ANATEL Brazil Seizing All Flipper Zero Shipments.
Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.
ANATEL ( The Brazilian National Telecommunications Agency ) claims that Flipper Zero is solely being used for criminal activities.
According to EFF, ANATEL has flagged Flipper Zero as a device that serves illicit purposes, or facilitates a crime or misdemeanor and has decided not to certify it, will result in any new orders being intercepted and redirected by the national post office to ANATEL because the device isn't certified.
Most International packages are being sent to Curitiba/PR, where they are manually opened to verify its content, then they decide what to do with it and if you are lucky you get your package in 3 months time, together with a note saying they have looked inside your package.
Banning trade tools will only make security systems more vulnerable by limiting the access of those working to secure these systems.
The device isn't using any illegal hardware that can't be found elsewhere.
"The creation, possession or distribution of tools related to security research should not be criminalized or otherwise restricted."
Especially in a country were so many people has little to "no knowledge" of how to secure their IoT devices.
ANATEL claims the device has been used for illegal purposes:
"Anatel's certification area informs that the equipment called FLIPPER ZERO has been used in the country by malicious users in facilitating a crime or criminal misdemeanor and, as provided for in item II of Art. 60 of the Regulation for Conformity Assessment and Homologation of Telecommunications Products (annex to Resolution No. 715, of October 23, 2019), Anatel has rejected all homologation requests for the product in question, in order to collaborate in the protection of Brazilian citizens against criminal actions".
ANATEL is effectively helping holding Brazilian security researchers back and by doing this they are preventing them from finding vulnerabilities and patching the affected systems.
"Denying certification to Flipper Zero doesn't prevent the use of other tools to exploit the same vulnerabilities, as it doesn't stop people from bringing a Flipper Zero from abroad in their bag without having to ship it through the Brazilian border." EFF says.
Buying Flipper Zero:
Brazil is all about contacts, all you need is to know one person that knows another and you can get your hands on one of these devices. The price will of course be higher. You should expect to pay atleast 50% on top of the $169 USD ( R$882 ) to 100% more, since it is a black market item.
If you don't have any contacts, then you can buy it online from Mercado Livre, but besides paying over the top prices, it could be intercepted. Cheapest one I found costs R$2,400.
Update: 9th of April,2023 Amazon is banning Flipper Zero.
Amazon has banned Flipper Zero and marked it as a card skimming device, although the device is not capable of doing that. So far it is unclear if the ban will be permanent.
First published 2023-04-09.