In a word: Pinball Zero may look like a harmless 90s kid’s toy, but it’s capable of so much more. The Tamagotchi-like device has been used for everything from opening parking barriers and tampering with fast food menus to reading credit card information through a person’s wallet and pants. Unfortunately for Flipper, this scanning capability has been banned by Amazon, which now considers it a policy-violating card-skimming device.

The device allows users to locate, troubleshoot, test and debug various types of digital interfaces and hardware devices via radio, radio frequency identification (RFID), near field communication (NFC), infrared, Bluetooth and other protocols. While these options are not inherently dangerous on their own, the ability to emulate multiple devices, cards, or interfaces is what many consider to be one of Flipper’s many security threats.

The ability to read and emulate NFC data means that nearby cards or devices broadcasting on the 13.56 MHz band could be read and potentially emulated (where possible) without the knowledge of the owner.

Based on this capability, Amazon views Flipper Zero’s NFC capabilities as a potential security risk, as many bank and credit cards that offer contactless transactions use NFC communication. The ability qualifies the Pinball Zero as a restricted card skimming device under the Amazon seller. Lock picking and theft devices product category.

The Flipper Zero project was funded through a Kickstarter campaign in 2020. Some of the technical spec highlights include:

• 32-bit Arm Cortex-M4 + 32 MHz Cortex-M0+ processor (network)
• 1 MB of Flash memory and 192 KB of SRAM
• 1.4-inch 128 x 64 LCD monochrome display, 5-button joystick with back button
• 2000mAh rechargeable battery
• NFC and Infrared
• RFID reader and writer, GPIO pins
• iButton reader and writer
• USB 2.0, Type-C port

Despite this ability to read and emulate NFC data, the chances of a user actually cloning all of the required meaningful data from an unsuspecting victim’s credit card is currently impossible. Although the Flipper has the ability to read all unencrypted NFC data that exists on the card, it has no ability to read the additional encrypted data needed to complete a transaction. Based on this, it is (currently) not possible for Pinball Zero to 100% emulate a bank or credit card that uses NFC.

In a previous interview with Wired, Pinball Zero co-creator Alex Kulagin defended the device, saying it’s intended for educational and entertainment purposes for hobbyists. “We want to help you understand something in depth, explore how it works, and explore the wireless world around you that is hard to understand,” Kulagin said.

Since the ban, Amazon has asked sellers to remove or delete all listings associated with Pinball Zero or other restricted products. Sellers who do not comply within 48 hours of receiving their warning risk the cancellation of the seller’s account and their funds may be permanently withheld.

While there’s no shortage of YouTube videos and other articles that focus on the more “colorful” uses of Pinball, the truth is that it was never originally designed with chaos at its core. mind.

The multi-antenna device is designed to help security professionals and other technicians with penetration testing, debugging, and other tasks intended to make products or services more stable and secure. But like any device, it’s as good or bad as the person using it. According to Kulagain, “It’s not Flipper’s fault. There are bad people out there and they can do bad things with any computer. We don’t intend to break any laws.”