The Flipper Zero may be a more problematic product than we first anticipated. Yesterday, on the Sec-T security conference in Stockholm Mikael Simovits presented [1] his research “FLIPPER ZERO – ZERO TRUST
or Beware of Geek Bearing Gifts” [2] into the companies and persons behind the Flipper Zero. Connections to GRU cannot be rules out.
The flipper zero is using off the shelve components and the firmware is open source. What more do you want?
You don't need to use the android app if you are worried about malicious future updates.
All the possible scenarios he lists could just as well happen to a US based company like being pressured under the patriot act to alter the app and collect keys.
Having a device built by actual hackers appeals to me way more than some coorperate gadget.
I agree that the same could be said about a US owned entity. IMO the problem is not that there are Russians behind the company, there are countless of talented Russian engineers achieving more with less (Wozniak style). The problem as I see it is the a real possibility of the revenue and data Flipper generate ending up fuelling the war against Ukraine. That should be noted and then each potential customer or user of the device can make their own assessment of wether that possibility affect their decision regarding the device or not.
The flipper zero is using off the shelve components and the firmware is open source. What more do you want?
You don't need to use the android app if you are worried about malicious future updates.
All the possible scenarios he lists could just as well happen to a US based company like being pressured under the patriot act to alter the app and collect keys.
Having a device built by actual hackers appeals to me way more than some coorperate gadget.