Flipper Zero Self Destructs an Electricity Smart Meter
Flipper Zero is an affordable handheld RF device for pentesters and hackers. It is not based on SDR technology, however it uses a CC1101 chip, a digitally controlled RX/TX radio that is capable of demodulating and modulating many common digital modulations such as OOK/ASK/FSK/GFSK/MSK at frequencies below 1 GHz.
We've posted about the Flipper Zero a few times before on this blog, especially given that it is now a famously known device, having found popularity on TikTok and having been reviewed by famous Tech YouTubers like Linus Tech Tips.
Recently a video on YouTube by Peter Fairlie has shown the destructive power of the Flipper Zero. In the video it appears that Peter was using the Flipper Zero to wirelessly turn the power meter on and off, which also controlled the power to a large AC unit. Eventually switching the meter on and off while under a heavy load resulted in the meter self destructing and releasing the magic smoke.
Looks like he packed some dry ice in the meter to me personally. As some one who has packed dry ice in just about everything that’s definitely my guess. Question is why would you keep on and keep on cycling the power like that.
Debunked: https://www.youtube.com/watch?v=QmNAA2bVo4Q
Hey, that channel is awesome. I just subscribed. definitely debunked. lol
This is absolutely idiotic, IF the meter had a contactor in it, it would not have been designed by maker-type mimic retards. It would have been designed by actual electrical engineers with full DFMEA and certainly would have been designed for all manner of transient voltage due to the nature of secondary utility power lines. Transients caused by rapidly dumping a house load are child’s play compared to what regularly occurs on these power transmission lines, especially when the secondary windings on one utility transformer are shared by many households.
This is BS!!! That model meter does not have the
service disconnect feature. Fraud!!!!!!
just curious, why does the meter’s display go blank when he turns off the power? there’s a lot in that observation. and the sound of the service disconnect switch seems very loud – could it be external to the meter?. again, a lot in that question
Yeah, it’s looking like the guy is a fraud. Apparently, it’s not his actual service meter, but instead it’s one he bought off eBay. It doesn’t have service disconnect capability. Instead, it has a small aux control relay and he’s deliberately ramming tons of current through its contacts. Gotta get those sweet, sweet YouTube views!
The question is, why would someone bring unwanted attention to a great hobby?
The Flipper Zero is technically controversial because of all the previous negative media attention. Plus it’s made in Russia and the company even had some media attention when PayPal stole their money. All that combined makes for a very easy viral video to get yourself some views, clicks etc. with just a couple controversial, relevant keywords.
And ya can’t say it doesn’t work because we’re here talking about it 😂
Because it makes easy clicks for those that have no idea how these things really work. Talking about how “dangerous” they are and how they can “easily do illegal things” with “no oversight” is what they want. They are in it to villainize not only SDR, but amateur radio as well. It’s common in a lot of hobbies, where the tiny bit of bad actors get all of the attention.
900 MHz. They have shut off relays built in for service termination.
https://www.smartenergy.honeywell.com/product/rexuniversal-meter/
A little knowledge is a dangerous thing….
I thought most compressors were soft start? Most of the gear I’ve seen waits a random amount of time before spinning up for this exact reason (Power cuts and loads of fridges, ACs, ovens, whatever coming back on at once with a big ol’ inductive load).
I used to help design smart electricity meters. We took security seriously but it’s disheartening to see how many manufacturers don’t – especially in residential and light commercial meters. (Fast – cheap – good; pick any two.)
The disconnectors in meters aren’t built for frequent switching. They’re meant to disconnect a non-paying customer and reconnect them once they’ve paid their bill. If a meter had to disconnect and reconnect a circuit 20 times in a 20 year service life I’d be very surprised. If I was the programmer on that design I’d have at least put in a time delay to prevent switching more frequently than every 5 minutes or so. My central air conditioner has a time delay like that. It’s called an anti-short-cycle timer.
Super curious if this is hijacking (eg brute force access) the control protocols to flip the disconnect under load, or if it’s managing to fuzz the API and crash something internally with similar results.
I used to admin a vxworks-based VOIP switch which you could lockup with a basic nmap fingerprint scan. Reported to the vendor, “if it hurts when you do that, don’t do that.” Had to include it as a you-no-touchy exception in security audit engagements for years.
Since they had to cycle the power multiple times to cause the failure, I doubt it was a software crash. They probably hijacked the command protocol and kept sending disconnect / reconnect commands. That fact that it caused a physical failure (smoke) suggests it was a voltage spike, probably from turning off an electric motor (the air conditioner) during a peak in the current waveform.
The disconnectors in those meters are expected to operate under load, just not very often. Since they’re used to remove power from an uncooperative customer’s premises the power company can’t exactly call up and say, “We’re gonna cut you off now. Would you mind turning off your A/C and unplugging your refrigerator, please?”
My old A/C system had a shutoff timer in/on the compressor. The new one (~ 2years) has it in the thermostat. It won’t even try for about five minutes.
Pyrofuse?
The more you experiment, the more you find out.
Still, one would think a meter would be designed to turn on and off under load, reliably, repeatedly – we have frequent outages in our area. Kinda hard to expect the general public to know to shut off loads before restoration.
That was painful to watch. Likely destroyed that heat pump compressor too.