In partnership with
Dear Sentinels
What a week it has been! First, the University of Southampton has had me jump through all sorts of hoops, but it is for a good cause, though. 😉 Then, my TikTok channel got delayed because of the aforementioned situation with my University. But it is ready for you to sign up; you can find it here.
So in this edition, we will take an introductory look at the Flipper Zero. I say 'introductory' because over the next few weeks we will circle back to it, and I will be doing my own experiments. (Ethical, of course.) The Flipper Zero is a so-called digital multitool, and boy does it deserve that title. In the following investigative article, we will lay out the internal layout of Flipper Zero, the open-source nature of its software stack, and the ethical nature involved in using it. Then, we will return to an academic article on the adoption and future of the Fliper Zero. But first, though we have to pay the rent and the we present news from around the web for your viewing pleasure.
How much could AI save your support team?
Peak season is here. Most retail and ecommerce teams face the same problem: volume spikes, but headcount doesn't.
Instead of hiring temporary staff or burning out your team, there’s a smarter move. Let AI handle the predictable stuff, like answering FAQs, routing tickets, and processing returns, so your people focus on what they do best: building loyalty.
Gladly’s ROI calculator shows exactly what this looks like for your business: how many tickets AI could resolve, how much that costs, and what that means for your bottom line. Real numbers. Your data.
News from around the web
Flipper Zero, The Digital Multitool!
The Flipper Zero emerged from a 2020 Kickstarter project; let that sink in, because it quickly exceeded its funding goals, securing over $4.8 million. It occupies a unique strategic position, captivating researchers and enthusiasts not through a cold, industrial aesthetic, but via a playful "Tamagotchi" persona. This device was conceived as a portable companion that demystifies the invisible signals of the modern world. Turning the complex reality of hardware security into an interactive experience. Creators Alex Kulagin and Pavel Zhovner designed the device with a philosophy that integrates a virtual pet mechanic directly into its high-level security tools. Where a pixel-art dolphin mascot "levels up" and displays varying emotions based on the user's proficiency in capturing and analysing signals. This gamification strategy lowers the barrier to entry for beginners, transforming what might otherwise be a daunting set of technical instruments into a compelling educational journey that has significantly democratised access to hardware exploration.
The importance of the Flipper Zero's internal architecture lies in its open-source firmware and high degree of versatility. At the heart of the device resides the dual-core ARM STM32WB55 microcontroller, featuring 256 KB of RAM and 1 MB of Flash storage. The architecture is split between a 64 MHz Cortex-M4 core, which manages the main firmware and user applications, and a 32 MHz Cortex-M0 core dedicated to running the proprietary Bluetooth Low Energy stack. This dual-core approach enables stable wireless communication without taxing the primary system's resources. The physical interface is centred around a 1.4-inch monochrome LCD with a 128×64 resolution and a 5-way D-pad.
Flipper Zero
The Flipper Zero demonstrates significant technical depth in its ability to interact with Sub-GHz and Infrared communication protocols, which serve as the strategic backbone of modern home and industrial automation. The device utilises the Texas Instruments CC1101 chip to interact with frequencies between 300 and 928 MHz, enabling the researchers to capture and replay signals from wireless doorbells and weather stations. Light-based signals are handled by an infrared transceiver featuring three high-output LEDs and a TSOP-75338 receiver module, allowing the device to function as a universal remote for household appliances. This system also incorporates a BCE-MX8530A piezo buzzer for audible feedback during signal processing.
Proximity-based access control systems are a cornerstone of corporate security, yet they are frequently built upon legacy technologies that prioritise convenience over robust encryption. The Flipper Zero addresses this by integrating dual-band RFID and NFC capabilities, allowing researchers to evaluate the integrity of badges and tags. The device reads and emulates 125 kHz low-frequency RFID cards—often implemented via software on the MCU—and 13.56 MHz high-frequency NFC tags through the STM ST25R3916 chip. We will show you some of this shenanigans in the coming weeks.
Flipper Components
The device also includes three pogo pins designed for the "iButton" or Dallas Key interface, utilising 1-Wire protocols to interact with the magnetic touch keys commonly used in physical penetration testing for apartment complexes or security patrols. By demonstrating how easily these unencrypted legacy credentials can be cloned and emulated, the Flipper Zero provides a tangible illustration of the vulnerability of physical security perimeters. This understanding of short-range contact and proximity protocols leads directly into the specialised and often misunderstood world of Bluetooth vulnerabilities.
Bluetooth security has become increasingly relevant as wireless peripherals become ubiquitous, yet media hype surrounding its vulnerabilities often obscures the technical reality. Whisper Pair is a vulnerability that allows an attacker to force a connection to specific headphones or speakers to hijack audio or track a device. Critically, the Flipper Zero, even when running popular custom firmware like Momentum, cannot perform a Whisper Pair attack due to a fundamental firmware limitation regarding the distinction between Central and Peripheral roles. To initiate such an attack, a device must act as a "Central" unit to scan and force pairing; however, the Flipper Zero's firmware is typically configured as a "Peripheral" to conserve its limited 256 KB of RAM. While it cannot hijack audio, the device can perform "BLE Spam" or advertisement-based Denial of Service attacks. These attacks flood an area with fake pairing packets, which famously caused system crashes in unpatched versions of iOS 17. In response to these disruptive capabilities, the security community developed defensive tools like the "Wall of Flippers" project to detect and mitigate such BLE spamming, reflecting a constant cat-and-mouse evolution in the wireless security ecosystem.
The device's physical expansion is enabled by the General Purpose Input/Output (GPIO) pins on its top edge, which allow it to interact with external hardware, such as the ESP32-based Wi-Fi Dev Board. When flashed with specialised "Marauder" firmware, the Flipper Zero is transformed into a potent network testing tool capable of sniffing access points, broadcasting fake networks, and performing deauthentication attacks.
The global legal scrutiny facing the Flipper Zero underscores the strategic importance of ethical conduct within the "white hat" community. The device has faced significant challenges, including a ban by Amazon for its perceived use as a "card skimming" tool and the seizure of shipments by Brazil's Anatel, which labelled the multitool as an instrument for criminal activity. In early 2024, the Canadian government proposed a ban in response to rising auto thefts. Flipper Devices Inc. and CEO Pavel Zhovner have consistently argued that the device is an educational instrument designed to expose vulnerabilities inherent in ageing legacy systems rather than creating new ones. Ultimately, the Flipper Zero serves as a reminder of the principle of "With great power comes great responsibility".
Summary
The Flipper Zero is presented as a versatile, open-source handheld device designed for cybersecurity experts to evaluate the vulnerabilities of Internet of Things devices and embedded systems. This framework examines the tool's multi-protocol capabilities, emphasising its efficiency in finding and exploiting flaws within complex, modern digital landscapes and connected environments.
Background
Cybersecurity risks have surged alongside the widespread adoption of the Internet of Things and embedded systems. As these technologies increasingly integrate into daily life, identifying and addressing vulnerabilities has become a critical concern for researchers. Standard computing security measures often fail to address the unique resource limits and specialised hardware requirements of these linked devices. Protocol manipulation and insecure communication channels remain primary threats that require specialised testing tools.
Existing penetration testing frameworks, such as Kali Linux and Metasploit, provide substantial support for legacy networks but struggle with non-standard IoT protocols. Researchers have identified a significant gap in hands-on device engagement where traditional tools fall short. To bridge this gap, the Flipper Zero project introduced a portable, multi-functional tool capable of interacting with various wireless protocols. It serves as a single, compact solution for auditing the security of diverse IoT ecosystems.
"Penetration testing and ethical hacking are crucial for finding and fixing these vulnerabilities."
Use-case
The Flipper Zero is primarily used to interact with a wide range of wireless protocols, including RFID, NFC, Bluetooth, and infrared. Security professionals use the device's modular design to develop custom scripts for testing smart locks and access control systems. It is highly effective for cloning RFID cards and decoding wireless signals to identify security gaps in linked environments. The tool also allows users to investigate radio waves and automate repetitive security processes.
Survey data indicates that 44.4% of users specifically apply the device for RFID and NFC security testing. Beyond card emulation, it is used for signal analysis and interacting with hardware through its built-in GPIO pins. Some advanced users leverage the platform to develop exploits by creating custom firmware for niche security tasks. Its portability makes it an ideal platform for field-based penetration testing and embedded system troubleshooting.
"Ethical hackers can use it to clone RFID cards, decode wireless signals, and assess vulnerabilities in BLE devices."
Conclusion
Future development for the Flipper Zero framework will likely focus on broadening protocol support and improving automation for large-scale security testing. There is a clear demand for better integration with established tools such as Metasploit and Wireshark to improve interoperability. Additionally, defining formal ethical guidelines and improving instructional documentation will be essential for responsible experimentation in various industries.
The article can be found here.
