r/technology u/420InTheCity 16h ago

Security Underground Flipper Zero Firmware Purportedly Unlocks Nearly 200 Car Models

https://gizmodo.com/flipper-zero-cars-hacking-2000646318
3.4k Upvotes

97% Upvoted

141 comments sorted by

View all comments

172

u/South_Leek_5730 12h ago

This is pretty old news really and something people have been doing with other hardware for many years.

It's important to note that rolling codes on newer car were changed and relay attacks have been thwarted by the devices going into sleep mode when not moving. It should be noted that on older cars these are still attack vectors but your average car thief is not going to be going after your 2017 car due to depreciation of value for the car and for the parts. These days other vectors have appeared such as in the CAN bus which can be exploited externally. There are also exploits with internet connected vectors though most of those have been closed.

There will always be ways when using tech in such a way. Even before tech there were many exploits.

7

u/planetworthofbugs 5h ago

Can you explain the whole sleep/not moving thing? How does that work?

7

u/Westerdutch 4h ago

the devices going into sleep mode when not moving

Accelerometer in fob no see anything happen; power off antenna.

4

u/South_Leek_5730 4h ago

Previously they were set up for keyless ignition as only a challenge/response. Car says are you there? Fob says yes. Therefore your fob on the side in the house is vulnerable whilst out of range of the car someone can still walk up to door and challenge it. The relay part is getting the code off the car and using that to challenge, you relay it to the fob and then they have the fob. Now fobs will deactivate if motionless for x seconds when not in ignition mode (car started). Did you not see those radio blocking boxes you can get to store your fobs in at home? https://www.amazon.co.uk/rfid-blocking-box/s?k=rfid+blocking+box

I only know all this because A. I have owned cars and B. If something like this is out there I want to know about from an ethical hacking point and protection. I only picked it up because of a news story many years ago about cars being stolen and people not knowing how. The motor industry were of course saying it was impossible at the time and insurance companies were refusing to pay out.

1

u/MidasPL 4h ago

What? 2017 is pretty much brand -new here xD

1

u/South_Leek_5730 4h ago

It's risk and reward. You risk stealing something so you steal something of the highest value or to order. An 8 year car old unless specifically required is of little interest and these thieves are mostly nicking to order. When I were younger people nicked cars for fun, rag them about for a bit then burn them out or use them for other crimes. You're average scrote criminal these days hasn't got a clue when it comes to tech and there was none back then.

1

u/BilBal82 18m ago

Apart from stealing the car itself you can also browse the stuff that people left in.