[1] The device is able to read, copy, and emulate RFID and NFC tags, radio remotes, iButtons, and digital access keys.
While harmless uses (like as a remote control for a television, or carbon dioxide sensor) exist, some of the built-in tools have potential criminal uses, including RFID skimming, Bluetooth spamming (spamming a Bluetooth connection, crashing a person's phone), and emulation of RFID chips such as those found in identification badges, using the built-in radio cloner to open garage doors, unlocking cars, and functioning as a wireless BadUSB.
[5] Flipper Zero is designed for interaction with various types of access control systems, radio protocols, RFID, near-field communication (NFC), and infrared signals.
Some actions, such as firmware or user data update, require a connection to a computer or a smartphone with the developer's software installed.
[8] The electronic schematics[9] and firmware[10] of the Flipper Zero project are open sourced under the GNU General Public License.
Flipper Zero is based on a dual-core ARM architecture STM32WB55 microcontroller, which has 256 KB of RAM and 1 MB of Flash storage.
[12] The device allows the Flipper to be used as a game controller or connected to a TV and is based around the Raspberry Pi Pico.
The firmware consists of the following components: User and system data is stored in built-in flash memory, which is based on the LittleFS library.
Flipper Zero has a built-in module that can read, store, and emulate remote controls, allowing it to receive and send radio frequencies between 300 and 928 MHz.
Numerous form factors of this technology are available, including plastic cards, key fobs, tags, wristbands, and animal microchips.
Flipper Zero can read and transmit signals that use infrared light (IR) such as TVs, air conditioners, or audio devices.
The built-in GPIO pins connect to hardware, operate by buttons, send out code, and display messages on the LCD screen.
[13] BadUSB devices have the ability to alter system settings, unlock backdoors, recover data, launch reverse shells, and do any other physical access-based actions.
Commands (the payload) are injected and executed using DuckyScript (the macro scripting language developed as part of the 'USB Rubber Ducky' BadUSB project).
[18] According to the Electronic Frontier Foundation, Anatel has flagged the devices as being a tool for criminal purposes, making the certification process complicated.
[19] In September 2023 the ability to launch Bluetooth Low Energy spam attacks with a Flipper Zero was demonstrated by a security researcher known as 'Techryptic'.
[20] A custom Flipper Zero firmware was developed shortly afterward that could launch spam attacks against Android devices and Microsoft Windows computers.
[20] At the 2023 Midwest FurFest attendees reported severe disruption of Square payment readers and an insulin pump controller crashed due to the BLE spam.
[20][21] In February 2024, Innovation, Science, and Economic Development Canada announced that they had the intention of banning the Flipper Zero and other devices that could be used to clone wireless signals for remote entry in response to a significant increase in auto thefts.