Your Car Could Be at Risk – New Flipper Zero Craze Sees Car Thieves Use Cheap Hacking Device
A new wave of car thefts has been reported in recent weeks, with hackers using a cheap hacking device called the Flipper Zero to remotely unlock modern vehicles. The device, which costs just $199 in the US (around £150 / AU$310), has been used by underground hackers to develop software patches that can be loaded onto it to unlock all manner of cars, including those from major brands like Ford, Audi, Volkswagen, Kia, and many more.
The Flipper Zero is marketed as a "multi-tool device for geeks" and can be programmed to "explore any kind of access control system, RFID, radio protocols and debug hardware using GPIO (general-purpose input/output) pins," according to the company's website. However, hackers have found ways to exploit its limited functionality to intercept and clone a vehicle's key fob's radio signal, allowing them to unlock the vehicle without the owner's knowledge or consent.
According to an in-depth report by 404 Media, underground hackers have developed firmware that can be purchased for a fee of between $600 and $1000, uploaded to the device and then used to unlock a variety of vehicles. The patches are currently limited to merely opening the vehicle, which presents its own risks, but individuals quoted in the report warn that it won't be long before they can be developed to override any sort of security system to start and drive the modern cars away.
This is not the first time the Flipper Zero has hit the headlines. In recent months, there have been reports of pranksters remotely opening Tesla charge ports with their devices and even hacking into traffic lights to change them from red to green. However, these instances are a worrying sign that the device is being used for nefarious purposes.
Relay attacks on modern vehicles have plagued Jaguar Land Rover in the past, with older Range Rovers particularly vulnerable to the attacks, forcing owner's insurance premiums through the roof. In the US, local police forces have warned Kia and Hyundai owners to install kill switches or resort to steering locks after a 2022 Tik-Tok video revealed just how easy it is to steal a number of the brand's vehicles.
Groups like The Kia Boys emerged online, filming themselves stealing cars for internet views. A host of copycats have since followed suit and continue to cause problems. Today's automakers have been busy instating security patches to try and improve customer confidence, but it seems it is very difficult to stay ahead of the hackers.
Currently, the Flipper Zero patches have only been sold to a small number of users, but 404 Media warns that this could become a more widespread problem should they become open source or free to download. As security experts remind us, the real issue lies in how some car manufacturers continue to ship systems with outdated security models.
What's Next?
The situation with the Flipper Zero is a clear example of how vulnerable modern vehicles are to hacking and theft. With the rise of technology and connectivity in cars, it's becoming increasingly important for automakers to prioritize security over convenience. As we move forward, it will be interesting to see how this situation unfolds and what steps can be taken to prevent similar incidents in the future.
A Word from Flipper Devices
Flipper Devices got in touch with us to note that they published this blog post on the issue. They also gave us a statement saying:
"We are not aware of any officially confirmed cases of theft using a Flipper Zero. The device has limited functionality and can't be used as a repeater to attack keyless entry systems. It doesn’t have the hardware to suppress radio signals, which would be necessary to crack systems that properly utilize rolling codes.
"Flipper Zero is primarily a multipurpose tool intended for security researchers to test and demonstrate vulnerabilities responsibly. Malicious actors typically rely on different devices and methods, many of which are openly sold online.
"Ultimately, the real issue lies in how some car manufacturers continue to ship systems with outdated security models. Until companies take security more seriously and roll out regular updates, these vulnerabilities will persist regardless of the tool used."