A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft.
Demonstrations by the YouTube channel “Talking Sasquach” reveal that the firmware, said to be circulating on the dark web, can clone a vehicle’s keyfob with just a single, brief signal capture.
Rolling code security, the industry standard for vehicle keyless entry for decades, was designed to prevent so-called “replay attacks.” The system works by using a synchronized algorithm between the keyfob (transmitter) and the vehicle (receiver).
Each time a button is pressed, a new, unique, and unpredictable code is generated. An old code, once used, is rejected by the vehicle, rendering simple signal recording and re-broadcasting useless.
Previously known attacks on this system, such as “RollJam,” were technically complex and difficult to execute in the real world. RollJam required jamming the vehicle’s receiver to prevent it from getting the first signal from the legitimate keyfob, while simultaneously recording that unused code for later use.
This new exploit, however, is far more dangerous due to its simplicity. According to the demonstrations, an attacker using a Flipper Zero equipped with this custom firmware needs only to be within range to capture a single button press from the target’s keyfob, for instance, as the owner locks or unlocks their car. No jamming is required.
A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft.
Demonstrations by the YouTube channel “Talking Sasquach” reveal that the firmware, said to be circulating on the dark web, can clone a vehicle’s keyfob with just a single, brief signal capture.
Rolling code security, the industry standard for vehicle keyless entry for decades, was designed to prevent so-called “replay attacks.” The system works by using a synchronized algorithm between the keyfob (transmitter) and the vehicle (receiver).
Each time a button is pressed, a new, unique, and unpredictable code is generated. An old code, once used, is rejected by the vehicle, rendering simple signal recording and re-broadcasting useless.
Previously known attacks on this system, such as “RollJam,” were technically complex and difficult to execute in the real world. RollJam required jamming the vehicle’s receiver to prevent it from getting the first signal from the legitimate keyfob, while simultaneously recording that unused code for later use.
This new exploit, however, is far more dangerous due to its simplicity. According to the demonstrations, an attacker using a Flipper Zero equipped with this custom firmware needs only to be within range to capture a single button press from the target’s keyfob, for instance, as the owner locks or unlocks their car. No jamming is required.
Powered by
