You may have stumbled across the Flipper Zero hacking device that’s been doing the rounds. The company, which started in Russia in 2020, left the country at the start of the war and moved on since then. It claims it no longer has ties to Russia and that it is on track to sell $80 million worth of its products this year after selling almost $5 million worth as Kickstarter preorders — and it claims it sold $25 million worth of the devices last year.
So what are they selling? Flipper Zero is a “portable gamified multi-tool” aimed at everyone with an interest in cybersecurity, whether as a penetration tester, curious nerd or student — or with more nefarious purposes. The tool includes a bunch of ways to manipulate the world around you, including wireless devices (think garage openers), RFID card systems, remote keyless systems, key fobs, entry to barriers, etc. Basically, you can program it to emulate a bunch of different lock systems.
The system really works, too — I’m not much of a hacker, but I’ve been able to open garages, activate elevators and open other locking systems that should be way beyond my hacking skill level. On the one hand, it’s an interesting toy to experiment with, which highlights how insecure much of the world around us actually is. On the other hand, I’m curious if it’s a great idea to have 300,000+ hacking devices out in the wild that make it easy to capture car key signals and gate openers and then use them to open said apertures (including Tesla charge ports, for some bizarre reason).
My limit to how much I’ve been able to play with it has been pretty simple: The device wants a software update, but I’m too paranoid to plug any USB device into my computer at the best of times. A device that was shipped to me from Moscow, that is literally made for hacking? Yeah, that’s only going into an air-gapped computer, and I haven’t got one of those to spare. It turns out that it is possible to update the device from an iOS mobile app, so I might have to try that next. The company also points out that the firmware is open source, and can be inspected by anyone.
I can only imagine it’s been a challenging journey to build this startup while there’s a war and a ton of sanctions going on — but the company has found a way around that. It said in an Instagram post that “Current events will not affect the Flipper Zero production in any way, and all ordered devices will be shipped to backers and those who have pre-ordered, though there may be delays for customers from the CIS countries [the Commonwealth of Independent States] due to logistics disruptions in the region.”
As a company, Flipper Devices made a statement that its team “consists of both Ukrainians and Russians,” and speaks out, saying it is “radically against the ongoing ‘special military operation’ and none of our team members support it.”
Correction: A company spokesperson clarified that the company is not Russian. He cites that its CEO is Ukrainian, and that more than 10% of the team members are Ukrainian. He further clarifies that Flipper Devices is a distributed company that is building out its HQ in London. It also states that “Flipper Devices don’t ship devices to Russia, don’t hire in Russia and worked to move away all of their employees out of Russia. Since some of their employees have Russian passports, they might go there to visit their family or for other personal matters.”
Update: I updated the article above with the note that you don’t have to plug the device in using USB to update it — it can be updated using an iOS app.