WEBVTT

00:00:00.080 --> 00:00:06.440
it looks like a children's toy but it's actually one of the most versatile

00:00:04.160 --> 00:00:09.880
hacking tools to ever hit the market and if you've been on Tik Tok in the last 6

00:00:08.000 --> 00:00:13.679
months there's a good chance you've seen people using it to change gas station

00:00:11.719 --> 00:00:18.400
signs set off department store PA systems and open up Tesla charging ports

00:00:16.119 --> 00:00:23.560
it's been deemed so nefarious that even though it is legal shipments have been

00:00:20.240 --> 00:00:25.720
seized in the US Brazil and Israel which

00:00:23.560 --> 00:00:30.560
kind of makes sense because out of the box The Flipper zero can read and

00:00:27.640 --> 00:00:35.719
emulate NFC rfad infrared and ey button devices and even more worrisome is its

00:00:33.040 --> 00:00:40.160
ability to read and emulate sub gz frequencies like the ones used in car

00:00:38.160 --> 00:00:45.600
keys garage doors motion sensors doorbells and more rest assured if

00:00:43.399 --> 00:00:50.920
there's a wireless device this thing can find a way to attack it disrupt it or

00:00:48.000 --> 00:00:55.840
become it which seems concerning right but does it actually pose a risk to

00:00:53.440 --> 00:00:59.640
society or is the hysteria simply a knee-jerk reaction from the uninformed

00:00:57.960 --> 00:01:03.160
when we're done with the flipper zero you're going to know what's true and

00:01:01.640 --> 00:01:08.799
what is hazardous clickbait misinformation you'll also know about

00:01:05.000 --> 00:01:10.640
our sponsor build Redux hey Gamers tired

00:01:08.799 --> 00:01:14.439
of choppy performance and inconsistent frame rates level up your gaming

00:01:12.600 --> 00:01:18.439
experience with build Redux they'll have your new pc built and shipped directly

00:01:16.640 --> 00:01:21.759
to your doorstep check them out at the link in the video description the fact

00:01:20.560 --> 00:01:27.560
of the matter is that once you cut through the marketing in the fud the actual capabilities of The Flipper zero

00:01:25.400 --> 00:01:31.920
are not only limited but can almost entirely be replicated using an Arduino

00:01:29.680 --> 00:01:36.520
or Raspberry Pi along with readily available add-on boards take for example

00:01:34.159 --> 00:01:40.520
the sub gigahertz transceiver feature which mischievous folks are using to

00:01:38.240 --> 00:01:43.799
change gas signs open locks and Gates and set off customer service

00:01:41.720 --> 00:01:47.240
announcements in Walgreens customer service needed in the cough and cold

00:01:45.520 --> 00:01:50.960
Department according to Flippers documentation sub gigz is handled by the

00:01:49.680 --> 00:01:55.920
Texas instrument cc101 a chip that's been around since at

00:01:53.439 --> 00:01:59.439
least 2007 and can be purchased on Amazon complete with antenna breakout

00:01:57.719 --> 00:02:03.159
board and free shipping for less than $10

00:02:00.719 --> 00:02:07.719
so is it bad that any slack JW yokal can go around changing the price shown on

00:02:04.799 --> 00:02:11.720
gas station signs well probably but let's look at the bigger picture here if

00:02:09.479 --> 00:02:15.599
you owned a gas station would you rather some kid came along and pranked your

00:02:13.520 --> 00:02:19.800
sign in a totally reversible manner or would you rather that the vulnerability

00:02:17.480 --> 00:02:24.400
was exploited by someone else someone with the kind of skills to take that $10

00:02:21.959 --> 00:02:28.680
Amazon purchase and turn it into a far more costly incident speaking from

00:02:26.400 --> 00:02:33.000
recent personal experience I'll take the mostly harmless reminder to harden my

00:02:30.599 --> 00:02:37.480
security 8 days out of the week the good news is that the remedy is relatively

00:02:35.080 --> 00:02:42.080
simple instead of sending the same code each time for a particular action a

00:02:39.440 --> 00:02:46.040
rolling Code system uses its keyh and counter to cryptographically generate a

00:02:44.200 --> 00:02:50.800
new code each time an action is performed the receiver stores a list of

00:02:48.319 --> 00:02:55.120
upcoming codes and checks the scent code against those just in case a few were

00:02:52.400 --> 00:02:59.920
missed once a code is used it's removed from the list of valid codes and a new

00:02:56.840 --> 00:03:02.200
code is generated according to Anna pra

00:02:59.920 --> 00:03:08.280
flippers head of sales the zero is specifically designed to not break these

00:03:04.799 --> 00:03:10.640
systems problem solved then well sort of

00:03:08.280 --> 00:03:14.400
there's bad news too while miss Pros fatova seems proud that flippers moral

00:03:13.040 --> 00:03:20.040
code is strict enough that you don't need to worry about your car being stolen with a zero she also points out

00:03:18.319 --> 00:03:25.000
that not only can rolling codes be beaten but that if a device that

00:03:22.239 --> 00:03:30.280
performed such function existed it would also be legal and while they might not

00:03:27.560 --> 00:03:34.239
be as viral she is absolutely right there are plenty of other hacking

00:03:32.239 --> 00:03:40.080
gadgets like this one from Great Scott gadgets that do exist can beat rolling

00:03:37.080 --> 00:03:43.080
codes and are legal the hack RF was

00:03:40.080 --> 00:03:46.080
first demonstrated in 2015 at Defcon and

00:03:43.080 --> 00:03:48.400
its party trick is that it can both jam

00:03:46.080 --> 00:03:52.760
and read the same RF signals as The Flipper zero this setup allows it to

00:03:50.599 --> 00:03:56.760
collect two codes from the transmitter pass one of them along so the target

00:03:54.360 --> 00:04:01.400
doesn't get suspicious and then keep the stolen code then as long as it stays in

00:03:59.000 --> 00:04:05.760
jamming range it can continue to steal new codes and perform actions against

00:04:03.319 --> 00:04:09.720
the target at will or assuming it can steal enough codes you can even make an

00:04:07.640 --> 00:04:13.840
attempt at decrypting the key the point here though is not that you shouldn't

00:04:11.680 --> 00:04:18.759
bother updating to a rolling Code system but rather that there are much more

00:04:16.160 --> 00:04:22.680
sophisticated attacks out there and if the flipper zero was all it took to hack

00:04:20.759 --> 00:04:26.840
your main frame you should be grateful for the wakeup call but what about lowf

00:04:24.639 --> 00:04:30.880
frequency RFID the kind that might be used to open doors at an apartment

00:04:28.600 --> 00:04:35.639
building The Flipper can read save emulate and even brute force them I find

00:04:34.000 --> 00:04:40.919
this function pretty unnerving personally in the wrong hands it could

00:04:37.720 --> 00:04:43.160
be extremely dangerous or even fatal and

00:04:40.919 --> 00:04:47.880
in many cases the victim would have no power to update the security practices

00:04:45.160 --> 00:04:51.840
of say the hotel they're staying in or the poorly maintained apartment that

00:04:49.360 --> 00:04:56.440
they rent but we've got to remember once again that the flipper zero isn't doing

00:04:54.080 --> 00:05:00.759
anything particularly gamechanging here other than alerting us to the

00:04:58.240 --> 00:05:05.199
availability of the these tools as a method of copying tags The Flipper zero

00:05:03.080 --> 00:05:10.080
is only useful if there's either very old encryption or none at all if you

00:05:07.759 --> 00:05:14.280
were worried about something more modern like the RFID on your passport getting

00:05:11.919 --> 00:05:18.280
stolen it's probably not an issue since that's encrypted it should be noted that

00:05:16.160 --> 00:05:21.759
the key is the passports document number expiry date and date of birth which is

00:05:20.160 --> 00:05:28.039
why you should always keep your passport in a safe place like the RFID blocking

00:05:24.919 --> 00:05:29.880
pocket of the LTT backpack LTT Store.com

00:05:28.039 --> 00:05:35.160
now I know I said that it can brute for RFID locks as well thankfully most RFID

00:05:32.840 --> 00:05:39.360
readers only read every few seconds as a way to combat this sort of attack so if

00:05:37.120 --> 00:05:43.080
you were to see a flipper zero used to crack the vault in a movie Heist you

00:05:41.600 --> 00:05:47.440
would know that the writers are taking some artistic Liberties one thing the

00:05:45.039 --> 00:05:52.039
RFID reader is quite useful for though is reading pet microchips while they may

00:05:50.199 --> 00:05:55.840
sometimes be encrypted it's not uncommon for them to just be raw data and most

00:05:54.240 --> 00:05:59.880
countries that use them have some sort of central database these databases

00:05:57.919 --> 00:06:03.280
probably won't tell you any owner info but they will at least tell you what

00:06:01.240 --> 00:06:09.000
agency to get in contact with to get a Lost Pet back to its family yay now NFC

00:06:06.800 --> 00:06:14.880
is a subset of RFID though at higher frequencies and The Flipper zero can

00:06:11.319 --> 00:06:17.199
read write and emulate NFC as well as

00:06:14.880 --> 00:06:21.080
before the zero then can hack devices that are using older encryption like

00:06:19.080 --> 00:06:25.199
meair classic but if you present it with anything newer it won't be useful for

00:06:23.000 --> 00:06:28.840
much one exception to that though is tap to pay credit cards which will spit out

00:06:26.880 --> 00:06:33.319
a fair bit of easily readable information though it shouldn't include

00:06:30.840 --> 00:06:37.919
the postal or zip code card holder name or CVV so the attacker will likely also

00:06:36.000 --> 00:06:42.120
need access to the physical card in order to actually use it by which point

00:06:40.319 --> 00:06:45.840
they might as well just snap a picture rather than use a high-tech doohickey

00:06:44.039 --> 00:06:49.319
it's even less of a danger reading a tap to pay credit card on someone's phone

00:06:47.599 --> 00:06:53.720
since banking apps typically add an extra security layer by generating a new

00:06:51.599 --> 00:06:57.919
number for each payment similarly things like Transit cards will only allow you

00:06:55.360 --> 00:07:01.319
to read the uid not the full contents required for it to be usable Transit

00:06:59.639 --> 00:07:04.960
systems that do have security flaws related to their NFC are often quick to

00:07:03.319 --> 00:07:09.280
patch it to as happened here in Vancouver when trans links tap to pay

00:07:06.960 --> 00:07:12.720
system rolled out in 2016 the ability to rewrite single-use cards was being

00:07:11.080 --> 00:07:16.840
exploited by people who were using their Android's NFC system if you've got a

00:07:15.039 --> 00:07:21.400
Nintendo switch you might find one good use case for the NFC is to emulate

00:07:18.840 --> 00:07:25.599
amiibos but once again you can get similar functionality with an Android

00:07:23.400 --> 00:07:30.000
phone this time by using a bunch of single-use NFC 215 tags that can be

00:07:27.879 --> 00:07:34.039
purchased for about 30 cents a pop on Amazon another functionality you could

00:07:32.160 --> 00:07:38.800
get with the flipper zero but could also get with an Android device is bad USB if

00:07:36.800 --> 00:07:43.720
you've seen our video on the USB rubber ducky bad USB is very similar it's a

00:07:41.840 --> 00:07:48.159
keyboard emulator that can be used to stealthily execute macros and scripts on

00:07:45.840 --> 00:07:51.879
a Target device using an unlicensed version of the ducky script coding

00:07:49.840 --> 00:07:56.159
language when we spoke to jacobe the creator of the largest bad USB repo on

00:07:54.199 --> 00:08:00.080
GitHub as well as the top contributor to the payload hub for the rubber ducky

00:07:58.039 --> 00:08:04.080
they said when compared against something like the rubber ducky or the

00:08:01.680 --> 00:08:08.720
OMG cable The Flipper zero doesn't stand a chance as far as performance goes but

00:08:06.879 --> 00:08:12.680
if you could plug it in behind someone's setup it could be controlled with your

00:08:10.520 --> 00:08:16.400
phone and then the danger rating is no longer determined by the device itself

00:08:14.759 --> 00:08:20.720
but rather by the creativity of the thread actor Ah that's an interesting

00:08:18.879 --> 00:08:24.440
and important point we're already recognizing this pattern where anything

00:08:22.560 --> 00:08:29.000
The Flipper zero can do something else can do and may be better but it's the

00:08:26.639 --> 00:08:33.599
versatility that sets it apart The Flipper Z can be controlled remotely

00:08:31.360 --> 00:08:37.719
from both phones and computers using their extremely slick apps Q flipper

00:08:36.159 --> 00:08:41.640
also works on the steam deck as demonstrated in this Reddit post by the

00:08:39.360 --> 00:08:46.279
flipper zero CEO while this type of Wireless attack could be dangerous on

00:08:43.519 --> 00:08:50.519
its own a particularly ingenious nerell could take things much further with the

00:08:48.240 --> 00:08:56.200
Zero's general purpose in and out pins through gpio add-on boards can be used

00:08:53.240 --> 00:09:02.600
to tack on features like Wi-Fi a camera or 2.4 GHz RF it just so happens that

00:08:59.560 --> 00:09:05.079
Logitech unifying receivers also use 2.4

00:09:02.600 --> 00:09:10.360
GHz RF signals with the addition then of less than $5 worth of electronics the

00:09:07.720 --> 00:09:15.079
zero is able to connect to Old unpatched Logitech receivers and execute bad USB

00:09:13.040 --> 00:09:20.160
ducky script without ever having to touch the computer that's a big yikes

00:09:18.040 --> 00:09:27.640
but it still doesn't change our main point so could a pie or an Arduino or

00:09:23.880 --> 00:09:29.200
realistically an Android phone so yes

00:09:27.640 --> 00:09:33.640
the sky is the limit when it comes to the capabilities of a microcontroller

00:09:31.200 --> 00:09:37.519
into a robust gpio system I mean we've seen Geer counters light meters

00:09:35.440 --> 00:09:41.680
ultrasonic distance sensors and there's plenty of people working on new

00:09:38.760 --> 00:09:46.640
additions but the device is not the danger it's the Ingenuity of people and

00:09:44.959 --> 00:09:50.200
the power of the community that flipper devices Inc has built around their

00:09:48.600 --> 00:09:54.000
particular Gadget I mean it's an incredible success story starting out as

00:09:52.040 --> 00:09:59.640
a Kickstarter campaign The Flipper zero raised $5 million and then this is the

00:09:57.440 --> 00:10:03.680
really shocking part delivered fully on its promises not only did The Flipper

00:10:01.760 --> 00:10:07.399
team Peak the interest of tens of thousands of people they fostered a

00:10:05.600 --> 00:10:12.000
community that's willing to innovate and evangelize which has pushed their Niche

00:10:09.600 --> 00:10:15.880
Gadget into the mainstream Spotlight and turned it into a true Swiss army knife

00:10:14.040 --> 00:10:20.160
of hacking devices and if the current momentum is any indication new add-ons

00:10:18.399 --> 00:10:24.880
programs and custom firmware are going to continue to extend the lifespan and

00:10:22.600 --> 00:10:29.800
utility of the device as time goes on is it as good for gaming as a Nintendo

00:10:26.440 --> 00:10:33.800
switch as stealthy as a rubber ducky as

00:10:29.800 --> 00:10:36.680
aoral as a hack rf1 no but for something

00:10:33.800 --> 00:10:41.200
so pocketable it is shockingly decent at all of these things without crossing the

00:10:38.959 --> 00:10:44.560
line into illegality whatever scary stories might have been told by

00:10:42.480 --> 00:10:49.079
sensationalist media personalities from our point of view then the flipper zero

00:10:46.399 --> 00:10:54.519
has the potential for mischief and much worse but it also has legitimate uses

00:10:51.959 --> 00:10:57.800
the best of which is to find out if you're vulnerable to attacks that would

00:10:56.079 --> 00:11:02.480
cost a determined Butthead less than a 4K monthly subscription to Floatplane

00:11:00.160 --> 00:11:06.240
without actually getting hit by them then once you're sure you're safe from

00:11:04.079 --> 00:11:10.920
the plethora of basic vectors that it can perform well you still have yourself

00:11:08.639 --> 00:11:16.079
a cute little electronic dolphin friend that can play Doom uh what it can't do

00:11:13.560 --> 00:11:19.760
yet though is segue to our sponsor Squarespace if you want to build a brand

00:11:17.839 --> 00:11:22.480
online you need a website but if you just learned how to turn on the little

00:11:21.120 --> 00:11:27.560
flashlight on your phone how are you going to build a whole website well Squarespace can help they're the

00:11:25.120 --> 00:11:30.320
One-Stop No Frills allinone platform for expanding your presence on the internet

00:11:28.920 --> 00:11:33.880
squ space lets you build beautiful websites engage with your audience and

00:11:32.200 --> 00:11:37.040
sell anything and everything from products to content without needing to

00:11:35.560 --> 00:11:41.079
spend four years getting a website building degree we love Squarespace so

00:11:38.959 --> 00:11:44.959
much we use it here at LMG for LTX Expo and linusmediagroup tocom and it custom

00:11:43.160 --> 00:11:48.279
templates make it easy to stand out with a plethora of themes and customization

00:11:46.800 --> 00:11:52.120
options to fit your needs you can maximize your visibility thanks to a

00:11:50.000 --> 00:11:55.519
suite of integrated SEO features there's also analytic insights to help you

00:11:54.040 --> 00:12:00.200
optimize for performance so you can see what's working well and What needs tweaking get started today and head to

00:11:58.639 --> 00:12:04.279
Squarespace /lt to get 10% off your first purchase

00:12:02.920 --> 00:12:08.120
if you enjoyed this video check out the shenanigans we got into with the USB

00:12:06.279 --> 00:12:12.800
rubber ducky why are these devices so cutely named when they're so Insidious