the keyfob signal, tricking the car into thinking the keyfob is nearby, and allowing the door to be unlocked by touching the handle, and then turned on with the push to start button.

Flipper zero note that they have not been consulted about the ban, and replied on X stating that they are not aware of the Flipper Zero being used for car theft.

Video showing Flipper Zero Smoking a Smart Meter may be Fake

A few days ago we posted a YouTube video by Peter Fairlie which shows him using a Flipper Zero to turn a smart meter on and off, eventually causing the smart meter to destroy itself by releasing the magic smoke.

The video has rightly gone viral as this could have serious implications for the security of the residential electricity infrastructure in America. However there has however been some skepticism from smart meter hacking expert "Hash", and over on his YouTube channel RECESSIM he has talked about his suspicions in his latest Reverse Engineering News episode.

In Peters video the description reads "Flipper Zero's attack on a new meter location results in the sudden destruction of the Smart Meter. Something clearly overloaded and caused the meter to self destruct. This might have been caused by switching the meter off and on under a heavy load.", and so it appears he is talking about Flipper Zero directly controlling a smart meter service disconnect feature wirelessly via some sort of RF interface.

However, Hash is an expert in hacking smart meters having done many experiments and videos on his channel about the topic. He raises suspicion on this video with the biggest point being that the Ameren meter brand and model number featured in the video actually does not have any ability to be switched on and off wirelessly. Hash instead believes that the smart meter may instead be connected to a custom wireless relay system created by Peter which is not shown in the video.

Secondly, Hash was able to track down Peters address via GPS coordinates Peter accidentally released in another video. This shows him in Ontario, Canada, outside of the Ameren meter service area, which is for Illinois and Missouri only. Hash speculates that the Ameren meter was purchased on eBay for his experiments.

So while the meter breaking and smoking may be real, other Ameren meters should be safe as the only reason it was able to be controlled wirelessly and insecurely was due to it being connected to a custom wireless relay system. 

It's not clear if Peter set out to purposely mislead to gain notoriety, or if its simply an experiment that he did not explain very well. Peters YouTube channel is full of other legitimate looking Flipper Zero and RF hacking videos so it's possible that it's just a case of Peter not explaining the full experiment that he was doing correctly.

(In the video below Hash talks about the Flipper Zero Meter story at timestamp 4:31)

Flipper Zero Kills Smart Meter?? - Reverse Engineering News - June 13th 2023

Flipper Zero Self Destructs an Electricity Smart Meter

Flipper Zero is an affordable handheld RF device for pentesters and hackers. It is not based on SDR technology, however it uses a CC1101 chip, a digitally controlled RX/TX radio that is capable of demodulating and modulating many common digital modulations such as OOK/ASK/FSK/GFSK/MSK at frequencies below 1 GHz. 

We've posted about the Flipper Zero a few times before on this blog, especially given that it is now a famously known device, having found popularity on TikTok and having been reviewed by famous Tech YouTubers like Linus Tech Tips

Recently a video on YouTube by Peter Fairlie has shown the destructive power of the Flipper Zero. In the video it appears that Peter was using the Flipper Zero to wirelessly turn the power meter on and off, which also controlled the power to a large AC unit. Eventually switching the meter on and off while under a heavy load resulted in the meter self destructing and releasing the magic smoke.

Amazon Bans the Flipper Zero

Just yesterday we posted about Linus Tech Tips review of the Flipper Zero. In related recent news, Flipper Zero was also banned from Amazon for being a "card skimming device". While the Flipper Zero reading the public NFC data from credit cards, it doesn't seem like it could do much more than what an Android phone could do with an NFC credit card reader app. Anyone skimming credit cards would still require the CVV code and other address details in order to put through a transaction.

This comes along from a bad string of events that has hit the Flipper Zero team. A while back PayPal froze 1.3M of its cash, requiring them to retain lawyers to force PayPal to partially release the funds. US customs then proceeded to seize its US bound shipment for inspection, then to throw salt in the wound, after releasing the goods they were billed $70,000 in storage fees for the pleasure of requiring inspection.

There are also reports of eBay banning the sale of Flipper Zero devices citing 'hacking' devices not being allowed on their platform.

The Brazilian National Telecommunications Agency has also begun seizing imports of Flipper Zero devices.

Flipper Zero is an affordable handheld RF device for pentesters and hackers. It is not based on SDR technology, however it uses a CC1101 chip, a digitally controlled RX/TX radio that is capable of demodulating and modulating many common digital modulations such as OOK/ASK/FSK/GFSK/MSK at frequencies below 1 GHz. 

The CC1101 chip has been around since 2007, and there are many similar devices making use of the chip. However, the Flipper Zero is specifically marketed as a pentesting and hacking device, and provides built in software for doing things like replay attacks. 

Part of the problem with the bans may also be the huge popularity that the device has received. The device has become exceedingly popular on social media sites like TikTok where users often show it being used mischievously.

Flipper Zero remains available for sale on its website flipperzero.one, for US$169.

Inside the Flipper Zero

Linus Tech Tips Reviews the Flipper Zero

The Flipper Zero is an affordable handheld RF device for pentesters and hackers. It is not based on SDR technology, however it uses a CC1101 chip, a digitally controlled RX/TX radio that is capable of demodulating and modulating many common digital modulations such as OOK/ASK/FSK/GFSK/MSK at frequencies below 1 GHz. 

What sets it apart from most of the other CC1101 devices is the high level of software support built into it, the enthusiastic community and of course the branding. 

Back in August 2020 we initially posted about the Flipper Zero starting its crowdfunding campaign on Kickstarter. Since then, despite major business problems like PayPal freezing 1.3M of its cash, and US customs temporarily seizing its shipments, then passing a $70,000 bill on to them for storage fees, Flipper has gained huge popularity through social media video sites like TikTok, where people show off its capabilities, often in ways that could be considered mischievous.

Recently over on YouTube, Linus from the most popular technology YouTube channel Linus Tech Tips reviewed the Flipper Zero. In the video Linus discusses the legally and morality of the Flipper Zero, and discusses some use cases around RFID and NFC.

This Makes Hacking TOO Easy - Flipper Zero

Flipper Zero Crowdfunding: An Open Source RF Pen Testing Tool For Hackers

Flipper Zero isn't an SDR, but it is an interesting RF capable pentesting tool that is currently being crowdfunded, and we think it deserves a post. Based on a TI CC1101 transceiver chip, the Flipper Zero has a sub 1-GHz radio capable of doing things like emulating a garage door remote, transmitting digital signals like OOK/ASK/FSK/GFSK/MSK at 315/433/866 MHz, analyzing and decoding popular remote control algorithms like Keeloq, and reading and emulating 125 kHz RFID tags. And as the crowd funding stretch goals have already been reached, the hardware will also include a Bluetooth and NFC module.

In addition to the RF features, it has a 1-wire iButton/TouchMemory/Dallas key reader, can function as a U2F security token, has an infrared transceiver with learning feature for emulating IR remotes and has 12 5V tolerant GPIO pins available for expansion with modules such as interfaces, sensors, wireless modules and cellular modems. It can also emulate a USB slave device like a keyboard allowing you to deploy a keyboard payload.

Flipper Zero currently costs US$119 however it will soon jump to US$129 once the early bird special runs out. At the time of this post they already have 13,000 backers and have raised in excess of 2.5 million dollars. There is still 25 days left in the campaign.

Flipper Zero