The Flipper Zero generated more media coverage per capability than almost any security tool in recent memory. Coverage ranged from breathless warnings about a device that could steal cars and clone credit cards, to dismissive takes from experienced researchers who viewed it as an overpriced toy. The reality sits between those positions, and understanding where it is genuinely useful requires separating the marketing from the actual attack surface.
What the Flipper Zero Actually Is
The Flipper Zero is a handheld multi-tool for wireless protocol research and hardware interaction. It ships with hardware support for:
- Sub-1 GHz radio (300-928 MHz) for reading, recording, and transmitting remote control and access control signals
- NFC (13.56 MHz) for reading and emulating NFC cards
- 125 kHz RFID for reading and emulating low-frequency access cards
- Infrared transmitter and receiver
- iButton (contact-based key system) reading and emulation
- GPIO pins for hardware interaction
- USB and Bluetooth connectivity
The device runs open firmware that has been actively developed by the community, adding capabilities beyond the factory configuration. It is small (fits in a pocket), battery-powered, and designed to be approachable for non-specialists.
What It’s Genuinely Good For
Sub-GHz signal capture and replay. The most practically useful capability. Many garage door openers, gate remotes, and older remote systems use fixed-code transmission at sub-1 GHz frequencies. The Flipper can record these signals and replay them. This is legitimate research tool territory — testing whether your own access control systems use fixed codes is a real security assessment.
125 kHz RFID research. The Flipper reads and clones EM4100, HID Prox, and other 125 kHz card formats used in access control systems. These are legacy formats that have been known to be insecure for over a decade. The Flipper makes demonstrating this insecurity accessible — which is useful for convincing facilities managers that their card readers need replacement.
NFC reading and emulation. Reading NFC card data and emulating NFC tags has research value. The Flipper does not clone payment cards or break NFC encryption — this was a frequently misrepresented claim. Standard contactless payment cards use dynamic cryptography that makes simple replay attacks ineffective.
Infrared universal remote. Effectively a programmable universal remote that can learn and transmit IR signals. Useful for turning off TVs in public spaces, which is a party trick, or for testing IR-controlled systems in an assessment context.
Hardware interface. The GPIO pins allow the Flipper to interact with hardware — I2C, SPI, UART interfaces — making it useful for embedded hardware research when combined with appropriate knowledge.
What It Cannot Do
Clone modern contactless payment cards. EMV contactless payment (Visa, Mastercard tap-to-pay) uses dynamic authentication codes that are single-use. Capturing the transaction data from a tap does not produce a usable clone.
Break rolling-code systems. Modern garage doors and gate systems use rolling codes (KeeLoq and similar), where each button press uses a different code. The Flipper cannot replay these — the captured code has already been used. The media coverage of “car theft with Flipper” largely conflated older fixed-code systems (vulnerable) with modern rolling-code systems (not vulnerable to simple replay).
Penetrate Mifare Classic with full encryption. While Flipper has tools for some Mifare Classic attacks, fully encrypted modern NFC systems are not simply bypassed.
Replace purpose-built tools. For serious NFC research, the Proxmark3 has more capability. For sub-GHz research requiring precision, the HackRF has dramatically wider frequency range. The Flipper is a generalist with convenience as its primary advantage.
The Custom Firmware Question
The Unleashed and Roguemaster firmware builds significantly expand what the Flipper can do — particularly for sub-GHz frequency ranges blocked in the official firmware. Running custom firmware is legal on hardware you own for research purposes, but the expanded capabilities come with increased responsibility around what you actually do with them.
Practical Assessment
For a security professional, the Flipper is a legitimately useful pocket tool for access control assessments, quick RFID reads, and client demonstrations of legacy system vulnerabilities. The form factor — small, non-threatening, explains itself with a dolphin animation — makes it useful in client-facing contexts where a laptop full of tools might create the wrong impression.
For someone learning hardware and wireless security, it is a reasonable entry point that covers multiple protocols in one device with accessible documentation and an active community.
For the concerns raised in media coverage — car theft, payment card cloning, hacking everything wirelessly — the device does not deliver on those claims for modern systems. The vulnerabilities it demonstrates are real, but they are vulnerabilities in legacy equipment, not in current-generation technology.
2026 Status: Firmware, Regulation, and What Changed
Firmware 1.0 stable. The first stable release designation, shipping in 2026. Notable changes: battery life extended to approximately one month, a new update subsystem via Android and iOS apps, improved Sub-GHz performance, expanded IR libraries, and more reliable cloud backup of saved signals and settings.
Momentum firmware. Momentum has emerged as the leading alternative to Unleashed for users wanting expanded capabilities with maintained stability. Notable additions include lock-on-boot, PIN reset on failed entries, and expanded Sub-GHz frequency access beyond stock firmware restrictions.
The regulatory picture in 2026. Amazon continues to prohibit Flipper Zero sales, citing card-skimming device policies — despite the device not functioning as a skimmer against modern payment systems. Brazil has effectively banned it, with Anatel refusing certification. Canada clarified that usage restrictions (not ownership bans) are the likely approach. The United States has not enacted any ban. The legal situation varies by jurisdiction; verify local regulations before importing.
Get the hardware: The Flipper Zero is available on Amazon. For deeper sub-GHz and RF research, the HackRF One is the purpose-built tool for wider frequency coverage.
Sources:
- Flipper Zero official documentation — flipperzero.one
- Unleashed firmware GitHub — github.com/DarkFlippers/unleashed-firmware
- DEF CON 2023, multiple Flipper Zero research presentations
- KeeLoq rolling code analysis — Microchip Technology