At New York City’s 2026 mayoral inauguration, the official security checklist banned three things alongside weapons and explosives: firearms, knives, and the Flipper Zero. A $200 gadget that looks like a toy Tamagotchi got listed next to dynamite. That’s either the most paranoid security briefing in human history, or someone in the mayor’s office watched one too many YouTube videos about “the world’s most dangerous hacking tool.”
The Flipper Zero is not the world’s most dangerous hacking tool. It is, however, one of the most interesting gadgets you can buy legally, and the panic around it tells you more about tech illiteracy in government than about actual security threats.
What the Flipper Zero Actually Is
The Flipper Zero is a portable multi-tool for radio frequency protocols. It reads, copies, and replays signals in a range of wireless standards: RFID, NFC, sub-GHz radio, infrared, iButton, and Bluetooth. It has a small screen, a directional pad, and a dolphin mascot that gets sad if you ignore it (yes, seriously). The firmware is open source, which means a whole community of developers has been adding features and fixing bugs since it launched on Kickstarter in 2020 and raised $1.3 million in its first day.
What it can actually do, in practice: clone an old-style hotel key card, replay your TV remote’s signals, read the NFC chip in your transit card, probe garage door openers, and interact with basic smart home devices. It’s a legitimate security research tool, a hobbyist toy, and a very effective way to understand just how many signals are floating around you at any given moment.
What It Cannot Do
Here’s where the YouTube panic machine falls apart. The Flipper Zero cannot clone modern bank cards. EMV chips (the ones in every credit and debit card since approximately 2015) use dynamic cryptography. Each transaction generates a unique code. You can read the card’s NFC data, but you cannot replay it to make a payment. The myth that someone can walk past you with a Flipper Zero and drain your bank account is simply wrong.
It cannot hack WiFi networks. It has no WiFi chip. It cannot intercept encrypted communications. It cannot override car key fobs for modern vehicles that use rolling codes (where each press uses a new code). Some older garage openers from the 1990s that use fixed codes? Maybe. Your 2023 car? No.
The genuinely risky stuff requires physical access, old hardware, or both. And if someone has physical access to your old hotel key card reader long enough to clone the master key, the Flipper Zero is the least of your problems.
The Government Panic Cycle
Canada tried to ban the Flipper Zero in 2023. The government announced it would “ban devices used to steal cars,” which prompted the obvious follow-up: the Flipper Zero does not steal modern cars. A stolen car requires either a long-range relay attack (different hardware entirely) or physical access to program a new key (which requires a mechanic’s diagnostic port, not a dolphin gadget).
The ban never happened, but the panic set a pattern. Politicians see a small device, hear the word “hacking,” and add it to the threat list. NYC’s inauguration security team apparently followed the same script. Raspberry Pi, a $35 computer used in schools, also made the banned list. Because apparently tiny computers are now weapons.
This is the same impulse that made airports confiscate snow globes and nail clippers for years after 9/11. The response was not calibrated to actual threat models. It was calibrated to how threatening something looked to someone who didn’t understand what they were looking at.
Why It Actually Matters for Everyday Security
Here’s the useful part. The Flipper Zero exposes real problems in systems you probably trust. Those hotel RFID key cards that get cloned easily? Many hotels still use them. Those garage door openers from 2001 with fixed codes? Still out there. Your office building’s access cards that can be read from a foot away through your wallet? Check the model number.
Security researchers have used the Flipper Zero to demonstrate that a lot of critical infrastructure runs on protocols that were designed decades ago, before anyone imagined someone carrying a pocket-sized reader. The building access system at your office might be running on EM4100 cards that cost $0.30 to clone. That’s not the Flipper Zero’s fault. That’s a procurement department that bought the cheapest cards available and never updated them.
The device’s open source community has also built tools for legitimate personal use: testing your own NFC tags, managing IR remote profiles for your home theater, reading the data on your own transit card to see what information it stores. The same question of who controls your data that applies to music streaming apps applies to every RFID card in your wallet. The Flipper Zero just makes the answer visible.
The Hobbyist Community
The most active community around the Flipper Zero is not hackers trying to steal cars. It’s engineers, students, security hobbyists, and people who want to understand how the wireless world around them works. Third-party firmware like Momentum and Unleashed extend the device’s capabilities while keeping it legal for its core use case: learning and testing your own systems.
Flipper Devices, the company behind it, has Russian founders and is now headquartered in the Netherlands. The firmware is on GitHub. Every capability is documented. This is the opposite of a secretive threat vector. It’s an educational tool that happens to look like something that might worry a TSA agent.
The reality is that someone who wants to cause actual harm with radio frequency tools has far more powerful and specific options. The Flipper Zero is not on their shopping list. It’s on the list of people who like tinkering with technology the way people used to take apart radios to see how they worked.
What Should Actually Be on the Banned List
If you want to have a real conversation about signal security threats, the list looks very different. Stingrays (IMSI catchers) that law enforcement uses to impersonate cell towers and intercept calls. Long-range RFID readers disguised as briefcases. Bluetooth skimmers the size of a matchbook hidden inside ATMs. These are real tools used in real crimes.
The Flipper Zero looks scary to someone who has heard the word “hacking” and associates it with the dolphin gadget from the viral TikToks. It looks like a toy to anyone who has spent five minutes reading the documentation. NYC’s inauguration security team proved, without meaning to, that the gap between tech literacy and tech policy is still very much open.
In the meantime, the Flipper Zero is still available for purchase, still shipping worldwide, and still making its little dolphin mascot happy every time someone uses it to read an NFC tag. The dolphin was reportedly very unimpressed by the inauguration ban. Stranger things have been banned for stranger reasons.
Sources: Hacker News coverage of NYC ban | Flipper Zero capabilities guide, NextTechWorld | Flipper Devices official documentation
🐾 Visit the Pudgy Cat Shop for prints and cat-approved goodies, or find our illustrated books on Amazon.
