Signals Defense With Faraday Bags & Flipper Zero
There are situations where it is desired to block signals between devices. Commonly scenarios are when traveling, in a location of uncertain safety, or otherwise concerned with data privacy and geolocation. I was curious how well a faraday bags and similar products protected wireless communications. A more common purchase these days are wallets that can help to protect against RFID skimming of credit card data [1].
Here were the scenarios tested using some faraday bags (Haftigts) [2] and in some cases a Flipper Zero [3]:
| Wireless Communications | Scenario / Device |
|---|---|
| 125 kHz RFID | HID proximity card, read with Flipper Zero [4] HID proximity fob, read with Flipper Zero |
| NFC | Credit Card, read with Flipper Zero [5] |
| Bluetooth | Phone in bag and bluetooth earbuds |
| WiFi (802.11) | Phone in bag used as hotspot, laptop connected to hotspot |
| Celluar | Phone in bag, another cellular phone used to call it |
Extensive testing was done done using a variety of faraday bags and devices.
| Scenario | Testing Process |
|---|---|
| HID proximity card | HID proximity card placed into bag Bag closed and sealed Flipper Zero placed on top of bag over card location Flipper Zero used to read 125 kHz RFID data |
| HID proximity fob | HID proximity fob placed into bag Bag closed and sealed Flipper Zero placed on top of bag over card location Flipper Zero used to read 125 kHz RFID data |
| Credit Card | Credit card placed into bag Bag closed and sealed Flipper Zero placed on top of bag over card location Flipper Zero used to read NFC data |
| Bluetooth | iPhone connected to iPods via Bluetooth iPhone playing audio content iPhone placed into bag Listened for audio disruptions |
| WiFi (802.11) | Android phone with hotspot turned on Windows device connected to hotspot Continuous ping set to 8.8.8.8 Android phone placed into bag Ping reviewed for disruptions |
| Cellular | iPhone placed into bag Android phone used to call iPhone |
The results for these different tests were pretty quick. For the Flipper Zero tests, either the data could be read or it couldn't. For bluetooth and wifi, it was just waiting to see how the signal changed. Now for the results:
| Scenario | Result |
|---|---|
| HID proximity card | Fail (Flipper Zero was able to read the data) |
| HID proximity fob | Fail (Flipper Zero was able to read the data) |
| Credit Card | Success (Flipper Zero was unable to read the data) |
| Bluetooth | Limited Success (Audio signal cut in and out, heavily impacted by proper sealing of the bag) |
| WiFi (802.11) | Success (Wireless network was quickly disconnected and unable to be seen from mobile hotspot feature) |
| Cellular | Success (iPhone was unable to receive phone call, Android phone was directed straight to voicemail) |
From the testing, there were a few takeaways:
- Test to make sure your protections are effective
- Make sure to follow instructions - Bluetooth audio was very functional with a partially closed bag
- When in doubt, turn off features, or devices, if not needed and when in a space of uncertain safety
For some of these attacks, someone would need very close proximity to complete a successful attack. In the case of testing using the Flipper Zero, the reader was physically sitting on top of the bag and that would be much more challenging for someone to do in a real world situation.
[1] https://www.zdnet.com/article/do-rfid-blocking-cards-actually-work-my-flipper-zero-revealed-the-truth/
[2] https://www.amazon.com/dp/B0BHSH8BLR?ref=ppx_yo2ov_dt_b_product_details&th=1
[3] https://flipperzero.one/
[4] https://docs.flipperzero.one/rfid
[5] https://docs.flipperzero.one/nfc
--
Jesse La Grew
Handler
Comments