How Flipper Zero Increases The Risks Of Access Control Hacks
While many view Flipper Zero as a toy, it is a booming business, and IPVM tests showed that it can clone many widely used access control credentials, leading to security risks.
But with LF and some HF credentials being vulnerable for a number of years, why/how does Flipper Zeros increase these risks?
In this report, we examine the risks associated with Flippers and why the wider adoption of Flippers will expose outdated access control systems more than ever.
Executive *******
***** *** ******** ** ****** ** ignoring ****** ******* ********** ***************, ******* sales, ***** ******, *** *** **** of *** ** ******* **** ************* and ********* ******** *** **** ** the ******** ** ****** ******* *******, even ** ****-******** **********.
**** *********** **** ******* ***** *** (*) clone ** (****) *********** *** **** HF *********** (****** **** ******** ****, Mifare *******/********** ******* ******* ****) *** (2) ******* * ********* ****** ** HID's **** *** *****-**** *******. ******% ** ****** ******* *********** ***** LF*** ****** ** ***-******** ** *********** being **** ** ****, **** ********** a *********** ******* ** ******** ***********/*******.
*******'* **** ** ***, *********** *** need *** ****** ********* ** ** in-depth ************* ** ****** *******, ********** exploiting ***************, ***** ****** ******* *******, such **************** ******, ***** ****.
**** ******** ***** *** **** **********, underlining *** ******* *** ******** ***** access ******* *******/*********.
Flipper **** ** ** ****** ******* ******* ****
***** *******'* ********* ********* *** ****** as ** "********** *** ***" *** "multi-tool *********** ******," ** ** * powerful ******* ****** **** *** ** used ******* ****** ******* ******* *** protocols.
******* **** ** ******** **** ** and ** **** ********, *** *** hardware ************ *** ** ******* ********* with *** ***** ************, ******** ** to ****/*****/******* ******* ****** ******* ***********. In ********* *****, **** ****** **** ******* ***:
- ***** **** ***** (*** ***)
- ***** ****** *********** **** ******** **** (13.56 ***) ***** *** ******** *** (separately **********)
- ***** ****** *******/********** *********** (**.** ***) without ******* ****
- ***** ****** **/**** (**.** ***) *********** to * ********* ****** ***** *** Seader *** (********** **********) *** *** SAM ******** ***-**
*******'* ******* ** ***** ***** ******-**** credentials ***** *********** ***** ** **** facilities.
Flipper **** **. ******** ******* *****
***** ******* ****'* ***** ****** ********** the *************** ** **** ****** ******* systems, **** ******* ***** *** ***** have **** ******* ** ********** *** same ***************, *************** **** ******,********, ***.
*** **** **********, *** ************ ** ****** ******* ******** *****.
******* *** ***** *** **** ******** access ******* ******* **** (** ******** is ********* ****** ** * **** versatile ****), ******* *** ******* *********** advantages ******** ** ******** *****, ****** it * **** *********** ******.
More *************** **** ******* ******* *****
******* **** *** **** *************** **** cheaper ******* *****, **** ** * ~$30 ****** **** ******. ** *** name, *** *** **** ******, *******, this ****** ** ******* ** ******* only ** ***********, ***** ******* **** can ***** ******* ** ***********.
***** **** ********************** ***** ******** ** ******* *** less ******* ******* ***** **** ******* Zero.
Easier ** *** **** **** ******* *****
********, **************** ** *** "**** ******** **** in *** ******** *****,"****** *** **** **** *************** **** Flipper ****. *******, ** ** * device **** ******** (*) * **** interface (*.*., * **), (*) ****** knowledge, *** (*) * **** ************* of *** ****** ******* ******* ****.
*******, ** *** ***** ****, ** a ********** ****** **** * *******, buttons, *** ** ****-**-*** ****.
** *********** *** ********** ** ******** and *** ** ******** ** *******, below ** ** ********* ** *** to **** ****** ******* *****. **** explainer ******* ****** ** ****** ******, access ******* ********* ******, ***.:
Broader ******
****** ******** *** ***** ******* *****, Flipper **** ** ******** ** ****** to * ******* ******, ** ******* ******* ** *** ****** **** in *** ** *** ******* **********(***** ** *******) **** *** ** the ****** ********* *** ******* *** people *** **** ********* *** *** early *****, ***** ***, ***. ********, the *******'* *** ********* ** **** that, ** ** ****, **% ** its ********* **** ****** **** ********.
*******'* ******** ****** ****** *** ** play ***** ***** (**** ** *****), play *****, ******* ***'* **,**** ******* *******, ***. - *** ***** ****** that ******* *** * *********** ******** base *** ******* ** ****** ******** with ****** *******.
** *** ***** ****, ***** *** to ***** ************ *** **********, *** primary ****** *** *******, **** ** Proxmark, *** *********** *** *************.
Stronger ***** ***********
***** ******* *** *** ****** ** conventional *********,*** ***** ******** ******, *******, *** ***** ****** media ********* ***** *********** **** ***** alternatives ***'* ****.
** ** ************ ** ****, ************'* *******,******, **************** **** **** * ******* *********** combined, *** ********* ***** *** ********, iceman,*** ~** ******* *************** ******* ********* ** ~***.
*********, ** ******* **** ****** ****** below ***** *** ********** ** ******** for ******** *** ******* ****, **** Flipper **********:
Continuing *****
** ****, ******* ******* ** ** least ****** *** ***** **** **** year, *** **** ********** ******, ***** will **** ** ******** ** *******. While **** *** *** **** ** this *****, ******* *** *** **** to ********** ***'* ****** ******* *******, the ***** ** ***** ******** ****** control **** **** ** *******'* ***** and *** ****** ** **** ******* grow.
Flipper ***** ** **** ** ******* ****** *******, ******* ***
******* ********* ****** ** *** ****** control ********/******* ***** ***** **** **** that ******* **** ***** ** ****** to ******* ****** ******* ***************.
*** *******,******(********* ******* - ****** ********* ******) **** **** ******* ***** ** "extremely ****" ** ******* **** ******** vulnerabilities:
[*]** *** ***** *** ******* ***** available, **** ******* **** **** *** attachments ** *****-*, **** ***** ********* easier *** ***** *** **** ******?
[*] **** ****. **'* ****** **** today. **'* ***** ****. ** *** the ***-******* ****** *** ** ****** and ** *****-******, **Flipper ***** ** ********* **** [to exploit existing vulnerabilities]. The form factor with Flipper, the battery, and the way of choosing its capabilities and doing it in the field [make it easy to hack access control systems].
*********, ***** ******, *** ******* ***** **** ************** **** *****(****** ********* ******), ********* *** **** *********, ** the ******* ***** *****:
*******, *** ******* **** ****** ******** the **** ****** ******* ** **** of ***** *****, *** ******** ** in *package **** ** ******, ***, *** ********
** ** *** *******, ********** ********* of ***"cost" ** ******* ****** **** over time as technology advances [emphasis added]
Updating ****** ******* *******
*******'* ******** ** *******, *** **** 350,000 ***** ** *** ** ******* (only ***** ***** ***** ********* ************** ********), ***** ******* ************* ******** *** risks ** ***** ******** ********* *** hardware *** ** *******'* **** ** use, ***** ***********, ***.
**** ******** ***********, ***-*****, *** ************* long ********* *** ***** ** ***** cracked *********, *** *** **** ** Flipper ***** *********** *** **** ** update ***'* ****** ******* ******, ** the ***** **** ******** ** **** with *** ****** ** ******* ** the **.
**** *** ******* ****** ** ******* Zero (**** ******** **** ***** **** soon ** ******** ** ***** *******), the ***** ** ***** ******** *** cracked ****** ******* **** **** **** with ****.
*** ****** ** ***** ****. ******* was *********** ****** **** **** ***.
**** ******** *** ****** ** ***** communication. *** ***** **** ** ******* the **** ** *** ****, *** in ******* **** **** ** ******. In *** *** *****, ****'* ******* and ****, **** ** ***** *** supported ** *** ***** ****** *******.
** *** ** ****, *** *** get ********-******** (*****) **** **** ***. This ***** **** ** ******** **** with **** *****, *** **** ***** don't **** **** ****** ****'* ******.
**** ***** **** **** ****** **** i ***** *****?
** * ****** ** *** ***** of ***********.
****** ** *********** *** *** ***** broken ****.
****** ** (*** *******) **** * SIO (****** ******** ******), ***** ** basically ** ********* ******* *********** **** to *** **** ****** ******. ** keeps *** ****** **** ***** *******, or *** *** **** ***** ***** to ******* ****.
** *** ***** ** *********** ** transit, *** **’* ******** ** “******” that *********** ** ********** ** ** a **** **** *** **** ****** number.
**** ***** ** * **** *******. The ***** ************* ** ********* **** keys *** ********** ** ** ***’* be ******** ** ***********.
***** ***** ** *** **** ****. Standard **** **** ****** *** *** readers *** **** ****** *** *** cards. **** **** *********** **** * stack ** ***** *** ******* ** the *****.
**** *****, **** **** ******* *** read **** *****. ** **** ** you ***’* **** **** ** ****** (unencrypted) *******, ****** *** **** *** card **** ******* ******, *** *** anyone *** * *** ****** ** their *** ** **** **** ***** (which ***** *** **** *** ** do * ********* ******).
**** ** **** * **** *** accelerationism ******. *** ******* **** ****** existed, *** **** ************* **** **** malicious ****** *** ********* *** **** root ** ******* ***** *** ******* NetHunter.
**** **** ****** ******** ****** ** the ********* *** ****** *** **** for **** ******** ** *** *********. The ********* ** *** ******* **** just ***** **** ******** ************* *** no ****** ****** ** ** **** and **** ** **** **** ****** against ************ ** ***********.
* ***** *** ******** ** **** is **** ***? * ****** * would **** ** **** *** *** my ****** **** ****? ***** ***** can * *** *** **** ****** be ******** **** *** ***?