Why is the world so alarmed about taking the Flipper on board planes? Is it just poorly educated armchair cyber commentators of the ‘don’t use open Wi-Fi / USB juicejacking’ style of fearmongering, or is there something to it?
TL;DR
- Flippers are not a threat to the safety of a flight
- Other passengers and cabin crew may be spooked by devices featuring external aerials, but there’s no significant security risk.
- By far the most likely incident would be prevention of credit card processing in the cabin, but not with a standard Flipper Zero
- At worst they can cause very temporary annoyance and distraction to a flight crew
- A phone and/or laptop with a software defined radio could cause more issues, but even then it would be extremely unlikely to affect flight safety.
Why are people worried?
I’m sure you’ve seen the odd post on social media about people having their Flippers confiscated by airport security and also posts by other passengers on board, alarmed about someone playing with their Flipper. I’ve had half of a smart door lock confiscated at an airport. I still don’t know why, or why only half was taken!
The Flipper simply isn’t capable of doing anything meaningful with almost any of the radio technologies used on aircraft because it’s not a general purpose radio. It can do some digital encoding schemes common in consumer electronics (frequency and amplitude based digital keying) and it’s built round a chip that only performs well in those bands and with those encoding schemes.
Even with custom firmware, one might unlock the transmission band limits, but the CC1101 it’s based on won’t suddenly become a high power VHF jammer or be capable of dealing with analogue radio. The antenna has also been designed on purpose to be bad at that low frequency and actually also to restrict the range of all transmissions.

What the Flipper can actually do
The Flipper Zero can work on sub-GHz radio signals, specifically the 315 / 433 / 868 / 915 MHz ISM bands.
It can send infra-red messages, just like any TV remote control. There is little on an aeroplane that can be controlled through infra-red. Maybe the worst thing that could happen would be to turn off one of the TVs in the terminal. But you could do this with a normal universal remote control.
It can read and write some NFC or RFID tags if they are within millimetres of the Flipper’s rear aerials. This has limited uses, so there is potential to clone certain types of access badge with physical proximity. This could be done through an app on an Android phone. RFID access cards are rarely used on planes.
It can interface with generic electronics through the use of its GPIO pins. These pins can be used to interact with embedded electronics. That is useful on a workbench. It is not a magic cable into the aircraft. To access any of the embedded electronics would require accessing the avionics / EE bay or the cockpit.
It can send messages over USB, just like any phone or computer. From a cabin perspective. This may cause problems with a single in-flight entertainment console, but would have limited impact across the whole cabin. On planes without IFE systems, the USB ports are normally charge only with no data connection.
What the Flipper cannot do
Scare stories about the Flipper jamming / spoofing GPS whilst on board aren’t based on fact. Its transmitter can’t broadcast in the L1 (1.575 GHz), L2 (1.227 GHz) and L5 (1.176 GHz) frequency bands that GPS operates in.
ADS-B, the protocol used for tracking planes, is also outside the frequency range that the Flipper is capable of
Pilots still use VHF radio for voice communication, typically from 118 to 137 MHz. Radio navigation systems such as VOR and ILS localiser use lower frequencies, from 108 to 117.975 MHz. Both are again outside the range of a standard Flipper Zero. VOR also uses a more complex signal structure than simple AM, which the Flipper can’t do either!
The cabin is not the cockpit
Passenger cabin systems are not the same as flight control systems. Systems that matter to flight safety are in physically separate aircraft domains. The Aircraft Control Domain (ACD) is carefully isolated from passenger-facing cabin systems, which sit in the PIESD and/or PODD domains.

It cannot attack Wi-Fi on its own
Can it intercept Wi-Fi or send de-auth packets to ‘knock’ electronic flight bags or credit card terminals off their connection? Again, no owing to transmitter limitations.
Could it create a fake access point to cause passengers to enter their card details into a fake page? No, owing to transmitter limitations, though this is pretty straightforward with a rooted phone or Linux laptop & external Wi-Fi card.
Augmenting the Flipper Zero
This is where it gets more interesting: there is custom firmware and external hardware which the Flipper can use and control. But then the issue isn’t the Flipper, it’s the external components and antennas.
A few real-world attacks that might be meaningful
Sending Bluetooth pairing requests to the pilot’s electronic flight bags. This would cause a series of pop ups on the EFB, each of which would have to be cancelled by the pilot.
Fortunately, later phone operating systems will discard multiple repeated pairing requests from the same device. This can also be mitigated by disabling Bluetooth in the standard iOS EFB build, assuming it is not required, which it rarely is!
The result is purely a distraction for a few seconds. Both pilots will have EFBs and the approach to the airport will be planned using that EFB with significant spare time in hand.
If the in flight entertainment system has USB and the data lines are enabled (unusual), then I suppose that the Flipper could be used to do ‘badUSB’ things, but modern IFE is generally well protected against such attacks.
These two attacks are both possible (and arguably more effective) using USB sticks that connect to a laptop.
Conclusion
A rooted phone and/or software defined radio can do far more than the Flipper. I would be more concerned about a laptop and a RTL-SDR or HackRF One.
The Flipper can be connected to various dev boards and other devices, which then enable additional functionality, but the Flipper itself is not the problem.
Perhaps the most likely result of a Flipper being used on board is the unsettling of other passengers nearby, a result of cables and aerials, not an actual security threat. That said, anyone running a laptop with a bunch of external peripherals and antennae is likely to cause the same alarm.
To my mind, the advice to cabin crew and the operator should be simply to ask that passengers do not use devices with external antennas, mostly to avoid alarming other passengers. Besides, transmitting on board an airplane is tightly controlled by most aviation regulators. Wi-Fi and Bluetooth is usually permitted, as are cellular bands by some, notably when a picocell is on board. Other transmission is explicitly forbidden, which includes the sub-GHz ISM bands supported by the Flipper.
So, take the Flipper aboard by all means, but don’t power it on.