Yes, Hackers Can Use A Flipper Zero To Unlock Cars – Here's How It Works

Handheld gadgets with remote control capabilities are always fun to play with. The Flipper Zero, with a 90s-esque, Tamagotchi-style look, hit the market in 2021 after a successful round of crowdfunding via Kickstarter. This gadget is touted as a portable multi-tool for hardware hackers, enabling users to play with radio protocols, interface with hardware remotely, and access control systems. The developers claim its purpose is to bring together all of the various research and penetration hardware tools one might need into a single tool, helping hobbyists avoid bulky hardware configurations and clunky PCBs.

The Flipper Zero is open source, and as such, it can be purposed for almost anything, and bad actors have employed the gadget for shady activities. With car thefts on the rise, especially in Canada – just last year, Interpol listed the country as one of the worst places for this crime – it raises questions about how thieves can jack hundreds of thousands of cars annually. Stateside, around 2022, stolen vehicle numbers also increased, when a spate of TikTok-propelled thefts, targeting Kia cars, exposed the brand's poor theft protections. The bottom line is that, despite technological advances in security by manufacturers, it seems thieves remain a step ahead. With the Flipper Zero, it is essentially a Swiss Army knife for hackers, where its sub-GHz antenna, NFC reader, and infrared transceiver enable it to snatch wireless signals (like the ones used by key fobs) and then store and clone them.

When used to break into a car, the gadget intercepts and then clones a key fob's radio signature via customized firmware protocols for sale on the darknet, or even for free, as they have been increasingly cracked. The Flipper Zero's user-friendly workflow could make unlocking a car made after 1990 – equipped with remote locking systems – relatively easy, with car brands like Audi, Volkswagen, Hyundai, Kia, Ford, and others being particularly susceptible to breaches. However, it cannot start the car – thieves would still need to bypass mechanical ignitions, while more modern keyless cars have tight encryption and rolling codes that abate key cloning and third-party access.

The hacking device manufacturers have actually gone on record refuting the security threat posed by Flipper Zero. They claim it is only intended for penetration testing and responsibly demonstrating security vulnerabilities, shifting the focus over to car manufacturers to bolster their own security systems. What's more, this is nothing new, as weaknesses have been exploited before with protocols like KeeLoq – a technology from the 80's, used in garage door openers and primitive car alarms – getting hacked over ten years ago. Nowadays, amateur car thieves might opt to use a Flipper Zero, but the company alleges that professional thieves use advanced, purpose-built relay tools to unlock and drive away with your Sorento.

While there are other tools that hackers use in similar ways, from USB Rubber Ducky, ChameleonMini, Raspberry Pi, and even smartphones, the Flipper Zero's accessibility and relative affordability helped the device proliferate. In Canada, where the government alleges a car is stolen off of its city streets every six minutes, on average, they sought to pursue a possible ban of the Flipper Zero in response. But rather than relying on authorities to limit the use of pen-testing devices like this, concerned drivers are better off taking pragmatic measures to protect their cars, while hoping carmakers keep up in the constant battle for security.

Cautious drivers could employ tried-and-true, low-tech solutions like a steering wheel lock to deter thieves, combined with modern approaches like the use of AirTags for tracking. Taking it even a step further, Faraday pouches are available for car owners to safeguard their vehicles. These devices work by blocking radio frequency signals that prospective thieves seek out for key duplication. Carmakers are employing Ultra-Wideband (UWB) tech and Bluetooth Low Energy (BLE) for enhanced automotive security. The former uses precise distance measurements – up to 20 meters – to localize the user, while the latter works similarly through its own protocol, connecting via smartphone or smartwatch. But neither technology is Fort Knox, and each has been breached in the wild. Good insurance, some deterrence, and maybe a little luck might be your best line of defence.