For those involved in the world of cybersecurity, the Flipper Zero is like having a digital Swiss Army knife in your pocket. Thanks to all the features it includes, it has become the favorite toy of many ethical hackers (and also cybercriminals).
One of the most surprising things it can do is function as a BadUSB. And what does that mean? Basically, it can pretend to be a keyboard when you plug it into your computer. That way, it can start typing commands on its own or install programs without you pressing a single key… or even noticing.
But that’s not all. This tiny device, which looks like it came out of a cartoon (some even call it the hacker’s Tamagotchi), can also scan wireless networks, look for vulnerabilities, and show you which devices are connected nearby. It’s like having X-ray vision for Wi-Fi.
In addition, it can clone RFID cards to open automatic doors or access control systems—something you used to only see in spy movies.
The Darker Sides of Flipper Zero
Although Flipper Zero was created with good intentions (to learn, experiment, and improve digital security), not everyone uses it for such noble purposes. Its versatility has also made it a tempting tool for those who prefer to walk on the dark side.
In recent months, alarming reports have started to surface. For example, some criminal groups are allegedly using it to steal high-end cars by manipulating their electronic systems. Yes, just like in the movies—but in real life.
And that’s not all: there are some rather bizarre (and somewhat disturbing) cases, such as people hacking sex toys to alter how they function—without the owners even knowing. There have also been reports of DDoS attacks launched from Flipper Zero, proving that this tiny device has enormous (and dangerous) potential if misused.
But what has truly raised red flags within the tech community and among authorities is a new use that has recently come to light: proximity phishing.
What Is Proximity Phishing?
The idea sounds simple, but it’s quite clever—and dangerous. Some attackers set up a fake WiFi access point using the same name as a trusted public network, like those in a coffee shop, mall, or airport.
Then you, unsuspecting, connect to it thinking it's the legitimate WiFi... and that’s when the trouble starts. Using Flipper Zero along with an accessory called the WiFi Devboard, attackers can spy on your connection, capture passwords, personal information, even banking data, and store it all on the device’s SD card.
But they don’t stop there. Often, once you're connected to their fake network, they redirect you to a spoofed website that perfectly mimics the original (like your bank or social media site). You enter your credentials and—bam!—you hand them over directly to the cybercriminals.
Read more: What is Phishing? Protect Yourself from Digital Deception
How to Avoid Falling Into This Trap
The good news is that there are ways to protect yourself:
-
Avoid connecting to public WiFi networks unless it’s absolutely necessary.
-
If you must connect, use a VPN. This tool encrypts your traffic and makes it much harder for anyone to spy on you.
-
Double-check the exact name of the network. Sometimes fake networks have names that are very similar but not identical. A small change in a letter or symbol can be a giveaway.
-
And if you’re in doubt, use your mobile data instead.
These types of attacks remind us that even if gadgets seem harmless or fun, they can also become digital weapons if they fall into the wrong hands. So be careful about which WiFi network you connect to—and always stay vigilant.
