Zoonop

Flipper Zero 'DarkWeb' Firmware Threatens Millions of Vehicles with Rolling Code Bypass

Image for Flipper Zero 'DarkWeb' Firmware Threatens Millions of Vehicles with Rolling Code Bypass

A new custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, posing a significant risk of theft and unauthorized access. The development gained traction after public figures like Wesley Yang shared links to reports on the matter, highlighting the escalating threat. This firmware, said to be circulating on the dark web, can clone a vehicle's key fob with just a single, brief signal capture.

Demonstrations by the YouTube channel "Talking Sasquach" reveal the alarming capabilities of this illicit firmware. Unlike previous methods such as "RollJam," which required jamming the vehicle's receiver, this new exploit simplifies the process, needing only one intercepted button press from a key fob. This single capture allows the Flipper Zero to emulate all key fob functions, including locking, unlocking, and trunk release, and can even desynchronize the original key.

Rolling code security has long been the industry standard for keyless entry, designed to prevent "replay attacks" by generating a new, unique code with each transmission. However, this "DarkWeb" firmware appears to circumvent this protection by either reverse-engineering the rolling code sequence or exploiting known vulnerabilities, potentially through sequence leaks or brute-force attacks. Affected vehicle brands reportedly include Chrysler, Dodge, Fiat, Ford, Hyundai, Jeep, Kia, Mitsubishi, and Subaru.

Experts warn that addressing this vulnerability could necessitate mass vehicle recalls or hardware replacements, incurring billions in costs for manufacturers and significant inconvenience for owners. Andrew Longhurst, a cybersecurity educator, expressed concern, stating, "This genuinely scares me — and I own a Flipper Zero." He emphasized that a true fix would require redesigning and replacing affected components, a massive and expensive undertaking. The Flipper Zero, originally intended for security research, has become a potent tool in the wrong hands, underscoring the urgent need for manufacturers to harden future systems and for owners to adopt preventative measures.