Brazil bans flipper zero due to "potential misuse" - Thats what you get when you market a arduino with a nfc reader to zoomers on tik tok

[AN/ALR56]

You may have heard of the Flipper Zero. It’s marketed as a “Portable Multi-tool Device for Geeks”—a programmable portable device packed with hardware that facilitates wireless penetration testing and hacking on the go. The device, which greets its owner with an adorable cyber-dolphin on its monochrome 128x64 pixel screen, is facing problems in Brazil: despite products with similar features being available to Brazilians, the national telecoms regulator Anatel has flagged the Flipper Zero as a device that serves illicit purposes, or facilitates a crime or misdemeanor. As with other radio frequency emitting devices, when the Flipper Zero is shipped to the country, the national post office intercepts and redirects the device to Anatel for certification. Anatel then decided not to certify the equipment, and seize it as a result—not allowing the Flipper Zero to proceed to its final destination.

Maciej Łutczyk, CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0), via Wikimedia Commons


The device itself doesn’t introduce any fundamentally new technologies. All of the hardware—the infrared transceiver, RFID reader/emulator, SDR and Bluetooth LE capabilities—are available in other, perhaps more specialized products. What is novel about the Flipper Zero is its form factor and interface, which make it portable and easy to use in the field.

The Flipper Zero has been called a hacking multi-tool. And like a physical multi-tool, there are no doubt uses of it which would facilitate committing a crime. But also like a physical multi-tool, this is no justification for banning access to the device wholesale. Laws are already in place which criminalize acts of malicious hacking. Banning trade tools will only make security systems more vulnerable by limiting the access of those working to secure these systems. The malicious hacking that concerns Anatel and that Flipper Zero would allow is dependent on systems' vulnerabilities—those are the actual problems that deserve a fix. But we can only patch security flaws once we know they exist, and that's what security research is for.

The Flipper Zero has clear uses: penetration testing to facilitate hardening of a home network or organizational infrastructure, hardware research, security research, protocol development, use by radio hobbyists, and many more. But it is likely its unique UX design that has gained the product its notoriety and garnered it media attention—the latter of which has partially contributed to a negative portrayal of its capabilities as “trouble waiting to happen and a whole lot more.”

It is this notoriety and portrayal that has Anatel focused on it as an illicit device while other hardware remains available in the country. Despite the legitimate uses of a Flipper Zero, Anatel has chosen to focus on the possibility of illegal usage of the device. Banning the device outright will result in tangible harms. Professionals will have access to tools of their trade arbitrarily limited, and (contrary to the stated goal of Anatel) may be unable to develop techniques to mitigate the potential harms done by malicious hackers with the same devices.

The creation, possession or distribution of tools related to security research should not be criminalized or otherwise restricted. As we have explained, drawing on rights recognized by the American Convention on Human Rights, cybersecurity tools are crucial to the practice of defensive security and have legitimate uses, such as identifying and testing practical vulnerabilities. Coding is a protected expressive activity and the use of computer code to examine computer systems and find security flaws is an essential step to get them patched and improve privacy and security for us all.

Denying certification to Flipper Zero doesn't prevent the use of other tools to exploit the same vulnerabilities, as it doesn't stop people from bringing a Flipper Zero from abroad in their bag without having to ship it through the Brazilian border. While Brazilian law forbids the use of radio frequency emitting devices that don't have Anatel's certification, such illegality would hardly deter a malicious hacker. Those with malicious intent would find ways to use the device without having to leave a paper trail. The agency's actions hamper those engaged in security research. We call on the Brazilian authorities to reconsider their decision and allow access to technical trade tools, including the Flipper Zero.

Link/Archive

Honestly,I'm surprised it didn't happen earlier, pray anything you want or need doesn't become "irl watch dogs hacker yo" on tik tok/Twitter.

 

[Shamefur Dispray]

Never heard of Flipper Zero, is that a prequel to Flipper?

 

[Mikoyan]

I played with one around release, they didn't seem all that tremendously useful. I've heard there's cool firmware out now, though. That correct?

The 'phin's fucking adorbs tho.

 

[Pee Cola]

The Flipper Zero looks like an overpriced meme tool. I'm surprised LTT hasn't started selling a rebadged version yet.

 

[Table Country]

I thought Flipper Zero would be some sort of sugarless alternative to the soft drink Flipper.

 

[Lord Cat Tree Stump]

Ditch the stock firmware and the Flipper Zero becomes extremely useful for penetration testing as well as a must have during the apocalypse if you live in an urban area. It its capable of key fob emulation so you can literally steal cars as well as being able to brute force rolling codes (i.e. garage doors). You can roll your own with a HackRF but I have found those modules to be very sensitive.

 

[General Emílio Médici]

Lol. Lmao even.

If they want to ban it that means I need one. Gonna look up what I need to get one. It is after all just a simple SBC with a few bells and whistles.

 

[Susanna]

brute force rolling codes (i.e. garage doors)

It's that easy, huh?
Any canucks around Vancouver got one of these? I know a house full of expensive computers and TVs you can visit.

 

[Lord Cat Tree Stump]

Don’t break the law (it’s legal to listen but generally illegal to transmit to devices you do not own) . The key space is tiny (10 - 12 bits) . These devices were not designed to prevent these attacks as the barrier to conduct them was much higher without access to FPGAs and SDRs.

 

[General Emílio Médici]

Having looked into it, it seems I can pretty much make a Flipper Zero like device with not yet banned stuff off the shelf by assembling it at home. A Arduino board, NFC board, antenna, modulator, a tiny screen and such. The issue is finding the exact components needed and making sure I am gonna be both able to assemble and make them work together. The main reason it would not be just a great value Flipper is that the form factor would be completely wrong and likely the end device would be less tamagochi sized and more "early 90's cellphone" sized. Not that that is much of a issue.

Apparently the Flipper Zero devs got some contracts and deals so the board and screen are made to their order in a big batch so you can't just buy them on the market itself. Interesting.

 

[Mikoyan]

Apparently the Flipper Zero devs got some contracts and deals so the board and screen are made to their order in a big batch so you can't just buy them on the market itself. Interesting.

This is what puzzles me about the project in general. Fully open source... except the hardware. I get it, they have to make money somehow, but it's a little odd.

 

[General Emílio Médici]

It makes some sense. Given the type of product and to who it is marketed/appeals to there is a very big chance anything that could be made by just buying off-the-shelf parts would be simply ignored as people would say "lol just buy parts yourself and put it together" making any possible attempt to even recoup costs much less profit impossible. So they instead went for a semi-open style where you can tinker and keep all the software open source but you can't really make one your own because the hardware is custom, which in turn allowed them to design a fully compact form factor and justify this closing down of the hardware end.

 

[YachieKicchou]

I think the biggest thing is how many failure points there are in the design and how repairable those failure points are. There are plenty of open, modular designs across a field of hobbies and the main worry is identifying the failure points and allowing those to be addressed by the user. I'm not extremely worried about the screen; I expect it to accumulate damage since it's something you're going to be using outside and it'll be jingling around in your pocket. The biggest concern is replacing the PCB and making sure any other part of it can be replaced.
If the product becomes big enough you'll likely see replacement screens start being made. I mainly have to deal with getting custom steel and plexi cut which is easy and I've had plenty of custom PCBs printed. Ideally if a product becomes popular enough, someone will fill in the gaps in repairable failure points themselves.

 

[Mikoyan]

I think the biggest thing is how many failure points there are in the design and how repairable those failure points are. There are plenty of open, modular designs across a field of hobbies and the main worry is identifying the failure points and allowing those to be addressed by the user. I'm not extremely worried about the screen; I expect it to accumulate damage since it's something you're going to be using outside and it'll be jingling around in your pocket. The biggest concern is replacing the PCB and making sure any other part of it can be replaced.
If the product becomes big enough you'll likely see replacement screens start being made. I mainly have to deal with getting custom steel and plexi cut which is easy and I've had plenty of custom PCBs printed. Ideally if a product becomes popular enough, someone will fill in the gaps in repairable failure points themselves.

The thing is chunk as fuck. I wouldn't worry much about screen damage since it's under clear plastic, it's unlikely to pick up damage you can't polish out. Put it in one of the silicone cases they sell and I wouldn't be worried about durability.

 

[khaine]

Ditch the stock firmware and the Flipper Zero becomes extremely useful for penetration testing as well as a must have during the apocalypse if you live in an urban area. It its capable of key fob emulation so you can literally steal cars as well as being able to brute force rolling codes (i.e. garage doors). You can roll your own with a HackRF but I have found those modules to be very sensitive.

Which firmware would you recommend?

 

[Cpt. Stud Beefpile]

Which firmware would you recommend?

Unleashed with the extra pack. Use the web updater, the qFlipper app will unpredicably shit the bed and bluetooth flashing isn't a thing yet IIRC.