1
00:00:00,080 --> 00:00:06,440
it looks like a children's toy but it's actually one of the most versatile

2
00:00:04,160 --> 00:00:09,880
hacking tools to ever hit the market and if you've been on Tik Tok in the last 6

3
00:00:08,000 --> 00:00:13,679
months there's a good chance you've seen people using it to change gas station

4
00:00:11,719 --> 00:00:18,400
signs set off department store PA systems and open up Tesla charging ports

5
00:00:16,119 --> 00:00:23,560
it's been deemed so nefarious that even though it is legal shipments have been

6
00:00:20,240 --> 00:00:25,720
seized in the US Brazil and Israel which

7
00:00:23,560 --> 00:00:30,560
kind of makes sense because out of the box The Flipper zero can read and

8
00:00:27,640 --> 00:00:35,719
emulate NFC rfad infrared and ey button devices and even more worrisome is its

9
00:00:33,040 --> 00:00:40,160
ability to read and emulate sub gz frequencies like the ones used in car

10
00:00:38,160 --> 00:00:45,600
keys garage doors motion sensors doorbells and more rest assured if

11
00:00:43,399 --> 00:00:50,920
there's a wireless device this thing can find a way to attack it disrupt it or

12
00:00:48,000 --> 00:00:55,840
become it which seems concerning right but does it actually pose a risk to

13
00:00:53,440 --> 00:00:59,640
society or is the hysteria simply a knee-jerk reaction from the uninformed

14
00:00:57,960 --> 00:01:03,160
when we're done with the flipper zero you're going to know what's true and

15
00:01:01,640 --> 00:01:08,799
what is hazardous clickbait misinformation you'll also know about

16
00:01:05,000 --> 00:01:10,640
our sponsor build Redux hey Gamers tired

17
00:01:08,799 --> 00:01:14,439
of choppy performance and inconsistent frame rates level up your gaming

18
00:01:12,600 --> 00:01:18,439
experience with build Redux they'll have your new pc built and shipped directly

19
00:01:16,640 --> 00:01:21,759
to your doorstep check them out at the link in the video description the fact

20
00:01:20,560 --> 00:01:27,560
of the matter is that once you cut through the marketing in the fud the actual capabilities of The Flipper zero

21
00:01:25,400 --> 00:01:31,920
are not only limited but can almost entirely be replicated using an Arduino

22
00:01:29,680 --> 00:01:36,520
or Raspberry Pi along with readily available add-on boards take for example

23
00:01:34,159 --> 00:01:40,520
the sub gigahertz transceiver feature which mischievous folks are using to

24
00:01:38,240 --> 00:01:43,799
change gas signs open locks and Gates and set off customer service

25
00:01:41,720 --> 00:01:47,240
announcements in Walgreens customer service needed in the cough and cold

26
00:01:45,520 --> 00:01:50,960
Department according to Flippers documentation sub gigz is handled by the

27
00:01:49,680 --> 00:01:55,920
Texas instrument cc101 a chip that's been around since at

28
00:01:53,439 --> 00:01:59,439
least 2007 and can be purchased on Amazon complete with antenna breakout

29
00:01:57,719 --> 00:02:03,159
board and free shipping for less than $10

30
00:02:00,719 --> 00:02:07,719
so is it bad that any slack JW yokal can go around changing the price shown on

31
00:02:04,799 --> 00:02:11,720
gas station signs well probably but let's look at the bigger picture here if

32
00:02:09,479 --> 00:02:15,599
you owned a gas station would you rather some kid came along and pranked your

33
00:02:13,520 --> 00:02:19,800
sign in a totally reversible manner or would you rather that the vulnerability

34
00:02:17,480 --> 00:02:24,400
was exploited by someone else someone with the kind of skills to take that $10

35
00:02:21,959 --> 00:02:28,680
Amazon purchase and turn it into a far more costly incident speaking from

36
00:02:26,400 --> 00:02:33,000
recent personal experience I'll take the mostly harmless reminder to harden my

37
00:02:30,599 --> 00:02:37,480
security 8 days out of the week the good news is that the remedy is relatively

38
00:02:35,080 --> 00:02:42,080
simple instead of sending the same code each time for a particular action a

39
00:02:39,440 --> 00:02:46,040
rolling Code system uses its keyh and counter to cryptographically generate a

40
00:02:44,200 --> 00:02:50,800
new code each time an action is performed the receiver stores a list of

41
00:02:48,319 --> 00:02:55,120
upcoming codes and checks the scent code against those just in case a few were

42
00:02:52,400 --> 00:02:59,920
missed once a code is used it's removed from the list of valid codes and a new

43
00:02:56,840 --> 00:03:02,200
code is generated according to Anna pra

44
00:02:59,920 --> 00:03:08,280
flippers head of sales the zero is specifically designed to not break these

45
00:03:04,799 --> 00:03:10,640
systems problem solved then well sort of

46
00:03:08,280 --> 00:03:14,400
there's bad news too while miss Pros fatova seems proud that flippers moral

47
00:03:13,040 --> 00:03:20,040
code is strict enough that you don't need to worry about your car being stolen with a zero she also points out

48
00:03:18,319 --> 00:03:25,000
that not only can rolling codes be beaten but that if a device that

49
00:03:22,239 --> 00:03:30,280
performed such function existed it would also be legal and while they might not

50
00:03:27,560 --> 00:03:34,239
be as viral she is absolutely right there are plenty of other hacking

51
00:03:32,239 --> 00:03:40,080
gadgets like this one from Great Scott gadgets that do exist can beat rolling

52
00:03:37,080 --> 00:03:43,080
codes and are legal the hack RF was

53
00:03:40,080 --> 00:03:46,080
first demonstrated in 2015 at Defcon and

54
00:03:43,080 --> 00:03:48,400
its party trick is that it can both jam

55
00:03:46,080 --> 00:03:52,760
and read the same RF signals as The Flipper zero this setup allows it to

56
00:03:50,599 --> 00:03:56,760
collect two codes from the transmitter pass one of them along so the target

57
00:03:54,360 --> 00:04:01,400
doesn't get suspicious and then keep the stolen code then as long as it stays in

58
00:03:59,000 --> 00:04:05,760
jamming range it can continue to steal new codes and perform actions against

59
00:04:03,319 --> 00:04:09,720
the target at will or assuming it can steal enough codes you can even make an

60
00:04:07,640 --> 00:04:13,840
attempt at decrypting the key the point here though is not that you shouldn't

61
00:04:11,680 --> 00:04:18,759
bother updating to a rolling Code system but rather that there are much more

62
00:04:16,160 --> 00:04:22,680
sophisticated attacks out there and if the flipper zero was all it took to hack

63
00:04:20,759 --> 00:04:26,840
your main frame you should be grateful for the wakeup call but what about lowf

64
00:04:24,639 --> 00:04:30,880
frequency RFID the kind that might be used to open doors at an apartment

65
00:04:28,600 --> 00:04:35,639
building The Flipper can read save emulate and even brute force them I find

66
00:04:34,000 --> 00:04:40,919
this function pretty unnerving personally in the wrong hands it could

67
00:04:37,720 --> 00:04:43,160
be extremely dangerous or even fatal and

68
00:04:40,919 --> 00:04:47,880
in many cases the victim would have no power to update the security practices

69
00:04:45,160 --> 00:04:51,840
of say the hotel they're staying in or the poorly maintained apartment that

70
00:04:49,360 --> 00:04:56,440
they rent but we've got to remember once again that the flipper zero isn't doing

71
00:04:54,080 --> 00:05:00,759
anything particularly gamechanging here other than alerting us to the

72
00:04:58,240 --> 00:05:05,199
availability of the these tools as a method of copying tags The Flipper zero

73
00:05:03,080 --> 00:05:10,080
is only useful if there's either very old encryption or none at all if you

74
00:05:07,759 --> 00:05:14,280
were worried about something more modern like the RFID on your passport getting

75
00:05:11,919 --> 00:05:18,280
stolen it's probably not an issue since that's encrypted it should be noted that

76
00:05:16,160 --> 00:05:21,759
the key is the passports document number expiry date and date of birth which is

77
00:05:20,160 --> 00:05:28,039
why you should always keep your passport in a safe place like the RFID blocking

78
00:05:24,919 --> 00:05:29,880
pocket of the LTT backpack LTT Store.com

79
00:05:28,039 --> 00:05:35,160
now I know I said that it can brute for RFID locks as well thankfully most RFID

80
00:05:32,840 --> 00:05:39,360
readers only read every few seconds as a way to combat this sort of attack so if

81
00:05:37,120 --> 00:05:43,080
you were to see a flipper zero used to crack the vault in a movie Heist you

82
00:05:41,600 --> 00:05:47,440
would know that the writers are taking some artistic Liberties one thing the

83
00:05:45,039 --> 00:05:52,039
RFID reader is quite useful for though is reading pet microchips while they may

84
00:05:50,199 --> 00:05:55,840
sometimes be encrypted it's not uncommon for them to just be raw data and most

85
00:05:54,240 --> 00:05:59,880
countries that use them have some sort of central database these databases

86
00:05:57,919 --> 00:06:03,280
probably won't tell you any owner info but they will at least tell you what

87
00:06:01,240 --> 00:06:09,000
agency to get in contact with to get a Lost Pet back to its family yay now NFC

88
00:06:06,800 --> 00:06:14,880
is a subset of RFID though at higher frequencies and The Flipper zero can

89
00:06:11,319 --> 00:06:17,199
read write and emulate NFC as well as

90
00:06:14,880 --> 00:06:21,080
before the zero then can hack devices that are using older encryption like

91
00:06:19,080 --> 00:06:25,199
meair classic but if you present it with anything newer it won't be useful for

92
00:06:23,000 --> 00:06:28,840
much one exception to that though is tap to pay credit cards which will spit out

93
00:06:26,880 --> 00:06:33,319
a fair bit of easily readable information though it shouldn't include

94
00:06:30,840 --> 00:06:37,919
the postal or zip code card holder name or CVV so the attacker will likely also

95
00:06:36,000 --> 00:06:42,120
need access to the physical card in order to actually use it by which point

96
00:06:40,319 --> 00:06:45,840
they might as well just snap a picture rather than use a high-tech doohickey

97
00:06:44,039 --> 00:06:49,319
it's even less of a danger reading a tap to pay credit card on someone's phone

98
00:06:47,599 --> 00:06:53,720
since banking apps typically add an extra security layer by generating a new

99
00:06:51,599 --> 00:06:57,919
number for each payment similarly things like Transit cards will only allow you

100
00:06:55,360 --> 00:07:01,319
to read the uid not the full contents required for it to be usable Transit

101
00:06:59,639 --> 00:07:04,960
systems that do have security flaws related to their NFC are often quick to

102
00:07:03,319 --> 00:07:09,280
patch it to as happened here in Vancouver when trans links tap to pay

103
00:07:06,960 --> 00:07:12,720
system rolled out in 2016 the ability to rewrite single-use cards was being

104
00:07:11,080 --> 00:07:16,840
exploited by people who were using their Android's NFC system if you've got a

105
00:07:15,039 --> 00:07:21,400
Nintendo switch you might find one good use case for the NFC is to emulate

106
00:07:18,840 --> 00:07:25,599
amiibos but once again you can get similar functionality with an Android

107
00:07:23,400 --> 00:07:30,000
phone this time by using a bunch of single-use NFC 215 tags that can be

108
00:07:27,879 --> 00:07:34,039
purchased for about 30 cents a pop on Amazon another functionality you could

109
00:07:32,160 --> 00:07:38,800
get with the flipper zero but could also get with an Android device is bad USB if

110
00:07:36,800 --> 00:07:43,720
you've seen our video on the USB rubber ducky bad USB is very similar it's a

111
00:07:41,840 --> 00:07:48,159
keyboard emulator that can be used to stealthily execute macros and scripts on

112
00:07:45,840 --> 00:07:51,879
a Target device using an unlicensed version of the ducky script coding

113
00:07:49,840 --> 00:07:56,159
language when we spoke to jacobe the creator of the largest bad USB repo on

114
00:07:54,199 --> 00:08:00,080
GitHub as well as the top contributor to the payload hub for the rubber ducky

115
00:07:58,039 --> 00:08:04,080
they said when compared against something like the rubber ducky or the

116
00:08:01,680 --> 00:08:08,720
OMG cable The Flipper zero doesn't stand a chance as far as performance goes but

117
00:08:06,879 --> 00:08:12,680
if you could plug it in behind someone's setup it could be controlled with your

118
00:08:10,520 --> 00:08:16,400
phone and then the danger rating is no longer determined by the device itself

119
00:08:14,759 --> 00:08:20,720
but rather by the creativity of the thread actor Ah that's an interesting

120
00:08:18,879 --> 00:08:24,440
and important point we're already recognizing this pattern where anything

121
00:08:22,560 --> 00:08:29,000
The Flipper zero can do something else can do and may be better but it's the

122
00:08:26,639 --> 00:08:33,599
versatility that sets it apart The Flipper Z can be controlled remotely

123
00:08:31,360 --> 00:08:37,719
from both phones and computers using their extremely slick apps Q flipper

124
00:08:36,159 --> 00:08:41,640
also works on the steam deck as demonstrated in this Reddit post by the

125
00:08:39,360 --> 00:08:46,279
flipper zero CEO while this type of Wireless attack could be dangerous on

126
00:08:43,519 --> 00:08:50,519
its own a particularly ingenious nerell could take things much further with the

127
00:08:48,240 --> 00:08:56,200
Zero's general purpose in and out pins through gpio add-on boards can be used

128
00:08:53,240 --> 00:09:02,600
to tack on features like Wi-Fi a camera or 2.4 GHz RF it just so happens that

129
00:08:59,560 --> 00:09:05,079
Logitech unifying receivers also use 2.4

130
00:09:02,600 --> 00:09:10,360
GHz RF signals with the addition then of less than $5 worth of electronics the

131
00:09:07,720 --> 00:09:15,079
zero is able to connect to Old unpatched Logitech receivers and execute bad USB

132
00:09:13,040 --> 00:09:20,160
ducky script without ever having to touch the computer that's a big yikes

133
00:09:18,040 --> 00:09:27,640
but it still doesn't change our main point so could a pie or an Arduino or

134
00:09:23,880 --> 00:09:29,200
realistically an Android phone so yes

135
00:09:27,640 --> 00:09:33,640
the sky is the limit when it comes to the capabilities of a microcontroller

136
00:09:31,200 --> 00:09:37,519
into a robust gpio system I mean we've seen Geer counters light meters

137
00:09:35,440 --> 00:09:41,680
ultrasonic distance sensors and there's plenty of people working on new

138
00:09:38,760 --> 00:09:46,640
additions but the device is not the danger it's the Ingenuity of people and

139
00:09:44,959 --> 00:09:50,200
the power of the community that flipper devices Inc has built around their

140
00:09:48,600 --> 00:09:54,000
particular Gadget I mean it's an incredible success story starting out as

141
00:09:52,040 --> 00:09:59,640
a Kickstarter campaign The Flipper zero raised $5 million and then this is the

142
00:09:57,440 --> 00:10:03,680
really shocking part delivered fully on its promises not only did The Flipper

143
00:10:01,760 --> 00:10:07,399
team Peak the interest of tens of thousands of people they fostered a

144
00:10:05,600 --> 00:10:12,000
community that's willing to innovate and evangelize which has pushed their Niche

145
00:10:09,600 --> 00:10:15,880
Gadget into the mainstream Spotlight and turned it into a true Swiss army knife

146
00:10:14,040 --> 00:10:20,160
of hacking devices and if the current momentum is any indication new add-ons

147
00:10:18,399 --> 00:10:24,880
programs and custom firmware are going to continue to extend the lifespan and

148
00:10:22,600 --> 00:10:29,800
utility of the device as time goes on is it as good for gaming as a Nintendo

149
00:10:26,440 --> 00:10:33,800
switch as stealthy as a rubber ducky as

150
00:10:29,800 --> 00:10:36,680
aoral as a hack rf1 no but for something

151
00:10:33,800 --> 00:10:41,200
so pocketable it is shockingly decent at all of these things without crossing the

152
00:10:38,959 --> 00:10:44,560
line into illegality whatever scary stories might have been told by

153
00:10:42,480 --> 00:10:49,079
sensationalist media personalities from our point of view then the flipper zero

154
00:10:46,399 --> 00:10:54,519
has the potential for mischief and much worse but it also has legitimate uses

155
00:10:51,959 --> 00:10:57,800
the best of which is to find out if you're vulnerable to attacks that would

156
00:10:56,079 --> 00:11:02,480
cost a determined Butthead less than a 4K monthly subscription to Floatplane

157
00:11:00,160 --> 00:11:06,240
without actually getting hit by them then once you're sure you're safe from

158
00:11:04,079 --> 00:11:10,920
the plethora of basic vectors that it can perform well you still have yourself

159
00:11:08,639 --> 00:11:16,079
a cute little electronic dolphin friend that can play Doom uh what it can't do

160
00:11:13,560 --> 00:11:19,760
yet though is segue to our sponsor Squarespace if you want to build a brand

161
00:11:17,839 --> 00:11:22,480
online you need a website but if you just learned how to turn on the little

162
00:11:21,120 --> 00:11:27,560
flashlight on your phone how are you going to build a whole website well Squarespace can help they're the

163
00:11:25,120 --> 00:11:30,320
One-Stop No Frills allinone platform for expanding your presence on the internet

164
00:11:28,920 --> 00:11:33,880
squ space lets you build beautiful websites engage with your audience and

165
00:11:32,200 --> 00:11:37,040
sell anything and everything from products to content without needing to

166
00:11:35,560 --> 00:11:41,079
spend four years getting a website building degree we love Squarespace so

167
00:11:38,959 --> 00:11:44,959
much we use it here at LMG for LTX Expo and linusmediagroup tocom and it custom

168
00:11:43,160 --> 00:11:48,279
templates make it easy to stand out with a plethora of themes and customization

169
00:11:46,800 --> 00:11:52,120
options to fit your needs you can maximize your visibility thanks to a

170
00:11:50,000 --> 00:11:55,519
suite of integrated SEO features there's also analytic insights to help you

171
00:11:54,040 --> 00:12:00,200
optimize for performance so you can see what's working well and What needs tweaking get started today and head to

172
00:11:58,639 --> 00:12:04,279
Squarespace /lt to get 10% off your first purchase

173
00:12:02,920 --> 00:12:08,120
if you enjoyed this video check out the shenanigans we got into with the USB

174
00:12:06,279 --> 00:12:12,800
rubber ducky why are these devices so cutely named when they're so Insidious