The real issue here is that the systems that car manufacturers use for their vehicles are insecure and outdated. The Flipper Zero is just exposing their bad design decisions.
"We're seeing an increase in new care purchases" "What changed?" "We made them super easy to steal"
On the bright side, all the car thieves that knew how to open a steering lock have all grown up, so a club lock is probably going to be the best defence outside of a kill switch. Great for road rage, too
If you can hack a car with a flipper zero, then the car manufacturers failed to implement the most basic security protocols. Complain to them, and demand a fix.
Fucking real! My car (2016 Toyota Avalon) uses a rolling code for the transponder! It's like one of the most basic things any manufacturer can do to avoid this shit! And it can't be more than a few dozen lines of code (I'm no expert so this may be an exaggeration)?
It is almost like their should be something written down somewhere. Like a guideline or rule or something...
Oh that is right, it is called a regulation requiring basic wireless security for extremely expensive consumer items.
Nope can't do that.
Won't someone think of the multi billion dollar corporations‽
Of course, this particular attack actually "works" with rolling codes (WILL desync your real keyfob), it requires the attacker to sniff one signal off your key (incl lock) and then they can spoof your key's rollover protocol (and any button, not just the one they sniffed) to reset the rolling code back to 0 and allowing them access. Iirc it's different from a standard replay attack in (definitely) that it can spoof other keys on the fob it hasn't read, and (I think) that while a trad replay attack requires the car not to hear the signal when recording I believe that doesn't matter with this attack.
Unfortunately I haven't been able to test it out since I'm not buying a serial locked flipper firmware from some guy who just got out of prison selling it on telegram.
Trouble is the move to complete computerization. Back in the day we had physical keys which turned a physical switch to physically connect the power from battery to wake ECU. Now, we have a button that sends a REQUEST to the ECU to turn on or off, and as long as an acceptable transponder is around it will accept the request. If you turn your car off when u hit that stop button it REQUESTS that the ECU shut down assuming conditions are met. I have had a problem 202w wrangler JL turn on fine but refuse to shut off untill you pulled the terminals off the battery. This new age hyper computerized nonsense is why every mechanic hates these new age techno bullshit wanna-be computer appliances on wheels, canbus can be awesome for keeping all modules on the same page but one bad wire and the whole system takes a shit.
202w wrangler
Well, Jeep is not really a name for good innovation. They are stuck with a management that still thinks "mechanics" and sees electronics as a pure profit center, not as a gear in the system that has to be as reliable as the rest of it.
TBF most of these are failures and exploits on older devices.
Which are a dime a dozen across the entire industry. Security is rather difficult, especially when considering exploits and bugs.
Ofc many of these ARE the results of cut corners, though many are just a lack of security awareness or old devices with known exploits discovered long after manufacturing.
Give us fucking keys and BUTTONS. We dont want or need this tech shit they want to shove into everything so they can show cancerous growth to ther shareholders.
And here I am just using my flipper zero to turn my fan on and off since the remote that came with it sucks.
Same. This whole time I could be driving a new car each day. What a waste.
Using NFC amibo codes for freebies in switch Zelda
I like to hijack the robot vacuum when I go to DnD and ring my parents doorbell when I visit.
I'm fond of skipping Kid Rock songs on the local dive bar's touchtunes.
I would let all the power go to my head with that one. Not that I go outside, let alone to bars.
Sometimes you gotta do what you gotta do, unless you want to hear Kid Rock butcher Sweet Home Alabama (which itself butchered Werewolves of London, and was only still good because you can hear Van Zandt drop his donuts, goddamn, in the back of the track) for the fourth time tonight.
It is true that this device can be used nefariously. But it's just a computer with a wide variety of very basic and common communication methods along with software to exploit them. There are many other computers like it that are just less popular. And to ban it is to ban said basic communication hardware like radio, WiFi, NFC, etc.
The solution is to mandate companies to provide a minimum level of security. Even giant companies with good reputations have giant security holes, like Apple or your bank, implementing mandatory SMS as 2FA. That shit should be illegal.
Fear of the Flipper Zero is fear of people having direct control of consumer grade radio hardware. "You can't let people have universal TV remotes, what if they push the buttons?!"
The people who write the laws specifically like that exploit.
Oh, you sound so optimistic, my bank has a mandatory 4 digit code as login with 2fa sms for new devices. I sometimes consider going to shoot the cto there but I don't own a gun.
To be clear, the flipper is just a Girl Tech IM-me with an NFC chip. If it lets people do a thing, that thing has been possible for decades. Just wait until someone makes a popular device based on a cheap fully featured wideband SDR like the AD9363 or LMS7002. Shit is gonna get fucking wild.
It’s like how people think the Raspberry Pi is the only single board computer.
Lol yeah a very cheap rtlsdr with a chip for transmission can do the same as a flipper. Flipper just makes it easy.
Cue governments banning working with electronics to stop auto theft and also save the children
Manufacturers secure their vehicles against unauthorized repair, not against theft.
This article convinced me to buy a flipper (I've been debating it for years). It's a super useful item that is absolutely going to get banned/hamstrung any day now for putting too much power into people's hands under the guise of "public safety".
I want it because it's so easy to use. I'm no hacker, but with a tool as convenient as this I'm sure I can piece some useful hacks together.
I did this the last time an article about Flipper Zero’s hacking abilities went viral. I was worried about the same thing. Never came to pass, but now I use it to find microchips in lost animals so it was worth it.
https://github.com/Next-Flip/Momentum-Firmware
You're gonna want this. Removes the locked down parts of the OFW, among other quality of life improvements.
It's not the firmware in the article but if you want that you'll have to find that loser's telegram yourself and pay him for serial locked horse shit.
https://github.com/djsime1/awesome-flipperzero
Also this. Bunch of files to help you get started. Uberguidoz repo (linked there) especially.
It's cool but not magic. If you're trying to fuck with something, you need to know what frequency it's on and what sort of signals do what. There is a bunch of preloaded stuff though, and a wide variety of tools like radio frequencies, nfc, Bluetooth, rfid, and infrared. So far the most useful thing I've done is turn the volume down on fox News on tvs in public areas.
Oh one thing I still have to try: some, maybe most handicap buttons for doors are actually radio frequency based and not hard wired, so if you can capture and replay the open signal, you could open a door without hitting the button and look totally jedi.
Canada already banned it. Wish I'd got one sooner
Pretty sure that ban was walked back?
It was indeed. My apologies. I guess the article walking back the ban didn't get as much traction as the one banning it.
Blaming the flipper zero for hacking is like blaming lockpicking tools for why masterlock sucks so much.
Why is 404media boosting anti-basic electronics fearmongering ?
I see this article more about reporting unfortunate news rather than boosting fear. The news seems to be "Car manufacturers don't take security seriously and people are exploiting it with a simple tool".
I'd rather hear about this now than wake up one day to see that my flipper is illegal because some politician watched a tiktok video.
Weren't Kia Boys stealing cars with literally just a USB cable since it physically fit to turn the ignition behind the key cylinder?
That doesn't require buying a special device, it was mostly crimes of convenience. I doubt the Flipper Zero will ever get that widespread.
You'd be surprised what people will pay for a striker hellcat. Yea it's never gonna be as common, but it will happen. It is easier to steal a hellcat with a flipper zero than to pull apart a column to get behind the ignition and turn it without the key, if anything hacking into cars is quicker and easier than defeating a physical key! My SO push button 15 Jetta could easily be stolen with a flipper, but my 87 YJ with a physical key requires an understanding of the wiring system and the time to tear down the column to be stolen. Any dunce capable of buying a flipper loaded with appropriate software can easily steal any new push button car.
Really? I see these fairly often on local fb marketplace. I was tempted out of curiosity to get one but I dont have a use outside of mucking about.
outside of mucking about.
The best use case of all.
They don't really have many legitimate, practical uses for most people. They're ideal for pentesters.
Thought cars were bad, not sure many people have an understanding of how our emergency broadcasts and alerts work. US needs some huge infrastructure updates.
I kinda want to see if this would work on my car since the proximity detection of the keyfob only works about half the time anyway.
This is a most excellent place for technology news and articles.
