Flipper Zero – Zero Trust
or Beware of Geek Bearing Gifts
Flipper Zero (https://flipperzero.one) is a Russian hacker tool used by penetration testers and security researchers for breaching physical access solutions. In the light of the political situation in Russia and the current conflict in Ukraine there are reasons to be really careful about the use of this tool. The Flipper Zero has the capacity to copy and collect encryption keys and other credentials for hotels, buildings, companies and infrastructure. This document contains the result of an OSINT search and analysis from open sources in Russia, as well as a small study of telemetry sent by Flipper Zero apps to Flipper Devices Inc’s infrastructure. Further investigations have shown that one of the founders of the Hackspace Neuron, that developed Flipper Zero has been put under sanctions by the US government for providing FSB and GRU with attack tools. Even the front figure and CEO of Flipper Zero is related to previous suspicious activity such as DDOS attacks and cyber sabotage.
This article can be viewed as an intelligence report making an assessment whether the tool should be allowed or trusted to be sold and used.
The full OSINT and telemetry investigation report can be found below.
The report was presented at SEC-T (https://www.sec-t.org/) in Stockholm September 13th 2023.