Cyber Security and The Flipper Zero

The Flipper is marketed as a pen testers playground, but I have yet to address pen testing at all. Now's the time for that.If you haven't read the previous post about RFID, now would be a good time. If you have read that post, you'll know that the Flipper has no chance of getting into much of anything unless it first clones the real key. That's a problem, since people don't typically hand out their key cards fr you to clone just because you say "pretty please." Or do they? I've said it before and I'll say it again, the one consistent weak link in any system is its users. Here's how it might go down in a pen test. You've already cleared everything with the company, you have all your tools, and now its time to get inside the building. Now, a real pen tester would have the real tools, not a toy multi-tool, but lets assume the Flipper is all you've got. You need to physically hold a card to the back of the Flipper for the few seconds needed...

 In my last post, I wrote about the Filler Zero's WiFi Dev Board add-on and what it could do. Since this is a direct continuation of that post, i recommend you read it first if you haven's already. Now, to business. I've discussed how a Flipper user can take down a WiFi network, and that's extremely powerful, but that's only half on what the Flipper's WiFi module can do. Another function is the Rogue Access Point. Basically, any WiFi network is an access point to the internet. A rogue access point looks and can behave the same as a standard access point, but it's run by a third party. Network service providers can freely read much of your network traffic (barring external security, such as a VPN) so having a potentially malicious third party serving as a middle-man for your network traffic is a big problem.  Now, as I'll likely write more about later, the Flipper has a bunch of interesting functions and modules, but they're essentially toy versions o...

 One feature of the Flipper Zero that was quick to catch my attention isn't a core feature at all -- it's an optional add-on offered by the company. In videos demonstrating this module, users push a few buttons and crash WiFi networks, grab network passwords, and generally make network security look like a joke. So, real or fake? There's abstractness or "well, sort of" about this one. The answer is yes, it is real. So, lets take a look.  On the top of the Flipper is an array of GPIO (General Purpose Input-Output) pins. Users can, if they know what they're doing, complete any number of electronics projects by way of these pins, from blinking LED's to more complex projects. The Flipper website sells a WiFi Dev board that fits into these pin slots. Coming in at $29.00 at the time of writing, this ESP32-S2 board is marketed for WiFi debugging purposes. However, by loading the Flipper with Unleashed or Xtreme (a quick and relatively easy process), this WiFi boa...

Somewhat less popular but still viral videos of the Flipper Zero show a user pushing some orange buttons and every cellphone in the room going haywire. Their users look about, confused by this unforeseen turn of events. Meanwhile, the perpetrator laughs to himself. So, is this real or more wannabe malarkey? Yeah, it's mostly real.  The Flipper comes equipped with a Bluetooth module. This module can do quite a few things, but I haven't done most of them, so I'll only write about what I know. In the case of the above story, the Flipper is sending out Bluetooth pairing requests on all points on the Bluetooth spectrum. The cellphones take these requests at face value and send a notification to the user that a device (usually headphone, earbuds, airpods, etc) is trying to connect. The moment the user dismisses this popup, another takes its place, and then another, and another, until either the Flipper user has had his fun or the unfortunate victims manage to turn of their phones...

 One feature of the Flipper Zero has gone largely unnoticed online, despite being (in my opinion) the first one with real potential for abuse. That's BadUSB. While other functionalities are certainly interesting and are fully capable of some nasty stuff in the wrong hands, few seem to lend themselves so well to malicious -- or at least invasive -- purposes. Hak5 industries released their "Rubber Ducky" some years ago. That was the first BadUSB device that came to my attention. Basically, you plug it into a computer and it runs a pre-loaded command line script. With the Flipper, you just attach it to a computer by way of a USB cable, select your script of choice, execute, and do much the same thing. So, just what can a BadUSB script do on a computer? The easier question would be "what cant it do?" Just about anything that a user can do on a computer can be executed from a BadUSB, all in a matter of seconds. I mean lightning fast. Want to make your friend's de...

 One of the more harmless but also immediately eye-catching features of the flipper is infrared transceiver. This module allows the user to send and receive light in the infrared light spectrum, the same spectrum used by TV remotes among other things. From the beginning, videos of chuckling teens muting TVs at sports bars, changing the channel in waiting rooms, and turning off the menu screens at fast food joints have been flooding the internet. So how much of this is real and how much is fiction? Well, this one is largely true, even if it's not quite as simple as the videos say. You see, in much the same way as some of the other modules I've written about can copy a code and emulate it, the infrared can do the same thing. However, unlike key cards, TVs almost universally use a set of default codes, hence the existence of universal remotes. Anyone with a Flipper can easily set it to run through these default codes to change the channel, mute, or completely turn off a TV. In may...