The tech used here is the popular Flipper Zero, an ethical hacker’s swiss army knife, capable of all sorts of things such as WiFi attacks or emulating NFC tags. Now, 404 Media has found an underground trade where much shadier hackers sell extra software and patches for the Flipper Zero to unlock all manner of cars, including models popular in the U.S. The hackers say the tool can be used against Ford, Audi, Volkswagen, Subaru, Hyundai, Kia, and several other brands, including sometimes dozens of specific vehicle models, with no easy fix from car manufacturers.
Manufacturers secure their vehicles against unauthorized repair, not against theft.
Blaming the flipper zero for hacking is like blaming lockpicking tools for why masterlock sucks so much.
This article convinced me to buy a flipper (I’ve been debating it for years). It’s a super useful item that is absolutely going to get banned/hamstrung any day now for putting too much power into people’s hands under the guise of “public safety”.
I want it because it’s so easy to use. I’m no hacker, but with a tool as convenient as this I’m sure I can piece some useful hacks together.
https://github.com/Next-Flip/Momentum-Firmware
You’re gonna want this. Removes the locked down parts of the OFW, among other quality of life improvements.
It’s not the firmware in the article but if you want that you’ll have to find that loser’s telegram yourself and pay him for serial locked horse shit.
https://github.com/djsime1/awesome-flipperzero
Also this. Bunch of files to help you get started. Uberguidoz repo (linked there) especially.
It’s cool but not magic. If you’re trying to fuck with something, you need to know what frequency it’s on and what sort of signals do what. There is a bunch of preloaded stuff though, and a wide variety of tools like radio frequencies, nfc, Bluetooth, rfid, and infrared. So far the most useful thing I’ve done is turn the volume down on fox News on tvs in public areas.
Oh one thing I still have to try: some, maybe most handicap buttons for doors are actually radio frequency based and not hard wired, so if you can capture and replay the open signal, you could open a door without hitting the button and look totally jedi.
You can already do that by making the hand motion at an automatic door.
If someone ever calls you on it, just say that you find their lack of faith disturbing.
I did this the last time an article about Flipper Zero’s hacking abilities went viral. I was worried about the same thing. Never came to pass, but now I use it to find microchips in lost animals so it was worth it.
Canada already banned it. Wish I’d got one sooner
Pretty sure that ban was walked back?
It was indeed. My apologies. I guess the article walking back the ban didn’t get as much traction as the one banning it.
No apologies needed. Although, ordering one before they reban it again may or may not be something to consider.
Why is 404media boosting anti-basic electronics fearmongering ?
I see this article more about reporting unfortunate news rather than boosting fear. The news seems to be “Car manufacturers don’t take security seriously and people are exploiting it with a simple tool”.
I’d rather hear about this now than wake up one day to see that my flipper is illegal because some politician watched a tiktok video.
I don’t think it’s merely “reporting unfortunate news” It’s about the flipper zero, not really about car theft per say and shitty, evil car security system where the dealer scams you as much as the thief for a key.
There’s really no reason we can’t use contactless smartcards for this, and that we can’t program them ourselves with open source software.
The flipper zero itself is completely irrelevant about this. It’s just a generic ISM band transceiver … Only of note to the ignorant and technologically incompetent, but the journos have made this the centerpiece of the article.
Cue governments banning working with electronics to stop auto theft and also save the children
If you can hack a car with a flipper zero, then the car manufacturers failed to implement the most basic security protocols. Complain to them, and demand a fix.
Give us fucking keys and BUTTONS. We dont want or need this tech shit they want to shove into everything so they can show cancerous growth to ther shareholders.
Trouble is the move to complete computerization. Back in the day we had physical keys which turned a physical switch to physically connect the power from battery to wake ECU. Now, we have a button that sends a REQUEST to the ECU to turn on or off, and as long as an acceptable transponder is around it will accept the request. If you turn your car off when u hit that stop button it REQUESTS that the ECU shut down assuming conditions are met. I have had a problem 202w wrangler JL turn on fine but refuse to shut off untill you pulled the terminals off the battery. This new age hyper computerized nonsense is why every mechanic hates these new age techno bullshit wanna-be computer appliances on wheels, canbus can be awesome for keeping all modules on the same page but one bad wire and the whole system takes a shit.
202w wrangler
Well, Jeep is not really a name for good innovation. They are stuck with a management that still thinks “mechanics” and sees electronics as a pure profit center, not as a gear in the system that has to be as reliable as the rest of it.
Fucking real! My car (2016 Toyota Avalon) uses a rolling code for the transponder! It’s like one of the most basic things any manufacturer can do to avoid this shit! And it can’t be more than a few dozen lines of code (I’m no expert so this may be an exaggeration)?
Of course, this particular attack actually “works” with rolling codes (WILL desync your real keyfob), it requires the attacker to sniff one signal off your key (incl lock) and then they can spoof your key’s rollover protocol (and any button, not just the one they sniffed) to reset the rolling code back to 0 and allowing them access. Iirc it’s different from a standard replay attack in (definitely) that it can spoof other keys on the fob it hasn’t read, and (I think) that while a trad replay attack requires the car not to hear the signal when recording I believe that doesn’t matter with this attack.
Unfortunately I haven’t been able to test it out since I’m not buying a serial locked flipper firmware from some guy who just got out of prison selling it on telegram.
What if I only use the fob as a fob? I usually only use the touch pad to lock and inner handle’s proximity sensor to unlock, so the car is only range finding after initial sense.
If you literally never press the buttons, nor leave your keys alone with anyone else who could possibly push the buttons?
Then a guy with a $20 car unlock kit from Autozone can still get in. And so can a guy with a hammer, and a guy with a broken spark plug. Locks are suggestions, especially when you have windows.
And that’s not even to mention people with actual SDRs that can repeat your key’s signal and remote start your car, keep your fob in a faraday bag.
I totally got you in the weakness order of operation. I used to be a locksmith in a previous life in South Florida. Used to tell people they needed double sided deadbolt cause there’s a piece of glass next to it, and that they could also just climb through the window so if they were really worried they would want to put up bars or invisible hard screen. Also I am THE most techy person in my friend group and the most I’ve done is put together a tiny esp32 marauder with an old Bitcoin lottery miner, and even then my keys stay in my pocket. Plus it’s an almost ten year old car with 100k+ miles with a few dents and scratches. So I wouldn’t expect such a sophisticated stack especially considering the town I live in is only like ~50k pop.
locksmith
OH you know what’s up for sure then lmao.
Yeah tbh there’s nothing a flipper can do that you can’t do with a better tool, it just rolls a bunch of stuff into a digital swiss army knife of sorts. It’s not something a real car thief would use, maybe someone would use it to break into your car and steal something but a car thief would have something purpose built, or just go low tech if they can. You can run marauder on it too with the wifi board though lol.
Really‽ I couldn’t seem to find any signal when I was sniffing for one at home. Could you point me in the direction of some good documentation? Cause I can’t find nothing but YouTube videos of guys driving around saying “omg ,I pinged them and have all their network info!!1!”
It is almost like their should be something written down somewhere. Like a guideline or rule or something…
Oh that is right, it is called a regulation requiring basic wireless security for extremely expensive consumer items.
Nope can’t do that.
Won’t someone think of the multi billion dollar corporations‽
TBF most of these are failures and exploits on older devices.
Which are a dime a dozen across the entire industry. Security is rather difficult, especially when considering exploits and bugs.
Ofc many of these ARE the results of cut corners, though many are just a lack of security awareness or old devices with known exploits discovered long after manufacturing.
The lack of security awareness is due to them to scrooge to hire the right professionals for the job. It is 100% the result of cutting corners.
“ethical hacker’s swiss army knife” I hate it when they always add “ethical”. First of all, when you say ethical you mean law-fearing, they don’t really care about ethics and, secondly, “regular” hackers use it too, so it’s just a hacker’s swiss army knife…
My ethical gun is safer than your criminal gun.
Tbf, unironically yes. The most dangerous part of a gun is the thing attached to the grip. A real “problem exists between keyboard and chair” situation.
Dude, do you want individual hacking to become illegal? Because people who are not hacking daily are prone to forgetting that some hackers don’t actually act maliciously.
Also, yes, some hackers are ethical and do care. Not you, obviously. But some.
not doing something by fear of the law is not ethical. that said, some of them are ethical, but ethical hacker would mostly include grey hats, which they wouldn’t want because they can’t say illegal hackers use their device.
Yeah, I definitely read that as an effort to preempt the folks who were going to yell about how clearly this means the Flipper Zero should be illegal. Hacking has been so poorly represented in TV and films that there are a distressing number of people who don’t realize the term can even have a positive connotation.
I do not want any hacking device to be illegal, as they can be used for good(overthrowing the state and capitalism).
The real issue here is that the systems that car manufacturers use for their vehicles are insecure and outdated. The Flipper Zero is just exposing their bad design decisions.
On the bright side, all the car thieves that knew how to open a steering lock have all grown up, so a club lock is probably going to be the best defence outside of a kill switch. Great for road rage, too
“We’re seeing an increase in new care purchases” “What changed?” “We made them super easy to steal”
It is true that this device can be used nefariously. But it’s just a computer with a wide variety of very basic and common communication methods along with software to exploit them. There are many other computers like it that are just less popular. And to ban it is to ban said basic communication hardware like radio, WiFi, NFC, etc.
The solution is to mandate companies to provide a minimum level of security. Even giant companies with good reputations have giant security holes, like Apple or your bank, implementing mandatory SMS as 2FA. That shit should be illegal.
Fear of the Flipper Zero is fear of people having direct control of consumer grade radio hardware. “You can’t let people have universal TV remotes, what if they push the buttons?!”
The people who write the laws specifically like that exploit.
Huh?
SMS 2fa. The feds love that shit and would never let a law requiring something better to pass.
Oh, haha, I bet.
Oh, you sound so optimistic, my bank has a mandatory 4 digit code as login with 2fa sms for new devices. I sometimes consider going to shoot the cto there but I don’t own a gun.
You can’t switch banks?
Or buy a gun?
That is easier…
Weren’t Kia Boys stealing cars with literally just a USB cable since it physically fit to turn the ignition behind the key cylinder?
That doesn’t require buying a special device, it was mostly crimes of convenience. I doubt the Flipper Zero will ever get that widespread.You’d be surprised what people will pay for a striker hellcat. Yea it’s never gonna be as common, but it will happen. It is easier to steal a hellcat with a flipper zero than to pull apart a column to get behind the ignition and turn it without the key, if anything hacking into cars is quicker and easier than defeating a physical key! My SO push button 15 Jetta could easily be stolen with a flipper, but my 87 YJ with a physical key requires an understanding of the wiring system and the time to tear down the column to be stolen. Any dunce capable of buying a flipper loaded with appropriate software can easily steal any new push button car.
And here I am just using my flipper zero to turn my fan on and off since the remote that came with it sucks.
Using NFC amibo codes for freebies in switch Zelda
Same. This whole time I could be driving a new car each day. What a waste.
Just go to a car park, close your eyes, spin around 3 times and hit the flipper zero.
It’s like a lucky dip!
I use it at work to clone a customer’s proximity card when I work in their building so they don’t have to leave me theirs to get around. The one legitimate use I found.
I guess being able to trigger the customer service announcement without having to find a button in a store is nice.
That’s … not a legitimate use.
That’s the definition of a legitimate use.
Cloning keycards temporarily with permission (until new ones are made.) Breaking into your own or a friend’s car because the keys were left inside (until you get the keys back)
Cloning a TV remote just to lower the volume to a sane degree and turn it off (until they get a new TV, remote or find the old one).
Legitimate is a anything that you’re allowed to do. It’s a simple process to test legitimacy:
Did someone ask you if you can help?
If yes, did you tell them what you’d do?
If yes, did they agree?
And once you did whatever it was they agreed to, did you keep your ability to do the same thing in the aim of doing something they didn’t consent to (once you cloned their car key, do you plan on stealing the car? Or once you cloned their remote, do you have an insatiable urge to fuck with them by abusing the remote?)
If you answer “yes” to all except the last one, the use is legitimate in 99.9% of cases.
The only reason this may be considered a non-legitimate use would be if you attached the exclusive economic right of making repairs or new keys to the OEM, which isn’t how a sane world works.
<hr>
And besides, tools like the Flipper truly are hacking tools. Today hacking has a bad rep, and the word used to mean more like hack something together.
Imagine Bob who is a DIY type of guy. His TV starts falling apart because the plastic casing broke. Bob takes some duct tape and glues the casing together. As the TV stand is also a bit wonky, he takes some screws as well just to be safe. He doesn’t plan on keeping it for too long, just until he can find a fitting replacement that’s not too expensive. Most likely, he’s bound to keep it until the next Black Friday.
Bob just successfully hacked something up to keep his TV from falling apart.
That’s the origin of the word “hacking”. “To hack up” got shortened by attaching a new meaning to the verb, without bothering with the entire phrase, and making it relate only to electronic/digital hacking. So the TV example isn’t hacking, but it is hacking up. It means “to make some temporary fix until a proper one isn’t found”.
Today, hacking has been conflated with exploiting and breaking digital locks, which is not what the original phrase meant.
That’s probably debatable, if they have permission. They probably shouldn’t have been given permission, but that’s a separate issue
Ideally, there should be a visitor card available to be used, with its clearances configured as appropriate for the visitor in question. Having a person hand over their own card (and PIN, if applicable) isn’t a great idea either, but it’s far better than copying that card, with or without permission (probably without, if we’re being honest).
Oh, absolutely. It’s not something which should be encouraged, and against a well designed modern system it probably isn’t possible (there must be some challenge-response type NFC systems on the market).
I’m just saying it isn’t unambiguously “illegitimate”
there must be some challenge-response type NFC systems on the market
There are. Hotels use them for door key cards so they can’t be cloned.
Unfortunately… I was trying to clone a room key to my phone so I could just tap to enter when I stay 10 weeks in the same room.
I usually do it when we take over a customer’s access control system and we have half their doors on the new system and half in the old still and are migrating them over. I’m an electronic security tech, this is what I do for a living.
le·git·i·mate adjective /ləˈjidəmət/
- conforming to the law or to rules.
“Do what thou wilt shall be the whole of the law” - Aleister Crowley
seems legit to me…
If you’re using Crowley to support what’s legitimate, you’re gonna have problems.
that’s the only thing i use from him…
You don’t do sex rituals to summon the antichrist? Lame.
well yeah, but i make my own antichrist summoning rituals
Oh I think I used it to unlock some extra characters in Skylanders at some point too, but I don’t really play those types of games anymore.
I like to hijack the robot vacuum when I go to DnD and ring my parents doorbell when I visit.
I’m fond of skipping Kid Rock songs on the local dive bar’s touchtunes.
I would let all the power go to my head with that one. Not that I go outside, let alone to bars.
Sometimes you gotta do what you gotta do, unless you want to hear Kid Rock butcher Sweet Home Alabama (which itself butchered Werewolves of London, and was only still good because you can hear Van Zandt drop his donuts, goddamn, in the back of the track) for the fourth time tonight.
Didn’t Sweet home Alabama precede Werewolves of London? Also, what does “drop his donuts” mean in this context?
Yes, which is why it’s weird they were able to steal it, gol’dang time travelers. No I wasn’t mistaken, time travelers. No I’m not bias because Warren Zevon rules, I said time travelers.
“Drop his donuts” means his dough circles fell off a table during the studio recording. You can hear him say “my donuts! Goddamn!” in the back of the track, it’s hilarious.
lol I’ll have to listen for that—I thought it might be some new slang you kids were using that I was unaware of
I tried deciphering this sentence with Dungeons’n’Dragons and Do Not Disturb and neither makes sense
The physical IRL location where I show up to play Dungeons n Dragons, and not in game. DM’s got a robot vacuum.
You can get devices that connect to home assistant for that too! (Just a comment, not a suggestion that you are doing anything wrong.)
I do the same with mine. 😜
deleted by creator
To be clear, the flipper is just a Girl Tech IM-me with an NFC chip. If it lets people do a thing, that thing has been possible for decades. Just wait until someone makes a popular device based on a cheap fully featured wideband SDR like the AD9363 or LMS7002. Shit is gonna get fucking wild.
It’s like how people think the Raspberry Pi is the only single board computer.
Lol yeah a very cheap rtlsdr with a chip for transmission can do the same as a flipper. Flipper just makes it easy.
Thought cars were bad, not sure many people have an understanding of how our emergency broadcasts and alerts work. US needs some huge infrastructure updates.
Can you be more specific? It’s not like you’re the first person to think about the nefarious uses of emergency alerts.
I dont want to be too specific, there is a reason, I work with radio infrastructure quite a bit. A lot of these systems hide behind obscurity alone. Not great against national actors that may want to do harm.
Wow yes you’re very smart for knowing that unencrypted radio is unencrypted.
I kinda want to see if this would work on my car since the proximity detection of the keyfob only works about half the time anyway.
Securtiy by dysfunction!
Nobody can get in if even the legitimate owner can’t get in! Security babyyy!
Really? I see these fairly often on local fb marketplace. I was tempted out of curiosity to get one but I dont have a use outside of mucking about.
outside of mucking about.
The best use case of all.
They don’t really have many legitimate, practical uses for most people. They’re ideal for pentesters.
Prentending to be hackerman is a legit usecase IMHO. They do seem like fun, but I personally can’t justify the cost.
I would definitely play with one if I had one
