The Audit - Presented by IT Audit Labs
Brought to you by IT Audit Labs. Trusted cyber security experts and their guests discuss common security threats, threat actor techniques and other industry topics. IT Audit Labs provides organizations with the leverage of a network of partners and specialists suited for your needs.
We are experts at assessing security risk and compliance, while providing administrative and technical controls to improve our clients’ data security. Our threat assessments find the soft spots before the bad guys do, identifying likelihood and impact, while our security control assessments rank the level of maturity relative to the size of the organization.
The Audit - Presented by IT Audit Labs
Decoding Flipper Zero: The Swiss-Army Knife of Hacking Tools
The Audit - Episode 30 - Join us as we speak with cybersecurity expert and hacking hardware enthusiast Cameron Birkland, who introduces us to the world of the Flipper Zero.
The brainchild of a successful Kickstarter campaign in 2020, the Flipper Zero might look cute with its dolphin avatar, but it's a potent tool capable of manipulating control systems like RFID and NFC tags, radio remotes, and digital access keys.
What would you do if your garage door opener could be hacked? Cameron walks us through how this is possible with his own garage door opener.
Don’t forget, if you prefer video, check out every episode of The Audit on our YouTube channel.
You are listening to the audit presented by IT Audit Labs, where we offer a well-designed framework, tailored to your specific security needs, that will reduce organizational risk and improve security posture. I'm Eric Brown, managing partner at IT Audit Labs, joined by security engineer Nick Mellum. Today, we will be speaking with Cameron Berkland to learn more about Flipper Zero, a portable Tamagotchi-like tool developed for interacting or hacking control systems like RFID and NFC tags, radio remotes, eye button and digital access keys. Okay, hey, cam, how you doing? Doing good? Thanks for having me, absolutely so. You and I know each other here. Going back, has it been what? Three years, cam?
Cameron Birkland:Yeah, it's been about three years now.
Eric Brown:Yeah, so Cam and I worked together at a couple of clients and I met Cam there and while Cam was in college as an intern, and then Cam came over and joined us full time at IT Audit Labs. Has it been about four months now, cam, maybe longer?
Cameron Birkland:Yeah, it's been since about May.
Eric Brown:May okay yeah. Awesome. So going on five months and Cam and I are actually headed to Wild West Hack and Fest in South Dakota next month. That'll be fun, really looking forward to that.
Cameron Birkland:Yeah, so I did for that one.
Eric Brown:Yeah, might be fun too to bring the tool we're talking about today, the Flipper.
Cameron Birkland:Oh, definitely so. We're talking about the Flipper Zero today, so this is a powerful little device centered around a friendly dolphin character. So this might be advice that maybe not everybody has heard of, but, as of 2023, it's gained a lot of popularity around the internet, prompting a lot of people with maybe a little interest, or maybe not a lot of knowledge of hacking, whether that's physical or not, to pick one up and dive into it and Cam weren't these hard to come by for quite some time?
Cameron Birkland:Yeah, so I think the supply is getting better, but this was a device that's been constantly out of stock since it gained popularity, so it was actually introduced to Kickstarter in 2020. So that's when they started getting the funding. The first device is shipped in January of 2022. I'd say about this time is when the supply issues are finally coming to an end. I think it really gained popularity in 2023, though. So while it started in 2022, it took about a year for it to really catch on. It was actually banned from sale from Amazon earlier this year, in April, because it's considered a credit card skimming tool. That's because a lot of cards are enabled with NFC, so this can read cards and grab the card number and the expiration date. I can't get that little number on the back, though, because that's not part of the NFC data that's on cards.
Eric Brown:You'd have to socially engineer them to get that, Nick.
Nick Mellum:Cameras available on. Amazon now, or is it still?
Cameron Birkland:I'm not aware of it being available on Amazon.
Nick Mellum:Okay, so you've got it on the website.
Cameron Birkland:Yeah. So you can pretty much get it off of the Flipper Zero website.
Nick Mellum:Sure, I have one in front of me too. Very nice tool. I'm not professional with it like you are.
Cameron Birkland:I don't know if I'd call myself a professional, but yeah, I've had a lot of fun with it.
Nick Mellum:Yeah, absolutely. There's a funny little topic. I got a 3D printer a couple of weeks ago and I was looking at the Flipper Zero and I was on those printables and a bunch of people are making cases and stands and accessories for the Wi-Fi adapter on it. So I thought that was pretty cool that that ecosystem is tapping into security tools like this. So just a fun little fact.
Cameron Birkland:Oh yeah, I actually have one of those attachments that goes right onto it. I don't have a case for it, though that's one thing I would probably do if I had a 3D printer.
Eric Brown:Now you can get one from Nick.
Nick Mellum:Yeah, we can. We'll work on that, can? That actually sounds really fun. So I'm diving into, I guess a little bit For people that don't know what this is. What are a couple of the top items that you use this for? What are you doing with it?
Cameron Birkland:For myself. It's about messing around with those sub gigahertz frequencies, the things that we usually don't have access to. Or there's devices out there that can access those frequencies but they're not so easy to work with, or you have to have a deep technical understanding of all of that in order to use it. So this is like one of the big things I did with it was breaking into my own garage. That's one of those things that the Flipper Zero is able to read the frequencies that the garage door opener operates on. That's one of the most exciting parts of it. That's kind of the thing that hit the news like oh, people are using the Flipper Zero to break into their garages.
Nick Mellum:So it's kind of scary in that sense, right, oh yeah.
Cameron Birkland:Absolutely. For people with older garage door openers. They're absolutely vulnerable to this thing. Obviously, there's a limitation of range. Maybe you might have to be close enough that somebody might see you hiding in the bushes trying to grab their signal. But that's not to say that you can't extend the range of it one way or another.
Nick Mellum:Oh, sure Is that. Maybe like an attachment, there's a range extender.
Cameron Birkland:Oh cool, Exactly. Well, I mean, look at the antenna on this thing.
Eric Brown:Yeah, no absolutely.
Cameron Birkland:This operates on 2.4 gigahertz, so it's not going to be looking at the garage door opener aspect of it.
Nick Mellum:So I guess that's where the social engineering aspect would come in. You dress up as an Amazon driver or something like that and you wait for them to open their garage door. Oh, I was just going to your front door. Here's your package, you know, and you're getting to go under the garage door. Frequency there Exactly.
Eric Brown:It used to be that garage door openers 20 some years ago, I think, even longer they didn't have very good security in them where they didn't have the changing codes. Nowadays I think they do. Is this able to bypass even the garage door openers that do change codes?
Cameron Birkland:Yep, so the really old garage door openers. You have little dip switches on the opener and the remote to set the code that you would be communicating on. That's obviously cracked. You can just figure out what code they're using with the Flipper Zero, just brute force it. But now for the rolling codes, the more modern ones. The Flipper Zero can be programmed with how much the code increments each time, and so that's how it opened my garage door opener, because it captures the code off of the remote and then it knows how much it's going to increment each time. So, like, if I capture the code, use the garage door a few times with the remote, I'll have to press the button on the Flipper Zero a few times so that the code catches up with where it's at.
Eric Brown:So presumably that communication between the remote and the garage door opener isn't encrypted?
Cameron Birkland:No, it is. It's not really. It's just a rolling code. So ideally somebody wouldn't be able to capture the code and just replay it to open the garage door as often as they want. But if you know how much that code increments each time you press the button, then it's essentially cracked.
Eric Brown:What other security bypass areas can it be used for?
Cameron Birkland:Well, and this is one of the fun parts of the Flipper Zero, you know just all the different antennas, the different things you can do with it. One thing you can do is use it as a USB keyboard. So you know, we've probably all heard of the rubber ducky. Well, the Flipper Zero, with its USB port on the side here, can do essentially the same thing as a rubber ducky and they've made it so that it actually runs ducky script. So if you want to throw a rubber ducky script on this thing and use it like a rubber ducky, you absolutely can.
Eric Brown:And just to refresh our memory, what does the rubber ducky do?
Cameron Birkland:So the rubber ducky, looks kind of like a flash drive. I don't have one out right now but it looks like a flash drive. But it, you know, to the computer it appears as a keyboard and it can just use keystrokes to interact with the computer. So you plug the rubber ducky in and as fast as it possibly can just run keystrokes and run things, so like you could have it run a PowerShell script that it types out for you. And that's just because the computer thinks that it's a keyboard. It thinks that somebody entering keystrokes into the computer and that's a hack.
Eric Brown:five tool, I believe H-A-K-A-5.
Cameron Birkland:Yep, and this, actually the Flipper Zero, can extend that functionality a little bit to Bluetooth so you can get Bluetooth, you can get a Bluetooth connection with this thing and then use the keyboard that way, oh that was that was my question is how are you using the keyboard with it so that that answers that?
Nick Mellum:Are we Cameron? So, like I know, you're using it? There's a lot, probably a lot, of nefarious ways to be using this. Obviously, as we were just talking, have you come across or thought about any, like you know, white hat hackers, how to use this for good, or like penetration testing, or what are your thoughts there?
Cameron Birkland:Well, absolutely. So. You know what? I guess, when it comes to devices like this, it kind of comes with the territory. You know, there's so many good things you can do and so many bad things as well. It's really up to the individual who owns it to see what they can do with it or, you know, determine what they want to do with it. So you know, somebody could use this to maybe get into a parking lot, like, maybe they're hired by the company to see whether they're able to get in. Well, that's a white hat application, but at the same time, somebody can use it to break into a parking lot and get parking for free.
Eric Brown:So a friend of mine works for one of the three letter agencies where they have to go around and chase around bad people and one of the things that he's mentioned in his agency car he has the ability to go into different parking garages and it just opens up the gate automatically for them so they can go in if they, you know, need to pursue somebody. They're not fiddling around getting a card or whatever. It is right to get in. So would the rubber ducky have the ability to copy that, that code somehow, that communication between the thing in his vehicle and the parking garage? Because if it is, we're gonna go over to his house this weekend with that rubber ducky and we're all getting into the garage free next week.
Cameron Birkland:Yeah, so with the flipper zero, I guess it it all depends on what frequencies they're using and what protocols that it's operating on, right so like, if it's a, if it's a very modern protocol, the flipper zero is probably not going to be able to get into that. But if it's older, you know, even maybe early 2010s, early 2000s this can probably capture it and replay it as much as you want.
Eric Brown:Have you done any research on some of the other things that people are doing, and maybe it's kind of in that gray area of the taking over of the construction signs or changing Gas pump prices, different things like that? That might be kind of interesting that you know. Maybe you've not Tested personally, but have read about.
Cameron Birkland:Oh, so, absolutely so. You know, in our in in the modern day, a lot of things operate on the frequencies that the flipper zero can look at. You know, I just running down a list car key fobs, you know, like smart lighting, sometimes you have smart light bulbs that maybe have a little remote that it's operated with. You know, wireless doorbells, gates, so that kind of falls under the same as garage door openers. It, the flipper zero, also has the ability to read proximity cards.
Cameron Birkland:You know I did, and not necessarily every single protocol, like I won't say that it's cracked everything, but if somebody's using an older card, the flipper zero has it, definitely has the ability to copy that. And you know I could go over every protocol. There's quite a few actually. But you know some of the other things that use RFID Might be, you know, sometimes wristbands, people have RFID chips in them to get access to things. Some transit passes use RFID pet microchips as well. So in some cases the flipper zero you can put it wherever the microchip is on your pet and it can read the name.
Eric Brown:So, nick, do you have all of your cats chipped? I wonder if you could do something with the, the cats a microchip, or dogs microchip, where if you had a pet door, you could almost create kind of like a Pet door opener, like a garage door opener where it's locked, but then when the pet approaches and it reads their microchip, then then it would let them in and maybe the, the microchip and the pet is Not transmitting it out at a far enough frequency for that to work, but kind of a cool concept to make those a little bit more secure so you don't have the home alone scenario where the, the malicious actors, coming in through the pet door.
Cameron Birkland:Yeah, and, and I've seen Devices like those. Actually they have collars that you can use to do Exactly what you mentioned, but I'm sure the flipper zero Probably operates on the same frequency as those devices and you could probably emulate them.
Eric Brown:Nick, when you were doing some of the physical pen tests before into I think it was a Hospital that you had been working on where you were able to clone the frequency from from a Distance, to clone the card to get into the secure areas, was that? Do you? Do you recall anything about how you had done that?
Nick Mellum:Yes, we Basically. Well, we could turn this into a whole nother episode, probably, but what we did was basically reverse engineer one of the HID, the carburetor's like on the wall, so we put that and put it on a battery pack and put it in a backpack and we Me and my partner walked around the hospital and pretend to bump into people in the lunchroom or go around and, you know, catch the badges. It turns out we got about 12 of them and one of them happened to be a Maintenance worker, so that generally means keys of the kingdom, and we were in so real quickly on that. That was.
Nick Mellum:That was a fun one, but the the flipper zero would be lights out for that kind of a Situation camera you had mentioned. This is like the Swiss Army knife right tool, so you're listing off all these different things that it can do Is can it do that right out of the box or do you need to Download different tools for it or software, and maybe you're getting to that.
Cameron Birkland:Yeah, so I'll actually just mention really quick the. The primary features of the flipper zero are the sub one gigahertz transceiver right, that's where a lot of that garage or opener parking ramp stuff comes in the RFID, 125 kilohertz, that's for those proximity tags, nfc so you know we use NFC for a lot of different things nowadays. It has Bluetooth. It has an infrared transceiver, which is something that we haven't quite touched on, but it has the ability to clone and and emulate like TV remote, so you can go somewhere and mess with TVs if you wanted to, or Generally, anything that operates using infrared. It also has the ability to read and clone eye buttons. A lot of people probably haven't heard of eye buttons. Those are little coin cell size devices that Store a little chunk of data and are usually used, you know, maybe to access a building, or they can be used to as like a license key for software, like a physical hardware license key. One other thing the flipper zero has is u2f, so that's universal second factor. So the flipper zero does have the ability to be used as a security key, kind of like a uB key. The difference, though, is that the flipper zero is all software based, so they wrote the u2f software, whereas, like, a uB key is hardware based. So For the highest level of security, it's not recommended to use the Flipper Zero as a security key, but the ability to do it is there.
Cameron Birkland:One of the best features of the Flipper Zero is actually the GPIO. So that's where attachments like this one can come in. That's where you can extend the capability of the Flipper Zero beyond what's just built in. The GPIO allows you to do just about anything you want with it. It can be kind of used like a Raspberry Pi where you can build projects with it. You can mess with things. It's pretty fun.
Nick Mellum:So it's really open source. People are always creating new ways to use this.
Cameron Birkland:Absolutely, and that's kind of where the firmware comes in in this actually. So the firmware is obviously completely open source. You have the ability to remove the firmware, write your own firmware, install other people's firmware. I just wanted to mention a few custom firmware options. Of course, one of them I'm using. So the most popular ones that I know of are Unleashed, rogue, master, flipper Extreme. These are all built by different people. They all have different features in them, right up to the developer to decide what they want to put in the firmware.
Cameron Birkland:But these extend the capability of the Flipper Zero by removing regional restrictions on the Flipper Zero. So you can imagine the local governments aren't too happy about this device, so the manufacturer has to sort of dumb it down a little bit to make sure that people aren't using it for nefarious purposes. But by installing these custom firmwares you're completely removing those restrictions. And one important thing to note is that these firmwares also allow you to capture those rolling code protocols, like with garage door openers. So by default, obviously, when you get this right out of the box, it's not going to let you just open somebody's garage door. It has the capability to do that, but in order to help get the device through. You know, maybe governments and things like that they're going to restrict your ability to do that. And one other thing this comes with with the custom firmware are extra apps, games, plugins, things that you can do with this that you aren't able to do out of the box.
Eric Brown:Which one do you use, cameron, or have you tried them all?
Cameron Birkland:Yeah, the firmware I'm using is the Flipper Extreme. I've also used the Unleashed, but sometimes, when I'm messing with certain things, you have to install a certain firmware because those have the plugins or the apps that you're looking for. I'll be doing a few demonstrations here, and on each of these demonstrations I'm using a different firmware, because not every firmware has the ability to do the things I'm looking to do with it.
Nick Mellum:So there's not like one rules them all. You have to use each one for different abilities.
Cameron Birkland:That's kind of the way it ends up working, and I think as time goes on, you know each firmware is adding different features. Maybe one will come out on top, sort of like this firmware has everything. But generally everybody's got different goals when they're building their firmwares, so it's just dependent on what you're doing, like what firmware has the features that you need.
Nick Mellum:I'm looking forward to seeing these demos.
Cameron Birkland:Absolutely. So, yeah, this seems like as good of a time as any. So I want to run through how I got my garage door open with it. So, starting off here, you see, I have the garage door remote as well as the Flipper Zero. So what I'm running here is the frequency analyzer. So this was just telling me what frequency the remote is operating on. So you know, the first thing you need to know is like what frequency do I need to be monitoring in order for the Flipper Zero to capture it? And now that I know the frequency, I can go ahead and set it. And now it's scanning, so I press the garage door button, instantly captures it, and so with that I can go and save it on the Flipper Zero and the Flipper Zero will be able to increment the rolling code.
Nick Mellum:So for our audio listeners, here, cameron has his Flipper Zero and then the one button garage door opener. Here, I believe it's just a chamber link and he's syncing the two, getting the code. Cameron, you can probably explain it better than me, but we're seeing it in action here that he's going to actually open the garage door with it now.
Cameron Birkland:Yep, I've saved it. And now that has the code saved, it knows what protocol it's operating off of it's security plus 1.0 on 315 megahertz. So now that I've captured it, it's as easy as pressing the button.
Eric Brown:It looked like it also knew what button on the remote was being opened. It said like it was a two button and it was middle.
Cameron Birkland:So yeah, I'm you know that might be as more of the intricacies of the protocol, but yeah, it's, you know, up to someone who's done the research into the protocol and has a deep understanding of it, the Flipper Zero has, you know, all of those capabilities programmed into it.
Nick Mellum:So it did successfully open the garage door. That seems like a very alarmingly easy process.
Cameron Birkland:It is, and that's the whole thing about the Flipper Zero. Right Like before, there's devices out there that can do that other than the Flipper Zero, but it's not just like a you know plug and play kind of thing. Exactly Like you couldn't just install a piece of firmware on it and suddenly have the ability to do it right. Like you had to have a knowledge of like. How do I, how do these frequencies work? What are the protocols that this thing is operating on? And the Flipper Zero does all of that automatically.
Nick Mellum:So I guess we're just going to assume that everybody that has a Flipper Zero is only using this for good.
Cameron Birkland:Exactly so I have another demonstration that I'd like to do. So this kind of goes into that bad keyboard thing with being able to have the computer think that the Flipper Zero is a keyboard. This is one of the additional capabilities of the Flipper Zero, using custom firmware. I believe it's extreme. It gives you the ability to do the bad keyboard over Bluetooth. So this is like the rubber ducky. We might have gone over this before, but this is over Bluetooth rather than USB, so it's completely wireless. The only thing you need to do is get somebody to connect to it. So I'll show here In the Flipper Zero it has storage on an SD card.
Cameron Birkland:You can store all the scripts that you want to use. So on this particular firmware, all I have to do is select the script I'm looking to run, as well as the protocol, and in this case I'm going to be using Bluetooth. So now I've got the Flipper Zero running. All I have to do is go on my computer, go to Bluetooth and hit connect and once it's connected, just hit start and, as you can see, it starts running. Through this, this script is just a like Hello World type of script. So the flipper zero just opens up.
Cameron Birkland:Run on windows, enters in notepad, hits enter and then starts typing stuff into notepad. But, as you might be able to imagine, this is as wide open as a keyboard. Anything you can do with the keyboard, you can do with these scripts. So you want to run PowerShell scripts, you can do that. You want to type out a PowerShell script, save it and run it? You can absolutely do that. And I'd say the advantage of using Bluetooth over USB is that it's actually faster, so this thing can run faster than a rubber ducky can.
Nick Mellum:Oh my gosh, cameron, do you have any examples of how this has been used in cyber attacks? That, or have you seen, seen it in the news or in action at all?
Cameron Birkland:So for if we're talking this particular feature I haven't, but, but so you can imagine like anywhere a rubber ducky would be used. This could be used. And one thing that's important to note is that you can rename the Bluetooth device Right. So when you go to do an attack on somebody, you could name the flipper zero like Bose headset, and somebody who's looking to connect their Bose headset to their computer might be like OK, click on it, boom, you're connected. Now you can run your scripts over Bluetooth and you don't have to be anywhere near the computer, just as long as you're within range of the Bluetooth.
Eric Brown:Wow, I could really see that on an airplane, when people are connecting their their headsets, maybe their laptop, to listen to some music or do a little work, that could be a pretty good attack.
Cameron Birkland:Absolutely. That would be a great place for it, actually, because there's going to be Bluetooth enabled devices everywhere and I'm sure with the flippers zero you could reach pretty much every single one on the plane. And no guarantees. The flipper zero will be on hand, I'll say that much. And this actually leads in well to the next demonstration.
Cameron Birkland:So the newest piece news that came out about the flipper zero is actually the iOS Bluetooth low energy vulnerability. So this isn't so much of maybe like a huge security vulnerability as it is like a denial of service attack. It's just something that Apple, I guess, didn't account for when they set up these protocols. So, moving ahead here, you can see I'm putting the iPhone in airplane mode first. This is to demonstrate that you can actually perform this attack in airplane mode, and that's because, by default, the iPhone doesn't shut off Bluetooth completely when you put it in airplane mode, so the Bluetooth stays on and it still stays vulnerable to this attack. And so with the iPhone in airplane mode on the extreme firmware, it's as easy as going into the apps list on the flipper zero and hitting start, and all of a sudden you're being spammed with all of these messages and they just keep popping up and popping up. You can't get them to go away. You can't even use the phone while this is going on because they just keep popping up over and over again.
Cameron Birkland:So that's where it's a denial of service attack and this splits off into actually two separate areas. So there's the pairing requests as well as the actions for this. So you might have seen them pop up there before. It's like do you want to transfer a phone number? Do you want to set up this Apple TV? Those are examples of actions and those are things that can only be ran once while the phone is unlocked. So when you run actions, you won't be able to do it again until they lock the phone and unlock it. But pair requests, on the other hand, they can be ran an infinite number of times. So these will just keep popping up over and over and over again and in this case it says not your AirPods, not your AirPods Max. That's coded into the app. So if you had some knowledge of how to mess with those kind of things, you could definitely set the name to somebody's AirPods or somebody's Beats headphones.
Nick Mellum:Another good one for an airplane.
Cameron Birkland:Absolutely so. That's actually one that'll annoy a lot of people because I don't know the range of it. It's not huge because it's Bluetooth, low energy but anybody in the immediate vicinity of you is going to be very upset. They're not going to be able to use their iPhones while that's going on.
Nick Mellum:So when it's actually happening, cameron, can it only do it to one phone at a single time, or is it every Bluetooth device right in its proximity?
Cameron Birkland:Yep. So it's just, it's putting out that signal everywhere and every iPhone iOS device is going to pick it up, and that's how they operate by default. You can turn off the Bluetooth If you go into the settings. Turn off the Bluetooth. You're not going to see that, but you know, when you get a brand new iPhone, you set it up, Bluetooth is going to be on and most people aren't going to mess with that. Like you know, even if you put your phone in airplane mode to be on a plane, Bluetooth is still on, so you can do this while you're up in the air.
Eric Brown:Cam, you and I are taking different flights over to Wild West.
Nick Mellum:All right, that leads us into a good question. You know, if you are, if, since we know about this stuff, right, we're all security professionals here to the listener, that's not. You know, what can you do to protect yourself against this? Right? You're taking a flight tomorrow. You know what are you going to tell your family member to do because you know about these items.
Cameron Birkland:So the unfortunate thing is that you know this is how Apple has iOS set up. So as far as like the proximity pairs go, there's not much you can do about it. Like, if you're, if you're using Bluetooth headphones, you've got to have Bluetooth on.
Nick Mellum:Right.
Cameron Birkland:It's too bad, but if you're not using Bluetooth devices, then definitely have Bluetooth shut off. That that'll keep you from getting annoyed by this. And and one important thing to add is, this is not a compromise of security for iOS. Like it's not. It's not imitating that, it's some other device. It's not actually able to make a connection with the device. It's just really annoying because it can just keep popping up those little notifications. You know, connect to these earbuds, connect to these headphones, connect to this and that, and the Flipper Zero is just able to cycle through them at lightning speed. You know, boom, boom, boom, boom, boom. Send them out in every direction to every phone that can receive it.
Eric Brown:And you said it could only do it once, each time that the phone was powered on right.
Cameron Birkland:As for the actions part of it, so there's certain there's kind of two categories there's actions and there's proximity pairs. So actions is like things like you know, you want to connect to this Apple TV, you want to connect to or do you want to transfer a phone number over to a new phone. Those are the type of popups that can only happen once, whereas proximity pairs those are, you know, headphones, other Bluetooth devices those can happen in an infinite number of times. There's nothing you can do to stop them.
Eric Brown:You can do that a little bit with the photo sharing. I believe on an iPhone It'll look for other Apple devices in the vicinity and then you can share a photo with those devices. Makes it easy to transfer between, say, an iPhone and a Mac computer. But I've seen it in at conferences before where people share maybe unwanted cat pics with other folks in the vicinity and that's kind of annoying as well. So this kind of seems like that, but to the extreme.
Cameron Birkland:Oh, absolutely. So. This is along the exact same lines, because it's a. You know, it's one of those things that's meant for ease of use. Like you want to be able to just turn your headphones on, brand new out of the box, and boom, right there on your phone connect. You don't have to do anything extra. Well, that's the trade off. Like, so now, anytime you send out this, you know Bluetooth signal, every phone's going to pick it up, thinking that there's a new device out of the box, and that's how Apple has it set up.
Nick Mellum:So it sounds like you know we're talking about. You know other ways to protect ourselves and mitigate the risk from this. Unless I'm missing something here. Our hands are somewhat tied because the only pieces here is education from, like a social engineering aspect of somebody's in the bushes next year how it's trying to get your garage code or something of the nature. Right it's, we know it's relatively harmless here. It's just a pain in the butt that you keep getting these notifications. But from an actual security standpoint, it sounds like our only mitigating factor is look out for the guy you know, or gal, whoever's using this you know, creeping around your office space or wherever, trying to get those codes. Cameron, is that? Is that true, or is there other ways that we can look to mitigate the risk?
Cameron Birkland:Yeah, so obviously there's. You know, like in the case of garage door openers, some are going to be better than others, right, like some. Maybe some that are even on the shelf are going to be using older protocols, and it's really a matter of like with your existing garage door opener. You just have to understand what it is and is it vulnerable to these things and don't consider your garage a safe place anymore. If it is, you know like, you have to keep in mind that somebody could have one of these devices and grab it. The likelihood of that happening is maybe, you know, sort of small, especially if you can visually see the area around your garage, but it's one of those things that I guess, without maybe replacing your entire garage door opener and buying a new one that uses a protocol that's not cracked, there's not a ton that you can do, honestly.
Nick Mellum:Yeah, it's a little worrisome because I think about most of our newer vehicles now. Right, they're using this similar technology to enter and exit that vehicle or lock and unlock. So I'm thinking you're at a gas station and a bad actor is getting that code when you come back right and then maybe you follow them home or you come back in a later that night and you take the vehicle right. We've seen it used that way with air tags, the track of vehicle home. Well, if this can be used as a car key, it is pretty alarming what you can do with this. So it's almost gonna be up to the auto industry too to figure out other ways to lock and unlock, but we're so ingrained in what we're doing.
Eric Brown:Some of the things that you could do. And I saw Cam. You were using a Chamberlain remote and I believe some of the newer Chamberlains have a camera built into them. And of course there's third party cameras as well. They've got a built-in camera and mic. But you can set those alerts to get a notification on your phone, on your watch, anytime the garage door is opened, and it could also share a picture. So that way, nick, if there anytime the door opened, you'd get an alert. If that happens a lot, you might get alert fatigue, but at least you could see what was going on there Historically, you'd have a record of what happened and then potentially you'd have the video evidence as well. And if your home is protected by Smith and Wesson, then that might deter some would-be adversaries. Beware of dog sign. I think a 44 is better than a dog, but we could agree to disagree, I agree.
Nick Mellum:I'm with you on that one. And one other thing that's coming up as we're going through this is hotel keys. Right, you check in your hotel and somebody's swiping the code and then they can get into the room. Is there any other uses that you're seeing or hearing about like that?
Cameron Birkland:Well, absolutely so as far as hotel rooms. As long as it's using the right frequency, the Flipper Zero is gonna be able to grab that. If there's any level of encryption on it, of course that's gonna need to be cracked, but I have a feeling that in some cases they're probably not going to be that great. But just on the idea of RFID. So one of the reason why this was banned off of Amazon is because it was considered a credit card scammer and it technically is right, because credit cards just have the number and the expiration date stored in an RFID chip inside of them. If you're trying to use it like online, it's not quite enough information to do anything with, because it doesn't have that three digit code on the back for you to be able to actually use the card, but it does get the vast majority of information right off of it.
Eric Brown:Just trying to remember the Darknet Diaries episode that talked about the individual who was playing online poker and was staying at a hotel and his room was broken into a few times and they tinkered with his computer and I forget the full details of the episode, but it sounded like it was a nation state attack. And this just seems to me a camera, in that the tools now that are making their way into the marketplace are the tools that nation state actors had for, if not decades, at least a half a decade worth of time, but now they're relatively available to the general public. So I wonder what tools the nation state actors are playing with that we haven't yet seen, but will maybe in a couple of years.
Cameron Birkland:Oh, definitely so I wouldn't. You know, the Flipper Zero is one of those devices that takes all of those you know different tools that they've been using for so long and just puts them in a compact, easy to use package. So obviously it's a little dumb down, like it's not going to be as advanced or have as many capabilities as these super advanced, highly technical, you know tools that are being used by highly knowledgeable people. But it puts some really strong capabilities into people's hands and I will be interested to see, like maybe there'll be a Flipper One someday Like what capabilities will that add? You know, it's very possible that we could see some additional things added to it that make it even more powerful.
Nick Mellum:But it sounds like a lot of that stuff could be added through firmware. No, Absolutely.
Cameron Birkland:So just working with the hardware that the Flipper Zero already has on it I mean, your capabilities are pretty much unlimited as far as like working with the frequencies and things the Flipper Zero has the ability to read that stuff and then gives you the ability to do whatever you'd like with it. Like you know, the nice thing about this is it's all one platform, right, that you're interacting with all of these different things. So you're developing apps, you're developing firmware, you know anything you can do with this?
Eric Brown:sorry, Cameron, it was great having you on today. Thanks for hanging out with us on the audit, and certainly, nick, I always appreciate you being here as well. But great topic, cameron, and we look forward to future conversations about the Flipper.
Cameron Birkland:Thanks for having me. It's been a lot of fun.
Eric Brown:In the current technology landscape, managing risk, among other operations, can be incredibly challenging. Let IT audit labs experts provide a detailed, thorough examination in preparation for your upcoming audit. Contact us to learn more Thanks to our producer, joshua J Schmidt, and our audio video editor, cameron Troy Hill. Thank you for your time. Herox website.