Main Donate Github Blog

Locking the Flipper?

Thinking of a simple way to lock the flipper with a simple password using the 5way as a keypad. All it has to do is prevent someone from messing with it if it’s left alone. Or let most passersby think it’s a simple toy. Could come default with the Konami Code or something similar. This way someone cannot simply find it and start making mischief with your unit.

5 Likes

Since the kickstarted campaign is extremely successive (huge congrats!!!) and the bluetooth module is being implemented, maybe another idea would be to have a system so that flipper unlocks when in proximity with owner’s phone? Something similar to the MacID and NearLock IOS apps.

Not sure how much better\more secure\versatile it is than the passcode suggested by Xenastra, but might be a cool feature to have. Regardless, since Flipper will be storing U2F tokens as well as loads of other info that seems pretty important to protect from tinkering with, the password protection is a must.

1 Like

Bonus points again if it can be unlocked with an RFID implant for those that have one. Would be great to have the device useless unless it was tapped against my hand.

1 Like

I would prefer a physical key entry system for it, preferably with a timeout to self-lock it, much like a smartphone. Bluetooth is pretty insecure, and surprisingly long range for what it is. Some of these exploits for Bluetooth what this device is meant to explore.

I don’t think any of the alternative ideas are meant to replace a code system, but everyone has different threat models. For some the convenience of phone unlock might be worth it.

I’d think of it more like Android where you can choose pin, pattern, password, or biometrics. Different ways to lock and unlock would work for most people.

Ah, I see what you’re saying now. I am not denying that a ProxLock like system would be convenient. That could even be exploited in your favor against theft or confiscation. However, that is getting into some serious paranoia, but for some, it may be useful.
I could see it working something like this, you’re playing with it in your hands and someone walks by, snatches it and runs. Upon losing track of the signal in your pocket, it arms a user defined timer, that when it expires, it overwrites all the user memory with zeros. Another way it could work is to pair it to one of those BLE fobs you use to find your keys. Same concept applies.

Another method uses the NFC system and can be used with implants, rings, or whatever has a compatible NFC chip inside. This one is a little more responsibility to maintain, but no less effective. You have to tap the unit every so often, (user-defined timer), and reset it to let it know it’s still in your possession. It could also be used as a security system on a deployment or engagement. Arm the timer at the office or home for a shift. At the end of the shift, if you accidentally lose it, or leave it behind, it locks and doesn’t allow usage until it sees the NFC tag at the office again.

I was thinking more along the lines of just a screen lock like android has (maybe wipe after too many invalid attempts if you have really sensitive data on it)

But you could have different options for what you’d like to be able to unlock it.

So Example 1: Jim doesn’t store sensitive data on his flipper, so you can use his just by pressing the centre button and it wakes up.

Example 2: Jane stores the code to her garage on it, so she uses a ‘Konami code’ style pin to keep her device safe.

Example 3: Frank also stores sensitive data, but doesn’t want to keep entering a pin, so sets up bluetooth unlocking. If it is range of his phone, he can just hit the middle button, but he keeps pin turned on. If it is away from his phone or his phone goes flat, he can enter the code to wake up flipper.

Example 4: I have implants, and I store somewhat sensitive data on it. I don’t want someone to be able to pick it up and use it without me there, so the only way to unlock mine is by scanning my implant. If i don’t press a button every 2 minutes, it locks itself and i need to tap my implant again. Because i can’t leave my implant behind, or it doesnt get a flat battery, i don’t have pin turned on to limit attack surface.

Basically, have each type as a toggle with different options you can use, then people can mix and match depending on their threat model.

I think there is already an answer from the developers on this topic in the Kickstarter discussion:

3 Likes