Zoonop

Flipper Zero 'DarkWeb' Firmware Threatens Millions of Vehicles with Key Fob Vulnerability

Image for Flipper Zero 'DarkWeb' Firmware Threatens Millions of Vehicles with Key Fob Vulnerability

A new "DarkWeb" firmware for the popular Flipper Zero multi-tool device has reportedly emerged, capable of bypassing the rolling code security systems prevalent in most modern vehicles. This development potentially exposes millions of cars to unauthorized access and theft. Demonstrations by the YouTube channel "Talking Sasquach" have showcased the firmware's alarming ability to clone a vehicle's key fob with just a single, brief signal capture.

Rolling code security was designed to prevent replay attacks by generating a unique, synchronized code for each transmission between a key fob and a vehicle. The new Flipper Zero firmware reportedly circumvents this by reverse-engineering the rolling code sequence or leveraging known vulnerabilities, allowing it to emulate all key fob functionalities, including locking, unlocking, and trunk release. This method is significantly simpler than previous complex attacks like "RollJam," which required signal jamming.

Major car brands including Chrysler, Dodge, Fiat, Ford, Hyundai, Jeep, Kia, Mitsubishi, and Subaru are among those potentially affected by this vulnerability. The automotive industry and cybersecurity community have expressed significant concern that the widespread availability of such firmware could lead to a surge in car thefts. Experts highlight the challenge for manufacturers to patch these vulnerabilities, as they are often deeply integrated into vehicle hardware.

However, Pavel Zhovner, one of the creators of Flipper Zero, has countered these claims, stating that the firmware does not represent "new hacks." He asserts that these capabilities exploit KeeLoq protocol vulnerabilities known since 2006 and, crucially, do not enable engine starting, only access. Zhovner's statements reflect an ongoing debate about the responsible use of security research tools and the re-packaging of old exploits.

The emergence of this firmware underscores the critical need for continuous innovation in automotive security and highlights the persistent cat-and-mouse game between security researchers and malicious actors. While the Flipper Zero is intended for ethical security research, the availability of modified firmware on the dark web raises significant questions about its potential misuse. Vehicle owners are advised to remain vigilant and consider additional security measures for their vehicles.