Blog //

Flipper Zero: A Threat to Your Business or a Novelty Gimmick?

19 February 2025 // 5 Min Read

By now, you may have heard of the Flipper Zero, a portable, handheld device often hailed as a “Swiss army knife” for radio frequency (RF) hacking. This affordable and accessible piece of hardware has gained popularity on social media platforms, with videos showcasing users performing pranks like opening Tesla charging ports and altering petrol prices at pumps. While many of these examples are clearly exaggerated or fabricated, given the limitations of the device and the security measures in place for modern RF protocols, the Flipper Zero still boasts a range of capabilities that could pose real risks to your business.

flipper Zero blog image

What is the Flipper Zero and What Can It Do?

The Flipper Zero is not groundbreaking technology—its functions have been achievable with other devices for years. However, its compact form and user-friendly interface make it far more accessible to those with limited technical expertise. This ease of use allows individuals to perform attacks that would otherwise require specialised knowledge and expensive tools, such as Software Defined Radios (SDRs) or RFID interaction devices like the Proxmark.

While the Flipper Zero’s capabilities are extensive and can be expanded through custom firmware and hardware modifications, there are three primary functions that pose the greatest risks to businesses:

  • RFID Attacks
  • Wi-Fi Attacks
  • BadUSB Attacks

These attacks can be mitigated with the right configurations and security practices. By implementing appropriate controls, you can drastically reduce the chances of a successful attack using this device.

spacer

RFID Attacks

The Flipper Zero offers a wide range of RFID capabilities. It can scan reader frequencies, read and write from access cards (allowing for cloning), and even perform brute-force attacks on card readers. Many access control systems, especially older ones, are vulnerable due to weak or outdated protocols. This is why physical security assessments must address these potential weaknesses.

To protect your systems against RFID attacks, consider the following recommendations:

  • Avoid relying solely on the UID (Unique Identifier) of the card for user authentication, as the UID can be easily read and spoofed by the Flipper.
  • Implement encryption and password protection on card sectors wherever possible, which can significantly reduce the success of cloning attacks.
  • Do not use default keys for card sectors, as these can be easily exploited in brute-force attacks.
  • Limit the use of guest passes, ensuring they are configured to only allow access to specific areas, are securely issued, and provided only to trusted individuals.
  • Regularly monitor access card activity to detect irregularities, such as the same card being used in multiple locations simultaneously, which can help identify cloned cards early.
spacer

Wi-Fi Attacks

By adding a plug-and-play board, the Flipper Zero can gain Wi-Fi capabilities, enabling several types of attacks. These include sniffing network traffic, deauthenticating Wi-Fi users (disrupting their access), capturing Wi-Fi handshakes, and creating “evil portals” (rogue access points). These techniques can allow attackers to intercept network traffic or trick users into connecting to a malicious network.

To protect against these attacks:

  • Use a strong, complex password for your Wi-Fi network to make it harder for attackers to crack a captured handshake.
  • Educate users on identifying cloned or malicious portals, which are phishing attacks designed to deceive users into entering company credentials on a fake login page.
  • Always use encrypted protocols, such as WPA3 or WPA2, which limit the visibility of sensitive data in packets sniffed by attackers.
  • Have wired networks as a backup if prolonged deauthentication attacks occur on the Wi-Fi network, ensuring continued access if wireless networks are disrupted.

spacer

BadUSB Attacks

BadUSB devices (often called Rubber Duckys) mimic regular USB drives but behave like keyboards, typing pre-programmed commands at high speeds. These attacks are typically executed on unlocked computers, allowing attackers to quickly execute malicious commands like exfiltrating data, installing backdoors, or deploying malware.

The Flipper Zero can perform these types of attacks as well, though attackers typically rely on USB devices that they physically insert into unlocked machines. The Flipper Zero, being more recognizable, is less likely to be inserted by an attacker. However, it can still be used on unlocked systems where physical access is possible.

To mitigate the risk of BadUSB attacks:

  • Educate users to recognise suspicious USB devices and ensure they never plug in unknown or unverified devices.
  • Ensure that all computers are locked when unattended. This can be enforced via system settings or automated policies.
  • Disable USB ports from interacting with data unless absolutely necessary, particularly on machines that do not require USB access for daily operations.
  • Implement Mobile Device Management (MDM) or Endpoint Detection and Response (EDR) solutions to monitor personal devices connecting to the corporate network.

Conclusion

While the Flipper Zero is often dismissed as a novelty, its capabilities represent a legitimate threat to businesses, especially regarding physical security breaches, network vulnerabilities, and malicious USB attacks. Though it may not be a tool for large-scale cyber attacks, its affordability, accessibility, and ease of use make it a significant concern for businesses without proper security measures.

Fortunately, the risks associated with the Flipper Zero can be minimised with the right protective measures. Strong encryption for RFID systems, secure Wi-Fi protocols, and strict physical access controls are essential to reducing the likelihood of a successful attack. Ultimately, awareness, proactive security strategies, and comprehensive employee training are crucial to mitigating the threats posed by the Flipper Zero and similar devices.

Isaac Jackson Senior pen tester
Written by Isaac Jackson

Isaac Jackson, a seasoned offensive security expert, currently holds the position of Senior Penetration Tester at NormCyber. Proficient in both infrastructure and web application penetration testing, Isaac remains committed to proactively addressing evolving threats. He specialises in crafting exploits for emerging vulnerabilities to facilitate effective client remediation efforts, earning accolades for his payloads, including recognition from esteemed organisations like Hak5. Isaac’s adeptness at uncovering intricate attack pathways within networks empowers Norm’s clients to promptly fortify their infrastructure against potential threats.

Insights //

More of the latest insights & articles.

The Impact of the Data (Use and Access) Bill on Automated Decision-Making and AI

The Impact of the Data (Use and Access) Bill on Automated Decision-Making and AI

Blog

NormCyber Threat Bulletin: 16th April 2025

NormCyber Threat Bulletin: 02nd April 2025

Ransomware payments

New UK rules proposed for Ransomware payments

Blog
Data Protection Made Simple

Data Protection Made Simple: What You Need to Know

Blog
Data Protection with an EoR

Hiring Globally? Here’s What You Need to Know About Data Protection with an EoR

Blog
See All Insights