FlipperZero has been described as a “digital Swiss knife.” Thieves are increasingly targeting keyless cars by exploiting entry system vulnerabilities.
“My car was stolen from my driveway last night,” wrote tech journalist Eleanor Dallaway in an X post on February 6th.
“I still have both keys (they were stored safely a long way from the car), no smashed glass. The alarm didn’t go off (we were sleeping with the window open above & heard nothing),” adds Dallaway.
Rik Ferguson, a cybersecurity researcher and a Special Advisor to Europol’s cybercrime unit, responded to Dallaway’s tweet, saying he suspects that FlipperZero could have been used to steal her Mercedes.
FlipperZero, a small device that started out as a Kickstarter project, can read, record, and manipulate over-the-air signals such as radio frequency (RF), near-field communication (NFC), infrared, and radio-frequency identification (RFID).
The device has been successfully used to read and clone the card’s NFC, entrance cards, ACs, TV controls, or gates. FlipperZero can also read and record signals from car key fobs.
However, the cars have an extra level of security feature called “rolling codes” that changes code after each use to prevent a simple form of replay attack. Unlocking a car using FlipperZero would require the exploitation of additional vulnerabilities.
Keyless cars targeted by thieves
With luxurious cars going keyless, so-called relay thefts are on the rise. Thieves are exploiting vulnerabilities in keyless entry systems to gain unauthorized access to vehicles.
Keyless car systems operate using a fob that the car communicates with to lock and unlock, rather than a physical key. Thieves no longer need to steal a key or break into a property – instead, they simply need to intercept the signal from the fob.
There is a wide range of electronic devices, key cloning devices, and other tools that can be easily obtained on the internet to target the vehicle and steal it within minutes.
Steal a car challenge
Last year, Hyundai and KIA released software updates for millions of car owners in an effort to combat a viral TikTok challenge linked to a rash of stolen cars, fender benders, and more than a dozen fatalities in the US.
The “KIA challenge,” initiated in Milwaukee, Wisconsin, by a teenage gang known as the “KIA Boyz,” gained attention in 2021. These young thieves started sharing instructional videos demonstrating how to bypass vehicle security systems and hotwire cars using only a screwdriver and a USB cable.
This exploit impacted all cars manufactured by Hyundai and KIA between 2015 and 2019, which lacked push-button ignitions and immobilizing anti-theft mechanisms, amounting to a total of 8.3 million vehicles.
