Flipper Zero
BLe+ Vulnerability
Introduction
Just as there is a rise in personal digital devices, so too is there a rise in the digitization of access controls and similar systems. The Flipper Zero is a small device with big potential, especially when looking at its ability to hack access control, IoT, and other smart/radio systems. Sample use cases include impersonation attacks or unauthorized access.
This information is provided for general awareness and defense purposes only. This information also is not intended to be a complete description of the functionality or risks of the identified tools.
What is the Flipper Zero?
The Flipper Zero is a device capable of recording and replaying RF signals. Completely open source and customizable, the Flipper Zero can be adapted for a range of use cases. Sold as a dev/pen test tool, this device has a range of hacking capabilities.
How Does it Work?
The Flipper Zero is equipped with a customizable radio platform which enables it to interact with a range of radio-based systems. There are a range of use cases for the Flipper Zero allowing it access to systems like:
Access Control Systems
Smart Sockets and Bulbs
IoT Sensors and Doorbells
For more detailed information, see the Flipper Zero site.
These are not the only use cases, as there was also a case of a Denial of Service attack executed on an Apple iPhone, which CTO Dr. Brett Walkenhorst details in the short video clip to the right.
How Can I Uncover a Flipper Zero?
With robust wireless monitoring, you will be able to see any device transmitting in your space. Additionally, if you have an integration between your wireless and physical monitoring systems, you gain an added layer of visibility that would help you address a breach actioned via Flipper Zero.
What Can I Do to Defend Against This Threat?
Bastille recommends a few security best practices for this type of threat:
Keep Your Systems Up to Date: Keeping all systems up to date, such as your access control systems or your IoT tech, will help ensure your systems are running on the latest security.
Update and Enforce Your Security Policy: Establish and educate upon a corporate policy for all employees regarding these types of devices to help keep your space secure
Stay Up to Date: The landscape of wireless security is constantly evolving. In order to defend against these threats, you need to know what’s out there. Check out our recent webinar on Wi-Fi Vulnerabilities in which CTO Dr. Brett Walkenhorst dives into the Wi-Fi protocol, the Wi-Fi Pineapple, and other related hacker devices.