Brazil’s National Telecommunications Agency is seizing incoming purchases of Flipper Zero due to its alleged use in criminal activity, with buyers saying the government agency has rejected all attempts to certify the equipment.

Flipper Zero is a multi-function handheld cybersecurity tool that allows pentesters and hacking enthusiasts to tinker with a wide range of hardware by supporting RFID emulation, digital passkey cloning, radio communications, NFC, infrared, Bluetooth, etc.

Since its release, security researchers have demonstrated Flipper Zero’s functionality on social media, showing how it can trigger doorbells, perform replay attacks to open garage doors and unlock cars, and be used as a digital key. .

Brazil requires certification

Several people in Brazil who purchased the Flipper Zero hack tool reported that their shipments were being redirected to the Brazilian telecommunications agency, Anatel, due to a lack of certification with the country’s radio frequency department.

This type of seizure is usually associated with compliance with the country’s electronic and telecommunications standards for devices that emit radio signals.

Because Flipper Devices INC is not certified in Brazil to this standard, it is not allowed to circulate freely in the Brazilian market.

Flipper Zero cargo seized by Anatel
Source: Reddit

However, as the Electronic Frontier Foundation (EFF) explains in a recent report and from emails seen by BleepingComputer, the Anatel agency has flagged the device as a tool used for criminal purposes, which complicates its authorization and prevents it from reaching its final destination.

Flipper Zero has gained a reputation with users who showcased its hacking abilities on social media to perform illegal activities such as unlocking cars, changing gas pump prices, intercepting and storing remote control signals, opening doors garage, etc.

Although the device does not use illegal or impossible-to-find material elsewhere, its success in the market fueled a wave of negative media attention that cast it as a risk to society.

Unexpected interceptions of the $169 handheld multi-tool created for pen-testers and hacking enthusiasts began earlier this year and are still ongoing.

Buyers from Brazil exchanged tips on Reddit for the past two months trying to get their items cleared by Anatel.

A user posted analysis guidelines on Anatel’s request for a personal homologation certificate for Flipper Zero, which should make it usable by the buyer, while preventing resale to others in Brazil.

However, many buyers report that the agency rejected this certification procedure because Flipper Zero is allegedly used to facilitate the crime.

“Anatel’s certification area informs that the equipment called FLIPPER ZERO has been used in the country by malicious users to facilitate a crime or criminal offense and, as provided for in point II of art. 60 of the regulations for conformity assessment and certification of telecommunications products (Annex to Resolution No. 715 of October 23, 2019), Anatel has rejected all applications for certification of the product in question, in order to collaborate in the protection of citizens Brazilians against criminal actions,” reads a letter received by Flipper Zero customers in Brazil.

Anatel concludes the message saying that the shipment will be returned to the post office with the suggestion to return it to the sender.

The EFF argues that Brazilian authorities outright banning Flipper Zero in the country will limit security researchers’ access to powerful portable cybersecurity tools, harming their work and negatively impacting the field.

“The Pinball Zero has clear uses: penetration testing to aid in hardening a home network or organizational infrastructure, hardware research, security research, protocol development, use by radio enthusiasts, and many others.” supports the EFF.

“The creation, possession or distribution of tools related to security research should not be criminalized or otherwise restricted.”

Those who purchased the devices from Joomf and had their Pinball Zero seized were told they would be refunded.

BleepingComputer has requested comment on the above from Anatel and FlipperZero, but we have not heard back at press time.


Source link