Hackers have a new way to break into – or even steal – your car, and all it takes is the push of a button. Malicious actors are circumventing modern security protections in automotive key fobs, researchers warn, putting millions of vehicles at risk.
The hack works by intercepting and cloning a key fob’s radio signal, using custom firmware built for the Flipper Zero, a handheld device designed for analyzing and testing wireless communication protocols.
It bypasses a security mechanism known as rolling codes, designed to prevent thieves from reusing captured key fob signals to unlock a car. Each time the key fob is pressed, an internal algorithm generates a new, one-time-use code, leading the vehicle to unlock only if the code is confirmed to be valid.
But the new hack sidesteps these protections by exploiting the rolling code algorithm to calculate valid key fob commands based on a single intercepted signal.
“I can sit in a parking lot and wait for someone to lock their car, and immediately I get all their fob buttons,” Jeremy Yablan, a hacker known online as RocketGod, told Straight Arrow News. “Other attacks are tricks. This one just captures a single keypress and decodes all buttons and rolling codes in an instant. You open your trunk – the bad guy has your entire fob.”
Yablan described the attack as “ridiculously fast and easy.”
Many vehicles vulnerable
SAN obtained a copy of the firmware and tested the attack in a controlled setting with the permission of vehicle owners. In one case, capturing a single unlock signal allowed the Flipper Zero to repeatedly lock, unlock and open the trunk of the target car.
The hack also disabled the original key fob until it was manually reset.
Vehicles vulnerable to the attack include numerous models manufactured by Chrysler, Dodge, Fiat, Ford, Hyundai, Jeep, Kia, Mitsubishi and Subaru, according to an infographic provided with the firmware. The infographic says updates to attack other car makers, such as Honda, are “in development.” It also mentions high-end car companies such as Alfa Romeo, Ferrari and Maserati.
Numerous car companies listed as susceptible to attack did not respond to SAN’s requests for comment. James Bell, the head of corporate communications at Kia America, said his company “is not aware of this situation and therefore have no comment to offer.”
The team behind the Flipper Zero device, which does not endorse the custom firmware, did not respond to requests for comment.
Created by Russian hacker
The hack appears to be based on a 2022 attack known as “RollBack,” developed by researchers at CrySys Lab in Hungary. The researchers demonstrated how rolling code protections could be broken by capturing valid signals and replaying them in a specific order to bypass a vehicle’s code synchronization system.
The firmware for the Flipper Zero apparently was created by a Russian hacker. Advertisements for the firmware, which includes a serial lock designed to keep it from being distributed to additional users, show it being listed online for as much as $1,000.
The firmware obtained by SAN was a version that had its serial lock disabled by security researchers. The firmware’s creator told SAN that a newer version has since been developed. He shared an updated infographic that lists Suzuki as another vulnerable make.
SAN is not naming the hacker to avoid facilitating the sale of his firmware to potential thieves.
The freelance security researcher and YouTuber known as Talking Sasquach, who regularly covers the Flipper Zero, said the firmware’s creator is marketing the tool specifically to criminals.
‘Only a matter of time’
Protections against the attack are limited.
“There’s really not much people can do to protect themselves against this attack short of just not using your key fob and only using the keys,” Talking Sasquach said.
Given that many modern vehicles do not use traditional keys and rely entirely on key fobs, such workarounds are not viable for all drivers.
“Car companies could issue an update,” Talking Sasquach said, “but they’d have to pull in all of the vehicles and change their software and the key fob’s software, which would probably not be feasible, and a huge cost to manufacturers.”
Despite attempts by the firmware’s creator to limit its distribution, Yablan and other hackers have already managed to remove the built-in licensing restrictions.
The hack is likely to become more commonly used, security researcher Ryan Montgomery, founder of Pentester.com, told SAN.
“It’s only a matter of time,” he said, “before it gets leaked to the masses.”
Click this link for the original source of this article.
Author: Alan Judd
This content is courtesy of, and owned and copyrighted by, https://straightarrownews.com and its author. This content is made available by use of the public RSS feed offered by the host site and is used for educational purposes only. If you are the author or represent the host site and would like this content removed now and in the future, please contact USSANews.com using the email address in the Contact page found in the website menu.
