Remote Code Execution Vulnerability in Atom CMS 2.0 (CVE-2022-25487)
February 3, 2023
Mobile Application Penetration Testing Methodology
February 7, 2023
Flipper Zero was first announced in August 2020 through the Kickstarter crowdfunding campaign. Since then, it has created havoc among people because of its features; it’s a multi-functional device for cyber guys.
A portable, multi-purpose gadget, Flipper Zero, was created to communicate with access control systems. Radio-frequency (RFID) tags can be read, copied, and emulated by the device.
It looks like a toy with a cute dolphin on the screen, but this tool has massive potential to do many good and bad things. This tool gives you the feeling of powers like Mr. Robot.
What is Flipper Zero?
Flipper Zero is a small hand-held device designed for all levels of technical expertise looking to explore the world of wireless. Also known as the Swiss army knife for physical penetration testing.
This tool is stuffed with a range of radios and sensors that allow you to intercept and replay signals from keyless entry systems, Internet of Things sensors, garage doors, NFC cards, Car Doors, and virtually any other device that communicates wirelessly in short ranges.
This tool is so small that you can even put it in your pocket, move around, and intercept and replay wireless signals.
Who does Flipper Zero affect?
The Flipper Zero affects a broad class of wireless devices and access control systems, such as:
- Garage Door Remotes
- Boom Barriers
- IoT Sensors
- Remote Keyless Systems
- Car Doors Remotes
- RFC Cards
- NFC
- Bluetooth
- Infrared Sensors
- Others
How Flipper Zero is used and how it’s being exploited in the wild
The Flipper Zero tool is very easy to use because of its small screen and simple GUI, but before starting, you will need it (obviously) and a good quality micro-SD card. If you don’t have one, you won’t be able to use it at full power. The SD card is a database for storing all your information gathered from the wild.
Now you will need the Qflipper app for your flipper to keep your flipper up-to-date with any exploits/attacks. Using this app, you can update the Flipper Zero firmware, upload custom firmware or repair your flipper if something gets corrupted, and it even lets you manage your files.
Now you understand what things are needed to use it, but how to use it to exploit in the wild?
Let’s take an example to understand how to crack a locked safe using an NFC card.
First, click on the middle button between the four arrows then you will get a list of attack vectors. Scroll down to click on NFC > Read. Now place the NFC card near Flipper zero, so it can clone that card. Then press the right arrow and click Save.
After that, enter a name and click Save. Select the name you just entered from the saved list and click Emulating UID. Now place your flipper Zero near the safe, and you will see that the safe will be unlocked.
This is one example of hundreds of attacks that it can perform. But if you want to learn more about different types of attacks, you can visit the Flipper Zero website.
Conclusion
Flipper Zero is a multi-functional tool that is very useful for people who are cyber security engineers, software developers, etc., who want to learn more about the world of wireless. How they work, types of vulnerabilities, and how to exploit them.
This tool is also called a swiss army knife for its functionality because of its compact size and usage. It’s a small tool that allows you to perform attacks from your pocket easily, and it’s so hazardous that if an attacker gets hands-on with this, they can cause real damage to the personnel/organization.
I forgot to mention that updating its firmware can give you more and more attacks to play with, so keep your Flipper Zero updated as new attacks always come and old attacks get obsolete. If you don’t update it, your tool might get outdated, but not so soon.
Remember to use this tool safely, as attacking others can lead you to land in trouble, so practice and learn in safety.
For more information, contact us today.
