A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft. Demonstrations by the YouTube channel “Talking Sasquach” reveal that the firmware, said to be circulating on the dark web, […] The post Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands appeared first on Cyber Security News.
Why would a firmware be needed? Why couldn’t this just be an application?
Because the flipper doesn’t run applications in the way q smartphone does. If you’re a bit into hardware tinkering: Think of it more like an Arduino than a pi.
I have a flipper. I still don’t understand why this could not be an app.
What feature exists in this firmware that does not exist in the standard flipper firmware?
The new firmware expands the band range of the device.
By default it’s limited to prevent this.
So do unleashed, momentum, etc. Only the OFW locks regions. But momentum and unleashed still struggle with rolling codes (though have more functionality with it than OFW).
Yes.
The flipper tries hard to stay “legal”, respecting all kind of frequency limits - just like you need to use a different firmware for your wifi AP if you want to go beyond legal frequencies for your network.
Without knowing how it works, my best guess is that the micro controller and the radio chip are separate so they are flashing the radio controller and not the main part. I did that with my sonoff 433mhz gateway. I installed Tasmota but the codes it could read were limited. I then flashed the 433mhz radio chip with a different firmware which can read all raw codes on that frequency.
I got a Club for my new car after someone tried to steal the last one. A combination of technical and physical security is best.
To be fair, a Club’s only effective against thieves who’ve not encountered one before. A pair of handheld bolt cutters go right through most steering wheels and leave the latter completely functional afterwards, too. In that instance, the Club’s barely added 20 seconds to the theft.
Oy. Can someone gently explain to me how this won’t grow into something like the Kia stuff?
I don’t think nearly as many people have flipper zeros as you might believe.
Also wasn’t the kia stuff really easy to do and needed like no special tools?
Also wasn’t the kia stuff really easy to do and needed like no special tools?
KIA/Hyundai removed immobilizers from their US models because US regulations didn’t require them so they didn’t do it to save money.
Immobilizers check that the ignition was turned by the car’s key. Without it, anything that turned the ignition would start the car. The ignition also isn’t a keyhole. It’s just a rectangular hole. So any object that fit in that hole could start a KIA/Hyundai
So I was right with it being easy and needing no special tools.
Sharing is caring.
Not yet…
But if a device you can make or buy lets criminals hang out at a parking garage for stadiums, entertainment venues, or airports, and either rummage through vehicles unimpeded or steal cars while their owners are unaware and pretty much guaranteed to be indisposed for a few hours, then it’s a near certain ROI with pretty low risk for them. (I know, cameras - but - hats, masks during winter, etc.)
And just wait until some unscrupulous vendor mass produces single-click solutions that do this - no display - interface simplified to a few button clicks. No fancy software defined radio. Bare-minimum chip. Then the ROI for criminals is really good.We’ve seen an uptick in criminals using the CAN-BUS vulnerability to target specific cars. This is way easier and less obvious.
Yes. All you needed was something to use as a pry bar to remove the steering column cover and a USB connector to turn there ignition, which most people have in their cars anyway. There are videos on how to do it and it can be done by a teenager in seconds with no special tools. This requires a slight investment which means it probably won’t become a fad for troubled teens.
You seem to be operating under the delusion that car theft is the domain of “troubled teens”, gramps. 🤦🏼♂️
Well the kia theft in particular was. It was basically a fad among teens in some places to steal kias and go on joyrides in them. The Wikipedia article describes it as a tik tok fad but really it was more localized to specific cities so I would think peer pressure played a big role. Idk how to describe teens who are out there doing shit like this other than “troubled.” All the videos I saw looked like they were wannabe gangsters or already in gangs but that wasn’t all of them so I didn’t know the best way to describe it.
