Do we have your current information? Be sure to update your contact information today!

Back to Financial Education

Don’t get fooled this April. Everything you need to know about Flipper Zero Scams

We have all had a morning where we lost our car keys and panicked as we flipped over couch cushions looking for them. However, a new device on the market called Flipper Zero can use radio frequencies to open car doors. How can you protect yourself against the capabilities of the Flipper Zero?

What are RFID and NFC?

Radio Frequency Identification (RFID) is a technology that uses radio waves to identify objects and people. RFIDs consist of a scanning antenna, a tag, and a reader.

Near-field communication (NFC) allow wirelessly share data using high-frequency, short-range radio waves. NFCs enhance RFIDs contactless capabilities.

The difference between RFIDs and NFCs is the distance between the device and the objects. The main difference is RFID technology can be used more at a long range for device locators, whereas NFC is used more for closed distances like contactless payments. NFC directs two ways, but RFID connects from the tag to the reader. RFID only holds small amounts of information, like a model number. Whereas an NFC is capable of holding several types of data.

To break it down, devices like phones and credit cards have RFID and NFC technology embedded in their software. This technology allows us to use features like Apple Pay to exchange data. 

Devices like Flipper Zero are known for having NFC grabber technology. With Flipper Zeros, people gain access to vehicles, thermostats, credit cards, and other wireless technology. Since NFCs use two-way communication technology, hackers can use Flipper Zeros and similar devices to grab information from NFCs nearby. 

How much of your information is at risk with data exchange?

Purchasing an NFC grabber like a Flipper Zero will not grant you access to any vehicle. It is not as easy as clicking a button and being granted access. For an NFC grabber to work, you first need the NFC. For example, if you are trying to access a car, you need the car fob. After you get the car fob, you can record the frequency required to open the door. Without the fob, you cannot record the frequency, and you wont have access to the vehicles. Some vehicles with older rolling codes (Rollini-PWN) do not require the fob-they only need the frequency. So if there are NFC eavesdroppers (individuals who stand by to record random frequencies), they might have access to the vehicle if they happen to record the frequency on their Flipper Zero. There was a viral TikTok of an individual who was going around opening a Tesla electric port. Tesla uses the same frequency for all stations and all vehicles; however, this does not mean they have access to the Tesla itself. 

Credit card theft is a real thing, but Flipper Zeros still cannot reproduce a credit card. So you can use Flipper Zeros to pay. You have to physically attach the credit card to the Flipper Zero for it to read the information. If you get access to the card, the Flipper Zero only reads the card number and sometimes the expiration date depending on the type of card it is. The CVC code or personal information is required. The majority of online vendors require the CVC code making it unlikely to make purchases or emulate the cards. 

The way that Apple Pay works isn’t strictly through NFC codes, it works by Apple Pay contacting your bank and generating a proxy of your card that allows you to make these purchases. Which is different than NFC grabber technology. 

Another security concern revolving around the Flipper Zeros is Wi-Fi de-authentication. However, you can just purchase the Flipper Zero and hope that it will deauthorize all Wi-Fi networks, it requires specific firmware and Wi-Fi boards to gain access. This same technology can be used on most electronic devices and is not aimed just toward Flipper Zeros. Many hackers like using Flipper Zeros because they are more convenient due to their size. 

The Flipper Zero does have infrared technology, so it could be used as a universal remote for televisions. This might be a big concern for football lovers whose teams are getting ready to win the game, and then all of a sudden, the tv shuts off. 

How to stay protected?

Now that we know Flipper Zeros and other NFC grabbers are not as bad as they seem. Here are some additional ways to stay protected.

1. It can be used as a security key. If someone wants to sign in, they would require a flipper zero to be available to sign in as an MFA.

2. Invest in an RFID wallet, sleeves, or V-cards.

3. Pay attention to your surroundings and make sure people are not too close to you when you're locking or unlocking your vehicle. 

Resources:

https://www.dhs.gov/radio-frequency-identification-rfid-what-it#:~:text=policy%20or%20programs.-,Radio%20Frequency%20Identification%20(RFID)%3A%20What%20is%20it%3F,requiring%20a%20line%20of%20sight.