Tech

EXCLUSIVE: Hacking tool Flipper Zero tracked by intelligence agencies, which fear white nationalists may deploy it against power grid

‘Racially and ethnically motivated violent extremists may seek to exploit the hacking capabilities of a new cyber penetration tester.’

Photo of Mikael Thalen

Mikael Thalen

Flipper portable multi-tool device with circuits around on grey surface

Police departments in major cities have been put on alert over the Flipper Zero hacking tool and expressed concern over its potential use by racially motivated extremists, documents obtained by the Daily Dot show.

Featured Video

In an April 6, 2023 bulletin from the South Dakota Fusion Center (SDFC), which compiles and shares intelligence with law enforcement regarding perceived domestic threats, warnings were given about the possibility of extremist groups seeking to utilize the popular device.

Flipper Zero terrorism concerns

“The NYPD Intelligence and Counterterrorism Bureau (ICB) assesses that racially and ethnically motivated violent extremists (REMVEs) may seek to exploit the hacking capabilities of a new cyber penetration tester, known as the Flipper Zero, in order to bypass access control systems,” the bulletin states.

Advertisement
flipper zero

REMVEs are described as any “loosely organized movement of individuals and groups that espouse some combination of racist, anti-Semitic, xenophobic, Islamophobic, misogynistic, and homophobic ideology,” a report from the Rand Corporation states.

“The majority of REMVE actors are motivated by cultural nationalism or White supremacy—beliefs that Caucasian or ‘Aryan’ peoples represent superior races, and that ‘White culture’ is superior to other cultures,” the report adds.

In the intelligence bulletin, which the Daily Dot obtained through the Freedom of Information Act (FOIA), the NYPD ICB is said to be monitoring discussions of the Flipper Zero on the messaging app Telegram among groups such as “domestic and international hackers, hobbyists, doomsday preppers, and most notably, REMVEs and accelerationists.”

Advertisement

The Flipper Zero is a portable and digital multi-tool that can hack everything from radio protocols to access control systems. The device is capable of cloning RFID cards, such as those used to open hotel rooms, and has been shown to be able to bypass the security on certain brands of electronic safes. While the device is able to perform some impressive feats, its capabilities have also been greatly exaggerated in staged TikTok videos.

While the NYPD ICB admits that it has not observed REMVEs “explicitly discuss the potential for Flipper Zero to be used in attacks,” an interest has reportedly been expressed in using the device to bypass access control systems.

“Users within at least seven REMVE and accelerationist messaging channels have emphasized the utility of the Flipper Zero and expressed interest in purchasing the device,” the bulletin adds. “These conversations occurred in four of the seven channels within a one-month period between November and December of 2022.”

The NYPD ICB’s largest concern appears to be the targeting of power substations by extremist groups, although doubt is expressed that the Flipper Zero would be capable of hacking modern security gates used to protect such infrastructure. White supremacists have been linked to attacks on numerous power substations across the country in recent years.

Advertisement
In Body Image

In remarks to the Daily Dot, Pavel Zhovner, CEO at Flipper Devices, emphasized that the device, at least with its default settings, has been “intentionally limited” to deter certain activities.

“Flipper Zero is a tool designed for hardware geeks and researchers. We have taken multiple precautions and intentionally limited its functionality to the point where it can’t be used against any kind of modern access control system,” Pavel said. “We condemn any nefarious applications. In contrast, we see Flipper Zero as a protective device, enabling researchers to detect and highlight outdated hardware for it to be replaced.”

Pavel further notes that the bulletin, provided to Pavel by the Daily Dot, states that gates at power substations “are not inherently susceptible to Flipper Zero hack” and that “certain older, possibly unencrypted gates and barriers may be more susceptible to radio interceptions.”

Advertisement

Since its release, the Flipper Zero has been met with resistance by some in both the public and private sector. In September, the company had $1.3 million withheld from it by PayPal, who vaguely claimed that Flipper Zero’s account was inconsistent with its user agreement.

In late 2022, Flipper Zero announced that a shipment of 15,000 devices had been seized by U.S. Customs and Border Protection without explanation. The devices would eventually be released.

The Brazilian government also began seizing orders in March after flagging the Flipper Zero as a tool used for criminal purposes. Despite the device containing no illegal hardware and having the same capabilities of other legal devices, the Flipper Zero’s ease-of-use and popularity has made it a target.

The NYPD did not respond to a request for comment from the Daily Dot.

Advertisement
web_crawlr
We crawl the web so you don’t have to.
Sign up for the Daily Dot newsletter to get the best and worst of the internet in your inbox every day.
Sign up now for free

Advertisement
 
The Daily Dot