Manufacturers secure their vehicles against unauthorized repair, not against theft.
this post was submitted on 21 Aug 2025
397 points (97.8% liked)
Technology
74361 readers
2740 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Also it's mostly security through obscurity. It is just difficult enough to dissuade most people, but not actually secure because that costs money.
Blaming the flipper zero for hacking is like blaming lockpicking tools for why masterlock sucks so much.
This article convinced me to buy a flipper (I've been debating it for years). It's a super useful item that is absolutely going to get banned/hamstrung any day now for putting too much power into people's hands under the guise of "public safety".
I want it because it's so easy to use. I'm no hacker, but with a tool as convenient as this I'm sure I can piece some useful hacks together.
https://github.com/Next-Flip/Momentum-Firmware
You're gonna want this. Removes the locked down parts of the OFW, among other quality of life improvements.
It's not the firmware in the article but if you want that you'll have to find that loser's telegram yourself and pay him for serial locked horse shit.
https://github.com/djsime1/awesome-flipperzero
Also this. Bunch of files to help you get started. Uberguidoz repo (linked there) especially.
It's cool but not magic. If you're trying to fuck with something, you need to know what frequency it's on and what sort of signals do what. There is a bunch of preloaded stuff though, and a wide variety of tools like radio frequencies, nfc, Bluetooth, rfid, and infrared. So far the most useful thing I've done is turn the volume down on fox News on tvs in public areas.
Oh one thing I still have to try: some, maybe most handicap buttons for doors are actually radio frequency based and not hard wired, so if you can capture and replay the open signal, you could open a door without hitting the button and look totally jedi.
You can already do that by making the hand motion at an automatic door.
If someone ever calls you on it, just say that you find their lack of faith disturbing.
I did this the last time an article about Flipper Zero’s hacking abilities went viral. I was worried about the same thing. Never came to pass, but now I use it to find microchips in lost animals so it was worth it.
Canada already banned it. Wish I'd got one sooner
Pretty sure that ban was walked back?
It was indeed. My apologies. I guess the article walking back the ban didn't get as much traction as the one banning it.
No apologies needed. Although, ordering one before they reban it again may or may not be something to consider.
Cue governments banning working with electronics to stop auto theft and also save the children
Why is 404media boosting anti-basic electronics fearmongering ?
I see this article more about reporting unfortunate news rather than boosting fear. The news seems to be "Car manufacturers don't take security seriously and people are exploiting it with a simple tool".
I'd rather hear about this now than wake up one day to see that my flipper is illegal because some politician watched a tiktok video.
load more comments
(1 replies)
If you can hack a car with a flipper zero, then the car manufacturers failed to implement the most basic security protocols. Complain to them, and demand a fix.
Give us fucking keys and BUTTONS. We dont want or need this tech shit they want to shove into everything so they can show cancerous growth to ther shareholders.
Trouble is the move to complete computerization. Back in the day we had physical keys which turned a physical switch to physically connect the power from battery to wake ECU. Now, we have a button that sends a REQUEST to the ECU to turn on or off, and as long as an acceptable transponder is around it will accept the request. If you turn your car off when u hit that stop button it REQUESTS that the ECU shut down assuming conditions are met. I have had a problem 202w wrangler JL turn on fine but refuse to shut off untill you pulled the terminals off the battery. This new age hyper computerized nonsense is why every mechanic hates these new age techno bullshit wanna-be computer appliances on wheels, canbus can be awesome for keeping all modules on the same page but one bad wire and the whole system takes a shit.
202w wrangler
Well, Jeep is not really a name for good innovation. They are stuck with a management that still thinks "mechanics" and sees electronics as a pure profit center, not as a gear in the system that has to be as reliable as the rest of it.
Yea I have not been impressed with the Stellantis products of late lol. If I want to own a complicated headache I'll just buy a bmw or Audi lol (of which I have had both and both have been more dependable and straight forward than these new Chrysler products...)
Fucking real! My car (2016 Toyota Avalon) uses a rolling code for the transponder! It's like one of the most basic things any manufacturer can do to avoid this shit! And it can't be more than a few dozen lines of code (I'm no expert so this may be an exaggeration)?
Of course, this particular attack actually "works" with rolling codes (WILL desync your real keyfob), it requires the attacker to sniff one signal off your key (incl lock) and then they can spoof your key's rollover protocol (and any button, not just the one they sniffed) to reset the rolling code back to 0 and allowing them access. Iirc it's different from a standard replay attack in (definitely) that it can spoof other keys on the fob it hasn't read, and (I think) that while a trad replay attack requires the car not to hear the signal when recording I believe that doesn't matter with this attack.
Unfortunately I haven't been able to test it out since I'm not buying a serial locked flipper firmware from some guy who just got out of prison selling it on telegram.
load more comments
(6 replies)
It is almost like their should be something written down somewhere. Like a guideline or rule or something...
Oh that is right, it is called a regulation requiring basic wireless security for extremely expensive consumer items.
Nope can't do that.
Won't someone think of the multi billion dollar corporations‽
load more comments
(3 replies)
The real issue here is that the systems that car manufacturers use for their vehicles are insecure and outdated. The Flipper Zero is just exposing their bad design decisions.
"We're seeing an increase in new care purchases" "What changed?" "We made them super easy to steal"
load more comments
(1 replies)
It is true that this device can be used nefariously. But it's just a computer with a wide variety of very basic and common communication methods along with software to exploit them. There are many other computers like it that are just less popular. And to ban it is to ban said basic communication hardware like radio, WiFi, NFC, etc.
The solution is to mandate companies to provide a minimum level of security. Even giant companies with good reputations have giant security holes, like Apple or your bank, implementing mandatory SMS as 2FA. That shit should be illegal.
Fear of the Flipper Zero is fear of people having direct control of consumer grade radio hardware. "You can't let people have universal TV remotes, what if they push the buttons?!"
load more comments
(8 replies)
And here I am just using my flipper zero to turn my fan on and off since the remote that came with it sucks.
Same. This whole time I could be driving a new car each day. What a waste.
Just go to a car park, close your eyes, spin around 3 times and hit the flipper zero.
It's like a lucky dip!
Using NFC amibo codes for freebies in switch Zelda
I use it at work to clone a customer's proximity card when I work in their building so they don't have to leave me theirs to get around. The one legitimate use I found.
I guess being able to trigger the customer service announcement without having to find a button in a store is nice.
That's ... not a legitimate use.
That's probably debatable, if they have permission. They probably shouldn't have been given permission, but that's a separate issue
load more comments
(5 replies)
load more comments
(6 replies)
load more comments
(1 replies)
load more comments
(14 replies)
To be clear, the flipper is just a Girl Tech IM-me with an NFC chip. If it lets people do a thing, that thing has been possible for decades. Just wait until someone makes a popular device based on a cheap fully featured wideband SDR like the AD9363 or LMS7002. Shit is gonna get fucking wild.
Girl Tech?
Bro.
Stares in old lady
load more comments
(2 replies)
Weren't Kia Boys stealing cars with literally just a USB cable since it physically fit to turn the ignition behind the key cylinder?
That doesn't require buying a special device, it was mostly crimes of convenience. I doubt the Flipper Zero will ever get that widespread.
You'd be surprised what people will pay for a striker hellcat. Yea it's never gonna be as common, but it will happen. It is easier to steal a hellcat with a flipper zero than to pull apart a column to get behind the ignition and turn it without the key, if anything hacking into cars is quicker and easier than defeating a physical key! My SO push button 15 Jetta could easily be stolen with a flipper, but my 87 YJ with a physical key requires an understanding of the wiring system and the time to tear down the column to be stolen. Any dunce capable of buying a flipper loaded with appropriate software can easily steal any new push button car.
view more: next ›