Flipper Zero: The ‘tamagotchi for hackers’ goes viral on TikTok
Dozens of users have been sharing videos using the device to turn on the television and unlock cars and hotel rooms
Cesar Gaytán, a security consultant and the mind behind the YouTube channel HackWise, has used the Flipper Zero to turn on the television, unlock his car and even disconnect security cameras from a WiFi network. The device, nicknamed the “tamagotchi for hackers” on social media, has gone viral on TikTok. Users share videos using it to unlock hotel rooms, turn on the air conditioner and read pets’ identifying microchips. Some even claim that the device can clone credit cards.
At first sight, the device, which costs around $170, looks like a toy. It is smaller than a cellphone, and its 1.4-inch screen features a dolphin that gets happier when the device is used. In the words of its creators, it is “a tiny piece of hardware with a curious personality of a cyber-dolphin.” Inside, it contains sensors to intercept and imitate signals, like the air conditioner’s infrared waves and the TV remote control. The push of a button, Gaytán explains, can read infrared signals and then turn the television on. “The device captures the signal and saves it, and then it can replicate it. If the television is on, it turns off, and if it’s off, it turns on,” he says.
Edgar Pons For, industrial designer, biohacker and technology content creator, always carries a Flipper Zero with him. Though he rarely uses it, he feels good knowing that he carries “a technological Swiss Army knife” with the capacity to read and repeat signals. When he first got the device, which is often out of stock, he spent a few weeks trying to read all kinds of signals, including keys, home appliances and cards.
The Flipper Zero brings together several functions that can be found individually in other devices. It can, for example, analyze radiofrequency signals, like those used by car keys, garage remotes and alarm systems, among other wireless devices. It can also read cards that use RFID and NFC technology — like credit cards, gym cards and hotel keys — and sometimes replicate them.
Videos recorded to go viral
TikTok has an abundance of videos that show the Flipper Zero supposedly being used to replicate credit cards, unlock cars and unblock cell phones in seconds. Pons believe that many of them “go viral showing false or very staged information.” “It’s not at all as easy as it looks,” he says. EL PAÍS contacted the creators of Flipper Zero to ask them whether the videos are accurate depictions of the tool, but they have yet to respond.
The Flipper Zero can interact with some systems involved in reading credit cards or electronic entry. Pons says, however, that most of those systems have highly advanced security measures that make them hard to hack. “Bank cards have encryption and authentication systems that protect transactions and prevent unauthorized use. They can be read but they can’t be copied,” he says. As he explains, it is much easier to steal someone’s information by hacking their computer or robbing them than with the Flipper Zero.
Josep Albors, the Spain Head of Awareness and Research at the cybersecurity company ESET, says, “Card cloning only works for very old versions that are practically obsolete, and the remote unlocking of cars is only possible in old models.” Current remote keys “use unique codes every time, and even old cars require specific conditions to be able to clone the control signal from a distance.”
Alex Kulagin and Pavel Zhovner came up with the Flipper Zero in 2019 so that anyone could interact with the devices around them without prior knowledge. They started raising funds on the global micro funding platform Kickstarter. Today, according to Wired, they have sold over 150,000 devices. “If you don’t know what you’re doing, you won’t do much more than turning your television on and off and controlling the fan,” Pons says. Some of the device’s advanced functions require additional technical skills or cybersecurity and programming knowledge.
Albors believes the device has become trendy because content creators and influencers have mythologized its possibilities. “That has made many users think that they have a master key at their reach, when in reality, without prior knowledge or understanding its real possibilities, they just have an expensive toy to use a few times before it ends up in a drawer,” he says.
Is Flipper Zero a threat?
Brazil’s National Telecommunications Agency (ANATEL) has seized Flipper Zero shipments, according to online testimonies from those affected. The Electronic Frontier Foundation (EFF) explained that ANATEL has not approved the device because it “serves illicit purposes or facilitates a crime or misdemeanor.” For Marc Rivero, security researcher at the cybersecurity company Kaspersky, prohibiting devices is not the best solution. “They should establish clear regulations and educate users to use it in an ethical, responsible way,” he says, adding that the device “has won a fanbase thanks to its programmable retro design.”
More powerful autonomous tools have existed for decades, as Candid Wüest, Vice President of Cyber Protection Research at Acronis and cybersecurity risk consultant for the Swiss government, points out. “The tool itself isn’t the main problem. It’s the fact that weak systems still exist. It’s like trying to ban a brute-force password tool to protect people who are still using 123456 as a password.”
William Budington, Senior Staff Technologist at the EFF, does not consider the device a threat. “The laws against piracy already exist, and we should let them do their job instead of limiting access to tools like the Flipper Zero.” He and Albors emphasize that the device can be used to test the security of systems. “Banning hacking tools does not solve the problem but worsens it, as it stops researchers from alerting about possible security failures,” Albors says. Ultimately, it all depends on how the device is used. Gaytán compares it to a knife: “You can use it to make the most delicious meal that any human being has ever tried, or you can kill someone. That’s the user’s responsibility.”
Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition