Manufacturers secure their vehicles against unauthorized repair, not against theft.
this post was submitted on 21 Aug 2025
394 points (98.0% liked)
Technology
74331 readers
2978 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Blaming the flipper zero for hacking is like blaming lockpicking tools for why masterlock sucks so much.
This article convinced me to buy a flipper (I've been debating it for years). It's a super useful item that is absolutely going to get banned/hamstrung any day now for putting too much power into people's hands under the guise of "public safety".
I want it because it's so easy to use. I'm no hacker, but with a tool as convenient as this I'm sure I can piece some useful hacks together.
https://github.com/Next-Flip/Momentum-Firmware
You're gonna want this. Removes the locked down parts of the OFW, among other quality of life improvements.
It's not the firmware in the article but if you want that you'll have to find that loser's telegram yourself and pay him for serial locked horse shit.
https://github.com/djsime1/awesome-flipperzero
Also this. Bunch of files to help you get started. Uberguidoz repo (linked there) especially.
It's cool but not magic. If you're trying to fuck with something, you need to know what frequency it's on and what sort of signals do what. There is a bunch of preloaded stuff though, and a wide variety of tools like radio frequencies, nfc, Bluetooth, rfid, and infrared. So far the most useful thing I've done is turn the volume down on fox News on tvs in public areas.
Oh one thing I still have to try: some, maybe most handicap buttons for doors are actually radio frequency based and not hard wired, so if you can capture and replay the open signal, you could open a door without hitting the button and look totally jedi.
You can already do that by making the hand motion at an automatic door.
If someone ever calls you on it, just say that you find their lack of faith disturbing.
I did this the last time an article about Flipper Zero’s hacking abilities went viral. I was worried about the same thing. Never came to pass, but now I use it to find microchips in lost animals so it was worth it.
Canada already banned it. Wish I'd got one sooner
Pretty sure that ban was walked back?
It was indeed. My apologies. I guess the article walking back the ban didn't get as much traction as the one banning it.
No apologies needed. Although, ordering one before they reban it again may or may not be something to consider.
Why is 404media boosting anti-basic electronics fearmongering ?
I see this article more about reporting unfortunate news rather than boosting fear. The news seems to be "Car manufacturers don't take security seriously and people are exploiting it with a simple tool".
I'd rather hear about this now than wake up one day to see that my flipper is illegal because some politician watched a tiktok video.
I don't think it's merely "reporting unfortunate news" It's about the flipper zero, not really about car theft per say and shitty, evil car security system where the dealer scams you as much as the thief for a key.
There's really no reason we can't use contactless smartcards for this, and that we can't program them ourselves with open source software.
The flipper zero itself is completely irrelevant about this. It's just a generic ISM band transceiver ... Only of note to the ignorant and technologically incompetent, but the journos have made this the centerpiece of the article.
Cue governments banning working with electronics to stop auto theft and also save the children
If you can hack a car with a flipper zero, then the car manufacturers failed to implement the most basic security protocols. Complain to them, and demand a fix.
Give us fucking keys and BUTTONS. We dont want or need this tech shit they want to shove into everything so they can show cancerous growth to ther shareholders.
Trouble is the move to complete computerization. Back in the day we had physical keys which turned a physical switch to physically connect the power from battery to wake ECU. Now, we have a button that sends a REQUEST to the ECU to turn on or off, and as long as an acceptable transponder is around it will accept the request. If you turn your car off when u hit that stop button it REQUESTS that the ECU shut down assuming conditions are met. I have had a problem 202w wrangler JL turn on fine but refuse to shut off untill you pulled the terminals off the battery. This new age hyper computerized nonsense is why every mechanic hates these new age techno bullshit wanna-be computer appliances on wheels, canbus can be awesome for keeping all modules on the same page but one bad wire and the whole system takes a shit.
202w wrangler
Well, Jeep is not really a name for good innovation. They are stuck with a management that still thinks "mechanics" and sees electronics as a pure profit center, not as a gear in the system that has to be as reliable as the rest of it.
Yea I have not been impressed with the Stellantis products of late lol. If I want to own a complicated headache I'll just buy a bmw or Audi lol (of which I have had both and both have been more dependable and straight forward than these new Chrysler products...)
Fucking real! My car (2016 Toyota Avalon) uses a rolling code for the transponder! It's like one of the most basic things any manufacturer can do to avoid this shit! And it can't be more than a few dozen lines of code (I'm no expert so this may be an exaggeration)?
Of course, this particular attack actually "works" with rolling codes (WILL desync your real keyfob), it requires the attacker to sniff one signal off your key (incl lock) and then they can spoof your key's rollover protocol (and any button, not just the one they sniffed) to reset the rolling code back to 0 and allowing them access. Iirc it's different from a standard replay attack in (definitely) that it can spoof other keys on the fob it hasn't read, and (I think) that while a trad replay attack requires the car not to hear the signal when recording I believe that doesn't matter with this attack.
Unfortunately I haven't been able to test it out since I'm not buying a serial locked flipper firmware from some guy who just got out of prison selling it on telegram.
load more comments
(6 replies)
It is almost like their should be something written down somewhere. Like a guideline or rule or something...
Oh that is right, it is called a regulation requiring basic wireless security for extremely expensive consumer items.
Nope can't do that.
Won't someone think of the multi billion dollar corporations‽
TBF most of these are failures and exploits on older devices.
Which are a dime a dozen across the entire industry. Security is rather difficult, especially when considering exploits and bugs.
Ofc many of these ARE the results of cut corners, though many are just a lack of security awareness or old devices with known exploits discovered long after manufacturing.
load more comments
(2 replies)
The real issue here is that the systems that car manufacturers use for their vehicles are insecure and outdated. The Flipper Zero is just exposing their bad design decisions.
On the bright side, all the car thieves that knew how to open a steering lock have all grown up, so a club lock is probably going to be the best defence outside of a kill switch. Great for road rage, too
load more comments
(1 replies)
It is true that this device can be used nefariously. But it's just a computer with a wide variety of very basic and common communication methods along with software to exploit them. There are many other computers like it that are just less popular. And to ban it is to ban said basic communication hardware like radio, WiFi, NFC, etc.
The solution is to mandate companies to provide a minimum level of security. Even giant companies with good reputations have giant security holes, like Apple or your bank, implementing mandatory SMS as 2FA. That shit should be illegal.
Fear of the Flipper Zero is fear of people having direct control of consumer grade radio hardware. "You can't let people have universal TV remotes, what if they push the buttons?!"
load more comments
(8 replies)
And here I am just using my flipper zero to turn my fan on and off since the remote that came with it sucks.
Using NFC amibo codes for freebies in switch Zelda
load more comments
(31 replies)
view more: next ›