I attended the AITP Chicago Security SIG tonight at RSM and left with one clear takeaway: a $200 device called Flipper Zero can clone your building access badge and bypass the physical security your organization worked so hard to set up. FBI Chicago Intelligence Analysts and an InfraGard board member explained how these devices work and where organizations are vulnerable. The room was full of security professionals, many of whom had that familiar look, realizing a threat they thought was unlikely is actually much closer to home.
Here are a few key points from tonight:
・ You can buy Flipper Zero on Amazon, and teenagers are posting demo videos on YouTube. If your physical security plan assumes attackers need special equipment, that assumption is no longer true.
・ Most enterprise security programs barely address RF-based attacks on access control systems. We invest heavily in endpoint protection and network monitoring, but the badge reader by the server room often gets overlooked.
・ Mitigation is practical. Encrypted credentials and multi-factor physical access are real solutions. Most organizations just haven’t made them a priority because the threat seemed remote.

If you’re a CISO or CIO and haven’t reviewed your physical access controls for RF-based attacks, now is a good time to add it to your to-do list.
Thank you to AITP Chicago, the FBI, InfraGard, and RSM for a great discussion.

https://aitpchicago.com/event-6680905
#Cybersecurity #PhysicalSecurity #InfraGard #security #privacy #cloud #infosec #flipper0

Saw this on slack - https://github.com/Lucaslhm/Flipper-IRDB

It's a collection of codes for Flipper Zero so you can use it as a remote control.

I'm tagging in IOT and HomeAssistant because the codes could be converted for use there.

#FlipperZero #Flipper0 #iot #HomeAssistant @homeassistant