Flipper Zero's Advertising Campaign For Cloning Access Control
Flipper Zero increases the risks of access control hacks, which we have tested. They already have a booming business, and now the company's social media advertising campaign is emphasizing cloning access control cards.
In this note, we examine the advertisements and demonstrations on several of Flipper Zero's social media pages, including the risks and responses from the company.
For background, see:
- The Booming Business Of Flipper Zero
- Flipper Zero Access Control Hacking Tested
- How Flipper Zero Increases The Risks Of Access Control Hacks
- The Case For and Against Banning Flipper Zero Analyzed
- Canada to Restrict Flipper Zero Sales To "Legitimate Actors Only"
- How Flipper Zero Can And Cannot Hack or Harm Cars
Flipper **** ************** / ***** ********** ********
*******'* *** *** ****** ***** ***** highlight *** ******'* ********* ** ******* such *************** ** ***** *********** (*** ****'* ****), ********** *** ******** ****** *** insecure / ******* ***********. *****, ** list ******* ****** *** *** ************* its ******* ** ***** ** **** entry ** * ******** ***** * Flipper ****.
** *********, ******* ****'* ******** **** is ******* * ********* **, ************ Flipper's ******* ** ******* *** **** credentials, "***** **** **** ****** **** again," "***** ****" **** * ****** shop **** ** *** ******* ******* to ******** * ******:
****, ******* ********* ** **** ** running ** *** **** *********, **** the *******, "**** *** *** ***** with ******* ****":
***** ** *** ************* ***** ***, showing *** ******** *******, **** **** shop *****:
*** ** ******* ** ******** ***** that ******* **** *** **** ** results:
****, * **** **** *** **** 800,000 ***** ** ********* ***** *** to **** / ******* *********** *** then ***** ** ** * **********:
****, ******* **** **** *** ****** 600,000 ***** ***** ********* *** *** / **** ***** *** ******* ** "unlimited" ****** ** ***** (***********):
Executive *******
*** *******, **** ** *** ****-**** scenario ** ***** **************, ** **** companies *** ********* **** ********* **** over ***** ****** ******** **** ******, especially ** ***** ** ****** ********* or ********* *** *** *********** ** they *** ********** ** ****** ***** the ********** **** ***** **** ****** the ******* **** ******.
******* ***** *** *** ******* ***** now *** ******* **** ******** **** other ******* **** *** **** ******* similar ********** / ***************, ***** ** a ******* ********, ** *** **** of ***** *************** ******************* *******.
*******, *** ********** ******* ** **** many ****** ******* ********* ** ******* continue ** **** *** ******* ***** insecure ** ******* *********** (**** ***********, Prox / *** ***), **** ******* Devices *** ****** ******** ********** ****** these ***************.
Flipper **** *** ** ******, *** ***** *** *******
***** **** **** ******* **** ******, the *********** ** ***** * ******* Zero ** ****** ******** **********/***** *** have **** ********** ** ** * single ******, *.*., (****, ****** ****, office, ***, ***) ** **********. *******, the ******* ******** *** ******** ******** on ***** ********* *** ********** *** risks *** "*** ******" ***** ***** devices *** "***."
*** *******, **** ******* ** ***** if / **** **** ** ********* activities, **** ** ** ******** ******* a *********'* **** ** **** ************ access ** ***** **** *** *** (or ** ******) ********** **. ***** Flipper ****'* *** ** *** **** this, ******* ****'* ************ ****** ****** exploiting ****** ******* *******. *** ** this, **** ********* *** ** ******** or******** ******* **** *****.****, ****** ******* **** *** *** ****** Hack ** **** ****.
Flipper **** ********
**** ** ******** **** ******* ******* about ****, *** ******* **** ******** basic / ******* ********** *** *** not ******* ** *** ****** / successful ***** *** **** ** ********** Flipper **** *****:
******* **** ****** *** ***** ** copy ***** *** **** **** ** key ****. * *** *** ****** to **** *** **** ** ** partner's ********, ***** ** *** **** easier **** ****** ** **** *** key. ******* ******* ******** *** ***** of ******* **** *** ********* ************.
(****** **/**/**: ******* ******* ********* **** meant ** *** "******* *******does *** condone the usage of Flipper Zero for nefarious applications." [emphasis added])
*******, *** ******* **** ******* **** are ****** ** **** "*** ******** modern" **********:
******* ****, ***device ** ****** ** **** *** ******** ****** ****** ******* **** ******* ****** ********** **********. [Emphasis added.]
Cracked / ******** *********** ********** *****
** *** ****** ** ***** ****** are *** ******* *** ******** *********** being **** / *********** ***** ***** known ** ******** / ******* *** over * ******. ***** ******* **** may ** *** **** ****** **** / ***** ****** *** ****** ******* hacking, ******* ************ *** ******* ***** used, *** **** *** ******* *** emerging - *** ********, *** "******" credentials *** ***** ***** **** / widely ****.
***, ******* ****'* ********* / ************* campaigns *** ******* *********** ********, *** capitalizing ** *** *** ** ******** or ******** / ****** ***********, ********** the ***** ** ***** *************** ***** exploited *** ** *** ********* ********.
******* **** **** ***** **.***** *****. It ******** ******** ******* ** ****, emulate *** ******* ****** ******* *** iClass. ******** *** *** *** ****** harder ** **** *** *** **** read * ***-***** **** **** *** emulate **** ** ** ****** ****, so *** ******** ***** ** **** any ****** **** **** ****** *** in *** ******.
******* ******* ******** *** ***** ** Flipper **** *** ********* ************.
******?
******* ******* ********* ** ** **** meant "**** *** ******* ********* ************." I ******* *** ****** ** ******* this.
***** ******.
**** ** ****** **** *** ******* :
"the ********** ******* is that many access control companies or vendors continue to sell and support known insecure or cracked credentials (most importantly, Prox / 125 kHz), with Flipper ******* *** ****** ******** ********** ****** ***** ***************."
***
*** ******** ** ****** ******* ****** be *******, **** **** ********* ** spoof ************, ***/** **** ****** ************** for ****** ****** *********. *** ** I *** ***** *********** * ***** be ********* ********* ** * *** using * ****** ****** ******.