|
|
It’s Never Been Easier to Clone a Key Fob
Covering AI security, infrastructure, and geopolitical risk.
|
|
This week, I learned what a Flipper Zero is. I had never heard of this before. It's a small, handheld electronic device that can basically hack a bunch of signals you'd encounter out in the real world on an everyday basis. People talk about it like a Swiss army knife for hacking wireless signals and access systems.
|
|
|
Flipper Zero. Photo: Turbospok / Wikimedia Commons (CC BY-SA 4.0)
|
|
Among other capabilities, the device can listen to sub-GHz radio signals, record them, and copy them. These are the radio waves used by gadgets like garage door openers and car key fobs. A Flipper Zero, in close proximity to one of those devices, could essentially copy it — at least for older systems that use static signals rather than rolling codes, which remains the case for many vehicles and devices still in use. Likewise for RFID and NFC cards, as well as remote controls for TVs and sound systems – it can hack and replicate those signals, too, so you could use it to change the channel in your dentist’s waiting room, if you want.
It also has more sophisticated capabilities. It has “General Purpose Input/Output” (GPIO) pins that allow it to plug into a range of electronic circuit boards, and it has Bluetooth and USB connectivity, too, allowing it to connect to computers and phones.
In retrospect, I’m a bit surprised that I hadn’t heard about this earlier in my journalistic career, having spent quite a bit of time intersecting with the access control space. But I heard about the Flipper Zero this week because of a new AI connection. A well-known (and very entertaining) AI hacker calling himself “Pliny the Liberator” has developed a new AI wrapper for the Flipper Zero that he calls Vesper. Essentially, it allows a Flipper Zero user to control their device with natural voice commands that any AI chatbot could understand, via a paired mobile Android app.
That makes the average Flipper Zero user a bit more dangerous. As Pliny explained in a post announcing Vesper, “the Flipper Zero is already the most versatile hardware hacking tool ever made. but its menus are tedious, and its full potential is locked behind protocol knowledge most people don’t have. VESPER removes that friction.”
Pliny is – at least ostensibly – a white hat hacker. He’s very open about his hacking, which is usually done against generative AI models, because he positions himself as a Red Team expert who can help the big AI labs see how their technology can be used. And he really takes pride in his work:
|
|
“clone that garage door signal and replay it” → done
“set up an evil portal on the WiFi dev board” → done
“create a BadUSB script that opens a reverse shell” → done
“build me a custom RF waveform at 433MHz” → done
“scan everything on this frequency and save it” → done
— Pliny the Liberator (@elder_plinius)
|
|
|
It’s worth reading his post in full, but I’ll highlight a couple of things that jumped out at me. Here’s one: Pliny says you can “generate BadUSB scripts on the fly.” This means making your Flipper Zero impersonate a keyboard when you plug it into a computer. From there it can start interfacing with the computer’s CLI (its foundational user interface for coders and nerds), where it could, in theory, wreak havoc, though there are still certain security measures that most modern computers will have in place as layers of defense.
Pliny also notes that there is a “Flipper App Hub” through which users can “browse and download existing community tools, signals, and payloads, and give your agent access to use them on demand.” That suggests there could soon be a community of users making custom hacking tools and sharing them with other enthusiasts.
I want to be clear that there are limits to how far this can go. A lot of signals are encrypted these days. The Flipper Zero is seen by many as a security tool that lets professionals easily access a lot of electronic gadgets. But… in Canada, where I live, the federal government announced plans to ban its sale a couple of years ago amid a wave of car thefts. It’s a sword that cuts both ways.
The bigger takeaway, of course, is the application of AI onto this hacking device. It’s very suggestive of where things are headed. AI is, to a considerable degree, a democratizing tool – the economist Tyler Cowen, for example, has observed that it offers pretty cheap access to serious medical and legal advice to everyday users, not to mention a rich education across a range of fields. It clearly can also democratize the kind of expertise one needs to become a hacker of everyday devices and systems. Or at least someone play-acting as one.
By the way, if any readers would like to send me a Flipper Zero, please don’t hesitate to reach out. I’ll give you a shoutout in my next newsletter.
|
|
|
|
Alex Perala
Editor, Control Plane
|
|
Subscribe to Control Plane
|
|
Control Plane
AI security, infrastructure, and geopolitical risk.
© 2026 Verse Studio. All rights reserved.
|
|
|
