- A $199 hacking device is reportedly being used to steal cars
- Specially-developed patches allow thieves to exploit security vulnerabilities
- Widespread attacks have affected Kia and Hyundai models in the past
A diminutive orange-and-white device, which costs just $199 in the US (around £150 / AU$310), is reportedly being used to remotely unlock modern vehicles.
An in-depth report by 404 Media found that underground hackers have developed and are now selling software patches that can be loaded onto the device to unlock all manner of cars, including those from major brands like Ford, Audi Volkswagen, Kia and many more.
The Flipper Zero is marketed as a "multi-tool device for geeks" and can be programmed to "explore any kind of access control system, RFID, radio protocols and debug hardware using GPIO (general-purpose input/output) pins", according to the company’s website. It's previously been used for everything from flipping TV channels in public places to confusing iPhones.
Much like the widely-reported 'Kia Boys' – a band of teenage hackers that gained notoriety for stealing Kias using just USB cables – the Flipper hack works by intercepting and cloning a vehicle’s key fob’s radio signal.
According to 404 Media, underground hackers have developed firmware that can be purchased for a fee of between $600 and $1000, uploaded to the device and then used to unlock a variety of vehicles.
The patches are currently limited to merely opening the vehicle, which presents its own risks, but individuals quoted in the report warn that it won’t be long before they can be developed to override any sort of security system to start and drive the modern cars away.
This Flipper is not so fabulous
This isn’t the first time the Flipper Zero has hit the headlines, as there is an entire Reddit thread dedicated to pranksters remotely opening Tesla charge ports with their devices.
The Drive also reported on a YouTuber that managed to hack his Flipper to change traffic lights from red to green. Overall, they are very good at highlighting security vulnerabilities in many modern systems, but are so often used for nefarious means.
A worrying example is exploiting a flaw in today’s vehicles that increasingly eschew the relatively reliable key-and-lock for fancy remote fobs.
Relay attacks have plagued the likes of Jaguar Land Rover in the past, with older Range Rovers particularly vulnerable to the attacks, forcing owner’s insurance premiums through the roof.
In the US, local police forces have warned Kia and Hyundai owners to install kill switches or resort to steering locks after a 2022 Tik-Tok video revealed just how easy it is to steal a number of the brand’s vehicles.
As a result, groups like The Kia Boys emerged online, filming themselves stealing cars for internet views. A host of copycats have since followed suit and continue to cause problems.
Today’s automakers have been busy instating security patches to try and improve customer confidence, but it seems it is very difficult to stay ahead of the hackers.
Currently, the Flipper Zero patches have only been sold to a small number of users, but 404 Media warns that this could become a more widespread problem should they become open source or free to download.
You might also like
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.