Flipper Zero: The Tamagotchi lookalike that can hack your Wi-Fi

If you don’t know what the Flipper Zero is, you might mistake it for a McDonald's toy from the 90s. The pixelated pet dolphin that resides in the UI bears a striking resemblance to a Tamagotchi, but it’s so much more than that.

The Flipper Zero is a Swiss Army Knife for hackers. It can operate your smart home, clone your apartment or car fob, and even scroll TikTok for you. No cause for alarm, right? Wrong. With the right firmware and some cyber security knowledge, it can lock iPhones, hack into Wi-Fi, and install malware on your computer. 

Reading, storing, and emulating the data sent by wireless signals is core to the Flipper Zero. While it can recreate the signal sent by your apartment or hotel key fob, most modern security cameras (like Ring and Nest) use rolling security codes. This means a new signal is generated with each use, so it can’t be stored or emulated by devices like the Flipper Zero. This is true of most modern garage and car clickers too. So no, unless the car was manufactured before the mid-90s, this device won't allow you to live out your grand theft auto dreams.

While the Flipper Zero can be used for criminal purposes, we’d be remiss if we didn’t mention the harmless (and fun) things it can do.

The Flipper Zero makes it easy to interact with surrounding frequencies and wireless signals. It can function as a TV remote, a carbon dioxide sensor, and a remote for any game or device with a controller. Computer keyboards, mice, and Nintendo Switch Joy-Cons can all be controlled via the Flipper Zero.

The Flipper Zero can also scan radio-frequency identification (RFID) chips. This technology is most often used to keep track of livestock and inventory during supply chain logistics. Like a barcode, the data from the ID is scanned and uploaded to a database. 

Your pet’s microchip uses RFID. If your furry family member escapes, the vet clinic will scan the chip to bring up your contact details and your pet’s medical history. With a Flipper Zero, you can scan their chip if you know where it’s been implanted.

Scanning your pet’s microchip can also tell you if they’re coming down with a cold. If their microchip is a Thermochip, the Flipper Zero can read the tag and tell you their temperature. Since this brand of microchip contains a temperature biosensor, scanning its ID tag will help you determine whether or not you need to see a vet. 

In professional settings, the Flipper Zero is used for penetration testing. Also known as pen testing, this practice mimics the behaviour of hackers so cyber security experts can identify and patch any vulnerabilities in a security system. You can do the same, and use it to see how secure your doorbell, garage door, and smart locks truly are. You’ll need some cybersecurity knowledge and the Wi-Fi Developer board available on Flipper Zero’s website.

If you're looking to up your security, you can use the Flipper Zero's USB as a universal 2nd-factor (U2F) key. Think of it as a safer, stronger, physical version of two-factor authentication (2FA). 

Flipper Zero has been making headlines for all the wrong reasons. Bluetooth attacks, concerns over car hijacking, and a prospective ban by the Canadian government. Yikes. Even though the Flipper Zero isn’t inherently bad, it can spell serious trouble if this device falls into the wrong hands. 

As mentioned previously, the Flipper Zero can read RFID chips. Unfortunately, that means if you have a fob or keycard that opens a door (like that of your apartment or hotel room), the Flipper Zero can clone it. So, if your fob falls into the hands of someone who owns a Flipper Zero, they could now have a key to your apartment. Scary. 

The Flipper Zero may open your garage door, depending on how old it is. Like we debunked the car hijacking situation, newer garage door models have better security and use rolling codes. So unless you live in an ancient heritage-listed home, you don’t have anything to worry about. 

The Flipper Zero can technically read credit cards. This is what got it banned from Amazon. That being said, it can only read the card number, and sometimes the date. What it can’t do is transmit or save this information and read the CVC code. So unless you get lucky with a guess, you won't be able to go on a shopping spree with someone’s credit or debit card.

The Flipper Zero can also function as a BadUSB. This means it can masquerade as a trusted USB and install malware onto your computer, despite any active antivirus or malware protection you might have.

Ding dong ditch, knock and run, thunder and lightning. Whatever name, the game’s the same – ringing a doorbell or knocking on the door then bolting. With the Flipper Zero, you can ring a doorbell from a distance. Doing it remotely kind of defeats the purpose, but the option is still there. Ring and Nest doorbell owners rest assured, it only works with older kinds of wireless doorbells. 

If you’re a gamer, you can use a Flipper Zero to clone Nintendo Amiibos. These little plastic figurines are just characters with hidden RFID chips. Scan and emulate the code and send it to your Nintendo Switch.

While some government officials claim Flipper Zero enables malicious hacking, cybersecurity professionals swear by its use and claim it as an ally. In professional settings, it can be used to identify and mitigate vulnerabilities in security systems. Penetration testing allows professionals to understand how hackers act, and how they can best protect networks and organisations from cyber attacks.

The threat Flipper Zero poses is entirely dependent on how it's used. For the vast majority of people, it’s nothing to worry about. The Flipper Zero is not evil in and of itself. In the wrong hands, it can be used to commit crimes. But its use case extends way beyond breaching privacy and installing malware.