Hackers Are Using A $169 Gadget To Break Into Cars
The Flipper Zero has been a favorite tool for security researchers and hackers since the device made its debut back in 2021. Videos quickly popped up online showing the mischief that was possible, such as changing electronic signage, kicking people off of WiFi networks, etc. An investigation by 404 Media, however, shows there are hackers at work developing far more nefarious utilities for the device, which are now being used to break into and steal cars.
The same hacker behind the “Unleashed” firmware, which enables the device to perform a more varied set of USB and RFID attacks, is now selling software patches that lets a user break into cars. It works by having the Flipper Zero intercept a code from a vehicle’s keyfob and it then calculates what the next code will be. The developer says it creates a “shadow copy of the original key.”
This process of creating these shadow copies is necessary to circumvent the protections put in place by car manufacturers. Car companies use a rolling code system with most key fobs, in which the codes exchanged between a vehicle and its keyfob are constantly changing to prevent such attacks from occurring.

Images by Flipper Zero.
Rolling codes aren't as effective as the manufacturers might’ve hoped, though. It’s currently possible to attack over 200 vehicles, affecting brands such as Ford, Kia, Subaru, Mitsubishi, Volkswagen, Audi and several others. The only car manufacturer not currently affected is Honda, although according to the software’s documentation it’s “under development.”
For now, the proliferation of this software has been limited because of the cost, which ranges from $600 to $1000 depending on what kind of long term support a buyer might want. However, there are active efforts underway to crack the software. If this were to happen then it would likely mean an increase in the number of car thefts and break-ins.
Car manufacturers have their work cut out for them to try and nip this in the bud before this software is more widely available. Hopefully it’s something that can be addressed with an update.