Zoonop

Flipper Zero 'DarkWeb' Firmware Reportedly Bypasses Rolling Code Security on Major Vehicles

Image for Flipper Zero 'DarkWeb' Firmware Reportedly Bypasses Rolling Code Security on Major Vehicles

Security researchers and online demonstrations indicate that a new "DarkWeb" firmware for the popular Flipper Zero multi-tool device is capable of circumventing the rolling code security systems used in a wide range of modern vehicles. This development poses a significant new threat to automotive cybersecurity, potentially putting millions of cars at risk of theft. The exploit reportedly requires only a single, brief signal capture from a vehicle's key fob.

The Flipper Zero, a compact device designed for radio frequency experimentation and security research, has gained notoriety for its versatility. However, this custom firmware, showcased by the YouTube channel "Talking Sasquach," transforms it into a potent tool for bypassing what was once considered a robust defense mechanism against car theft. Unlike older methods like "RollJam," which required jamming the signal, this new exploit simplifies the attack considerably.

Experts suggest two primary theories for how the firmware achieves this bypass. One theory posits that it reverse-engineers the rolling code sequence, possibly leveraging previously leaked manufacturer algorithms or extensive brute-force attacks on known code lists. Another theory points to the firmware's potential reliance on the academic "RollBack" attack, which manipulates captured rolling codes to force a synchronization system rollback.

Affected vehicle brands reportedly include Chrysler, Dodge, Fiat, Ford, Hyundai, Jeep, Kia, Mitsubishi, and Subaru. The simplicity of the attack, requiring only a single button-press capture from a key fob, makes it particularly alarming. This allows the Flipper Zero, equipped with the custom firmware, to emulate all key fob functions, including locking, unlocking, and trunk release.

The implications for vehicle manufacturers are substantial, as a widespread fix for this vulnerability is not straightforward. Rolling code systems are often deeply integrated into a vehicle's hardware, meaning a simple over-the-air software update may not suffice. Industry observers note that a comprehensive solution could necessitate costly and time-consuming recalls to redesign and replace affected components, leaving many vehicles vulnerable for an extended period.