The Flipper Zero generated more media coverage per capability than almost any security tool in recent memory. Coverage ranged from breathless warnings about a device that could steal cars and clone credit cards, to dismissive takes from experienced researchers who viewed it as an overpriced toy. The reality sits between those positions, and understanding where it is genuinely useful requires separating the marketing from the actual attack surface.
What the Flipper Zero Actually Is
The Flipper Zero is a handheld multi-tool for wireless protocol research and hardware interaction. It ships with hardware support for:
- Sub-1 GHz radio (300-928 MHz) for reading, recording, and transmitting remote control and access control signals
- NFC (13.56 MHz) for reading and emulating NFC cards
- 125 kHz RFID for reading and emulating low-frequency access cards
- Infrared transmitter and receiver
- iButton (contact-based key system) reading and emulation
- GPIO pins for hardware interaction
- USB and Bluetooth connectivity
The device runs open firmware that has been actively developed by the community, adding capabilities beyond the factory configuration. It is small (fits in a pocket), battery-powered, and designed to be approachable for non-specialists.
What It’s Genuinely Good For
Sub-GHz signal capture and replay. The most practically useful capability. Many garage door openers, gate remotes, and older remote systems use fixed-code transmission at sub-1 GHz frequencies. The Flipper can record these signals and replay them. This is legitimate research tool territory — testing whether your own access control systems use fixed codes is a real security assessment.
125 kHz RFID research. The Flipper reads and clones EM4100, HID Prox, and other 125 kHz card formats used in access control systems. These are legacy formats that have been known to be insecure for over a decade. The Flipper makes demonstrating this insecurity accessible — which is useful for convincing facilities managers that their card readers need replacement.
NFC reading and emulation. Reading NFC card data and emulating NFC tags has research value. The Flipper does not clone payment cards or break NFC encryption — this was a frequently misrepresented claim. Standard contactless payment cards use dynamic cryptography that makes simple replay attacks ineffective.
Infrared universal remote. Effectively a programmable universal remote that can learn and transmit IR signals. Useful for turning off TVs in public spaces, which is a party trick, or for testing IR-controlled systems in an assessment context.
Hardware interface. The GPIO pins allow the Flipper to interact with hardware — I2C, SPI, UART interfaces — making it useful for embedded hardware research when combined with appropriate knowledge.
What It Cannot Do
Clone modern contactless payment cards. EMV contactless payment (Visa, Mastercard tap-to-pay) uses dynamic authentication codes that are single-use. Capturing the transaction data from a tap does not produce a usable clone.
Break rolling-code systems. Modern garage doors and gate systems use rolling codes (KeeLoq and similar), where each button press uses a different code. The Flipper cannot replay these — the captured code has already been used. The media coverage of “car theft with Flipper” largely conflated older fixed-code systems (vulnerable) with modern rolling-code systems (not vulnerable to simple replay).
Penetrate Mifare Classic with full encryption. While Flipper has tools for some Mifare Classic attacks, fully encrypted modern NFC systems are not simply bypassed.
Replace purpose-built tools. For serious NFC research, the Proxmark3 has more capability. For sub-GHz research requiring precision, the HackRF has dramatically wider frequency range. The Flipper is a generalist with convenience as its primary advantage.
The Custom Firmware Question
The Unleashed and Roguemaster firmware builds significantly expand what the Flipper can do — particularly for sub-GHz frequency ranges blocked in the official firmware. Running custom firmware is legal on hardware you own for research purposes, but the expanded capabilities come with increased responsibility around what you actually do with them.
Practical Assessment
For a security professional, the Flipper is a legitimately useful pocket tool for access control assessments, quick RFID reads, and client demonstrations of legacy system vulnerabilities. The form factor — small, non-threatening, explains itself with a dolphin animation — makes it useful in client-facing contexts where a laptop full of tools might create the wrong impression.
For someone learning hardware and wireless security, it is a reasonable entry point that covers multiple protocols in one device with accessible documentation and an active community.
For the concerns raised in media coverage — car theft, payment card cloning, hacking everything wirelessly — the device does not deliver on those claims for modern systems. The vulnerabilities it demonstrates are real, but they are vulnerabilities in legacy equipment, not in current-generation technology.
—
Sources:
- Flipper Zero official documentation — flipperzero.one
- Unleashed firmware GitHub — github.com/DarkFlippers/unleashed-firmware
- DEF CON 2023, multiple Flipper Zero research presentations
- KeeLoq rolling code analysis — Microchip Technology