FlipperZero

The Brazilian National Telecommunications Agency is seizing incoming Flipper Zero purchases due to its alleged use in criminal activity, with purchasers stating that the government agency has rejected all attempts to certify the equipment.

Flipper Zero is a portable multi-function cybersecurity tool that allows pentesters and hacking enthusiasts to tinker with a wide range of hardware by supporting RFID emulation, digital access key cloning, radio communications, NFC, infrared, Bluetooth, and more.

Since it was released, security researchers have demonstrated Flipper Zero's features on social media, showing how it can trigger doorbells, perform replay attacks to open garage doors and unlock cars, and be used as a digital key.

Brazil requiring certification

Multiple people in Brazil who purchased the Flipper Zero hacking tool have reported that their shipments are being redirected to Brazil's telecommunications agency, Anatel, due to a lack of certification with the country's Radio Frequencies department.

This type of seizure is usually associated with compliance with the country's electronic and telecommunications standards for devices emitting radio signals.

Because Flipper Devices INC is not certified in Brazil according to this standard, it's not allowed to circulate freely in the Brazilian market.

Flipper Zero shippment seized by Anatel
Source: Reddit

However, as the Electronic Frontier Foundation (EFF) explains in a recent report and from emails seen by BleepingComputer, the Anatel agency has flagged the device as a tool used for criminal purposes, making its clearance complicated and preventing it from reaching its final destination.

Flipper Zero has gained a reputation from users who showcased its hacking capabilities on social media to perform illegal activities such as unlocking cars, changing gas pump prices, intercepting and storing remote control signals, opening garage doors, and more.

Although the device does not use hardware that is illegal or impossible to find elsewhere, its market success fueled a wave of negative media attention that portrayed it as a risk to society.

The unexpected interceptions of the $169 portable multi-functional tool created for pen-testers and hacking enthusiasts began at the start of the year and are still ensuing.

Buyers from Brazil have been exchanging advice on Reddit in the past couple of months, trying to get their items cleared by Anatel.

A user has posted analytical instructions on applying to Anatel for a personal homologation certificate for Flipper Zero, which should make it usable by the buyer, albeit preventing resells to others in Brazil.

However, many buyers report that the agency has rejected this certification procedure because Flipper Zero is allegedly being used to facilitate crime.

"Anatel's certification area informs that the equipment called FLIPPER ZERO has been used in the country by malicious users in facilitating a crime or criminal misdemeanor and, as provided for in item II of Art. 60 of the Regulation for Conformity Assessment and Homologation of Telecommunications Products (annex to Resolution No. 715, of October 23, 2019), Anatel has rejected all homologation requests for the product in question, in order to collaborate in the protection of Brazilian citizens against criminal actions," reads a letter received by Flipper Zero customers in Brazil.

Anatel concludes the message by saying that the item will be sent back to the post office with the suggestion to return it to the sender.

Anatel rejecting a certification request
Anatel rejecting a certification request
(HiroshiSakamoto1)

EFF argues that the Brazilian authorities outright banning Flipper Zero in the country will limit the security researchers' access to powerful portable cybersecurity tools, harming their work and negatively impacting the field.

"The Flipper Zero has clear uses: penetration testing to facilitate hardening of a home network or organizational infrastructure, hardware research, security research, protocol development, use by radio hobbyists, and many more," argues EFF.

"The creation, possession or distribution of tools related to security research should not be criminalized or otherwise restricted."

Those who purchased the devices from Joomf and have had their Flipper Zero seized have been told they would be reimbursed.

BleepingComputer has requested comment on the above from Anatel and FlipperZero, but we have not heard back by publication time.

Related Articles:

Generative AI Security: Preventing Microsoft Copilot Data Exposure

Varonis Introduces Athena AI to Transform Data Security and Incident Response

How to Mitigate the Impact of Third-Party Breaches

City of Wichita shuts down IT network after ransomware attack

Get ahead in cybersecurity with $145 off a training course bundle