The tech used here is the popular Flipper Zero, an ethical hacker’s swiss army knife, capable of all sorts of things such as WiFi attacks or emulating NFC tags. Now, 404 Media has found an underground trade where much shadier hackers sell extra software and patches for the Flipper Zero to unlock all manner of cars, including models popular in the U.S. The hackers say the tool can be used against Ford, Audi, Volkswagen, Subaru, Hyundai, Kia, and several other brands, including sometimes dozens of specific vehicle models, with no easy fix from car manufacturers.
Manufacturers secure their vehicles against unauthorized repair, not against theft.
Also it’s mostly security through obscurity. It is just difficult enough to dissuade most people, but not actually secure because that costs money.
Blaming the flipper zero for hacking is like blaming lockpicking tools for why masterlock sucks so much.
This article convinced me to buy a flipper (I’ve been debating it for years). It’s a super useful item that is absolutely going to get banned/hamstrung any day now for putting too much power into people’s hands under the guise of “public safety”.
I want it because it’s so easy to use. I’m no hacker, but with a tool as convenient as this I’m sure I can piece some useful hacks together.
https://github.com/Next-Flip/Momentum-Firmware
You’re gonna want this. Removes the locked down parts of the OFW, among other quality of life improvements.
It’s not the firmware in the article but if you want that you’ll have to find that loser’s telegram yourself and pay him for serial locked horse shit.
https://github.com/djsime1/awesome-flipperzero
Also this. Bunch of files to help you get started. Uberguidoz repo (linked there) especially.
It’s cool but not magic. If you’re trying to fuck with something, you need to know what frequency it’s on and what sort of signals do what. There is a bunch of preloaded stuff though, and a wide variety of tools like radio frequencies, nfc, Bluetooth, rfid, and infrared. So far the most useful thing I’ve done is turn the volume down on fox News on tvs in public areas.
Oh one thing I still have to try: some, maybe most handicap buttons for doors are actually radio frequency based and not hard wired, so if you can capture and replay the open signal, you could open a door without hitting the button and look totally jedi.
You can already do that by making the hand motion at an automatic door.
If someone ever calls you on it, just say that you find their lack of faith disturbing.
“ethical hacker’s swiss army knife” I hate it when they always add “ethical”. First of all, when you say ethical you mean law-fearing, they don’t really care about ethics and, secondly, “regular” hackers use it too, so it’s just a hacker’s swiss army knife…
Dude, do you want individual hacking to become illegal? Because people who are not hacking daily are prone to forgetting that some hackers don’t actually act maliciously.
Also, yes, some hackers are ethical and do care. Not you, obviously. But some.
not doing something by fear of the law is not ethical. that said, some of them are ethical, but ethical hacker would mostly include grey hats, which they wouldn’t want because they can’t say illegal hackers use their device.
“ethical hacker” is not defined as “someone who only hacks in fear of law”. That’s my point. Hackers with ethics do lots of shit. Some of them work within the law, some of them work sideways to the law, but your code of ethics and your legal code aren’t quite the same thing, and you assuming they are is surprising.
My ethical gun is safer than your criminal gun.
Tbf, unironically yes. The most dangerous part of a gun is the thing attached to the grip. A real “problem exists between keyboard and chair” situation.
Why is 404media boosting anti-basic electronics fearmongering ?
I see this article more about reporting unfortunate news rather than boosting fear. The news seems to be “Car manufacturers don’t take security seriously and people are exploiting it with a simple tool”.
I’d rather hear about this now than wake up one day to see that my flipper is illegal because some politician watched a tiktok video.
I don’t think it’s merely “reporting unfortunate news” It’s about the flipper zero, not really about car theft per say and shitty, evil car security system where the dealer scams you as much as the thief for a key.
There’s really no reason we can’t use contactless smartcards for this, and that we can’t program them ourselves with open source software.
The flipper zero itself is completely irrelevant about this. It’s just a generic ISM band transceiver … Only of note to the ignorant and technologically incompetent, but the journos have made this the centerpiece of the article.
Cue governments banning working with electronics to stop auto theft and also save the children
If you can hack a car with a flipper zero, then the car manufacturers failed to implement the most basic security protocols. Complain to them, and demand a fix.
Give us fucking keys and BUTTONS. We dont want or need this tech shit they want to shove into everything so they can show cancerous growth to ther shareholders.
Trouble is the move to complete computerization. Back in the day we had physical keys which turned a physical switch to physically connect the power from battery to wake ECU. Now, we have a button that sends a REQUEST to the ECU to turn on or off, and as long as an acceptable transponder is around it will accept the request. If you turn your car off when u hit that stop button it REQUESTS that the ECU shut down assuming conditions are met. I have had a problem 202w wrangler JL turn on fine but refuse to shut off untill you pulled the terminals off the battery. This new age hyper computerized nonsense is why every mechanic hates these new age techno bullshit wanna-be computer appliances on wheels, canbus can be awesome for keeping all modules on the same page but one bad wire and the whole system takes a shit.
202w wrangler
Well, Jeep is not really a name for good innovation. They are stuck with a management that still thinks “mechanics” and sees electronics as a pure profit center, not as a gear in the system that has to be as reliable as the rest of it.
Yea I have not been impressed with the Stellantis products of late lol. If I want to own a complicated headache I’ll just buy a bmw or Audi lol (of which I have had both and both have been more dependable and straight forward than these new Chrysler products…)
TBF most of these are failures and exploits on older devices.
Which are a dime a dozen across the entire industry. Security is rather difficult, especially when considering exploits and bugs.
Ofc many of these ARE the results of cut corners, though many are just a lack of security awareness or old devices with known exploits discovered long after manufacturing.
The lack of security awareness is due to them to scrooge to hire the right professionals for the job. It is 100% the result of cutting corners.
It is true that this device can be used nefariously. But it’s just a computer with a wide variety of very basic and common communication methods along with software to exploit them. There are many other computers like it that are just less popular. And to ban it is to ban said basic communication hardware like radio, WiFi, NFC, etc.
The solution is to mandate companies to provide a minimum level of security. Even giant companies with good reputations have giant security holes, like Apple or your bank, implementing mandatory SMS as 2FA. That shit should be illegal.
Fear of the Flipper Zero is fear of people having direct control of consumer grade radio hardware. “You can’t let people have universal TV remotes, what if they push the buttons?!”
The people who write the laws specifically like that exploit.
Huh?
SMS 2fa. The feds love that shit and would never let a law requiring something better to pass.
Oh, haha, I bet.
Oh, you sound so optimistic, my bank has a mandatory 4 digit code as login with 2fa sms for new devices. I sometimes consider going to shoot the cto there but I don’t own a gun.
You can’t switch banks?
To be clear, the flipper is just a Girl Tech IM-me with an NFC chip. If it lets people do a thing, that thing has been possible for decades. Just wait until someone makes a popular device based on a cheap fully featured wideband SDR like the AD9363 or LMS7002. Shit is gonna get fucking wild.
Girl Tech?
Bro.
Stares in old lady
It’s like how people think the Raspberry Pi is the only single board computer.
Thought cars were bad, not sure many people have an understanding of how our emergency broadcasts and alerts work. US needs some huge infrastructure updates.
Can you be more specific? It’s not like you’re the first person to think about the nefarious uses of emergency alerts.
I dont want to be too specific, there is a reason, I work with radio infrastructure quite a bit. A lot of these systems hide behind obscurity alone. Not great against national actors that may want to do harm.
Wow yes you’re very smart for knowing that unencrypted radio is unencrypted.
I kinda want to see if this would work on my car since the proximity detection of the keyfob only works about half the time anyway.
Securtiy by dysfunction!
Yes let me stalk someone to steal their car temporarily. Honestly this thing is kinda a toy on par with my rooted LG V20 with its IR blaster and USB C port that I can plug anything into or my HP stream with a software defined radio I played around with. These people are kinda making software for the wrong type of devices to be frank with ya and I cannot wait until someone makes some weird app and USB C dongle for an android phone to replace the Flipper Zero with. You don’t even need to have root access for this as apps can just take over the USB port anyway on your phone.
SDR devices with usb support and controlled by android apps is very much already a thing.
Yeah exactly no root access required.
