Sign in Subscribe
lab

🔬 Flipper Zero

living out our rainy, neon-drenched cyber dreams

Welcome to the latest Hiro Lab. As you may remember, the Hiro Lab is a dark corner of the Hiro Report’s subterranean headquarters where I test exotic technologies that may or may not be appropriate for sharing with the broader public. These could be devices that are dangerous, have security or privacy issues, or are of dubious value. Please remember these are not formal reviews but rather informal first impressions. The goal is to determine whether these items are safe to leave the Lab for the average user.

The Flipper Zero launched in August 2020 on Kickstarter, advertising itself as the Swiss Army knife of hacking tools. It went on to gather $4.8 million in pledges and eventually started arriving in the hands of backers a year and a half later. Despite being one of the most successful Kickstarter projects of all time—and a fantastic tool for both cybersecurity researchers and technology hobbyists—it’s been banned in Brazil, kicked off Amazon’s U.S. store, and has had shipments seized by customs authorities all around the world.

Is this device too dangerous to own? Should it be let out of the Lab? Read on to find out.

Performance

I won’t extol all the capabilities of the Flipper Zero here. In fact, I’m not particularly qualified to explain it's many functionalities—I’m an enthusiastic tech geek, but far from the l33t hax0r I aspire to be in my rainy, neon-drenched cyber dreams. That said, I’ve put it through its paces as an RF cloner and NFC cloner and experimented with various forms of Bluetooth- and Wi-Fi-based shenanigans.

I can say it definitely works as advertised. I particularly appreciate that the creators have gone out of their way to make it approachable for noobs and aspirants like myself. Not only is there a large online community generating new applets for the Flipper Zero, but the developers also provide great mobile and desktop apps where you can download new capabilities or front ends for existing ones.

While one of the most viral applications of the Flipper Zero is using it to remotely open strangers’ Tesla charging ports as a prank, my most-used applications have been cloning RF signals to control random TV’s at will and cloning my Nintendo Amiibos so I don’t have to carry little figurines around when I want to travel with my Nintendo Switch. I’ve also successfully used it to jam signals on various test devices I have at home, something I would not have known how to do otherwise—but not something I really find a need to do beyond seeing what the Flipper Zero is capable of.

All of this to say: the technology is good and yet, frankly, I never use the thing. It mostly sits idle in a drawer until I remember it exists and decide to see what new things it can do every year or so. I can’t help but feel disappointed by it. But that’s not the device’s fault. Rather, I just don’t live a lifestyle that requires it for either professional purposes or rebellious shenanigans.

The Catch

So why has this thing been quarantined in the Hiro Lab? Well… in hands much more capable and nefarious than mine, the Flipper Zero can do an impressive amount of damage and/or illegal things. This is why it has so many governments and police departments around the world collectively freaked out. It can be used for perfectly valid cybersecurity research as well as completely mundane tasks like replacing a lost remote control. But it can also be used to clone ID badges, skim credit cards, and perform Bluetooth and Wi-Fi jamming attacks. This makes it an easy target for law enforcement and customs seizures.

Beyond what it’s capable of inflicting on others, I’m also wary of my own systems and network getting compromised when I play with it—either through stupidity on my part or perhaps even bad actors in the device’s supply chain. That’s admittedly a paranoid and probably uninformed concern, but it’s always in the back of my mind, especially when connecting it to my phone or laptop.

Despite my paranoia, I don’t think the Flipper Zero merits  all the panicked hubbub. The Flipper Zero is a tool, and like many other tools it can be used for good or bad, and it’s not the only way to carry out a lot of the hacks it enables. In fact, there are plenty of other devices like the ESP32 Marauder that replicate many of its features, yet remain off law enforcement’s radar—probably because they’re not nearly as well-branded. 

I’m inclined to say, while this is a potentially dangerous tool, it’s not enough to keep it quarantined in the Lab… but that doesn’t mean I recommend it to most people. Every time I see the Flipper Zero mentioned online, I see a chorus of non-technical people saying how tempted they are to get one but they’re not sure how they’d actually use it. As cool as the thing looks, I think they should listen to their inner voice of doubt.

I didn’t have a clear use case in mind when I bought mine, and sure enough, it has become a very pretty and esoteric paperweight. I’d argue most people who aren’t already well-versed in offensive cybersecurity would be better off spending the money on an online course in pentesting or red teaming rather than buying this device. So while I am not going to quarantine this device in the lab, chances are it’ll stay gathering dust in my drawer.

—Hiro

Read next

Comments ()