Hackers Can Use The Flipper Zero To Unlock Cars, But The Device Itself Isn't The Problem

Date:2025-08-23 01:25:05 Category:tech Views:1 Comment:0

The Flipper Zero is mired in controversy again. The electronic multitool, with its array of various antennas, has long been demonized for simply existing — the Canadian government has even talked about banning it entirely due to a theorized but then-unproven link to car thefts. Now, an investigation from 404 Media has revealed an underground market of Flipper software designed to break into modern cars, but there's a catch: The Flipper itself still isn't the problem, because the problem lies with the cars and keys themselves.

This new attack method defeats modern cars' use of rolling codes, unique data a keyfob sends on every interaction with the car, and it starts by intercepting a genuine transmission from a keyfob — much like a relay attack. Unlike a relay attack though, where that genuine transmission is artificially range-extended to gain access to a car without the driver in proximity, this new approach uses the real keyfob's information to reverse-engineer the algorithm with which the unique data is calculated. With that algorithm in hand, a device with the proper antenna can act as its own, fully independent key, even going so far as to desynchronize the car's genuine keyfob in favor of the impostor. That impostor can be a Flipper Zero, a Raspberry Pi, and likely plenty more devices.

The Issue Is Bigger Than Flippers

A Flipper Zero in front of a Volvo - Amber DaSilva / Jalopnik

The issue here isn't the existence of a handheld device with a radio antenna, it's the fact that the malicious actors developing the software for those devices have access to automakers' source code. Rolling codes are meant to prevent these types of attacks, by generating new codes on each interaction, but that security disappears when hackers know how the code is generated — simply knowing one code seems to be enough to run the algorithm back and know what the next entry in the sequence will be. At that point, the device transmitting the code is trivial. Flipper Zero, Raspberry Pi, laptop, it truly doesn't matter.

The Flipper Zero, like the Raspberry Pi, has plenty of genuine uses. I personally own one, and it acts as everything from a TV remote to a Tamagotchi for me — I've even had a friend use their Flipper to copy their apartment's key fob to send me, so my device could unlock their door when I visited for a few days. The Flipper has never been the problem with automotive security, the problem is that automakers' security code has either leaked to or been reverse-engineered by malicious actors.

Want more like this? Join the Jalopnik newsletter to get the latest auto news sent straight to your inbox...

Read the original article on Jalopnik.

Previous:Spirit Airlines Flew A Plane Over Hurricane Erin, Promises It Was Fine

Next article:Amtrak debuts NextGen Acela trains Aug. 28 with stops in NYC, Boston and Washington, D.C.