Millions of cars at risk from Flipper Zero key fob hack, experts warn

Jul 24, 2025 at 07:00 AM CDT

Mikael Thalen (Tech Reporter), Simone Del Rosario (Business Correspondent)

Hackers are using a custom Flipper Zero firmware to bypass security protections in automotive key fobs, putting millions of vehicles at risk. — Image credit: Straight Arrow News

This recording was made using enhanced software.

Summary

Custom firmware

A custom firmware for the Flipper Zero hacking tool can circumvent modern security protections in key fobs.

Millions vulnerable

Experts say millions of vehicles are vulnerable, including models of Ford, Hyundai and Kia.

“Only a matter of time”

Security researcher Ryan Montgomery told Straight Arrow News that it’s “only a matter of time” until the tool gets leaked to the masses.

Full story

Hackers have a new way to break into – or even steal – your car, and all it takes is the push of a button. Malicious actors are circumventing modern security protections in automotive key fobs, researchers warn, putting millions of vehicles at risk.

The hack works by intercepting and cloning a key fob’s radio signal, using custom firmware built for the Flipper Zero, a handheld device designed for analyzing and testing wireless communication protocols.

It bypasses a security mechanism known as rolling codes, designed to prevent thieves from reusing captured key fob signals to unlock a car. Each time the key fob is pressed, an internal algorithm generates a new, one-time-use code, leading the vehicle to unlock only if the code is confirmed to be valid.

But the new hack sidesteps these protections by exploiting the rolling code algorithm to calculate valid key fob commands based on a single intercepted signal.

“I can sit in a parking lot and wait for someone to lock their car, and immediately I get all their fob buttons,” Jeremy Yablan, a hacker known online as RocketGod, told Straight Arrow News. “Other attacks are tricks. This one just captures a single keypress and decodes all buttons and rolling codes in an instant. You open your trunk – the bad guy has your entire fob.”

Yablan described the attack as “ridiculously fast and easy.”

QR code for SAN app download

Download the SAN app today to stay up-to-date with Unbiased. Straight Facts™.

Point phone camera here

Many vehicles vulnerable

SAN obtained a copy of the firmware and tested the attack in a controlled setting with the permission of vehicle owners. In one case, capturing a single unlock signal allowed the Flipper Zero to repeatedly lock, unlock and open the trunk of the target car.

The hack also disabled the original key fob until it was manually reset.

Vehicles vulnerable to the attack include numerous models manufactured by Chrysler, Dodge, Fiat, Ford, Hyundai, Jeep, Kia, Mitsubishi and Subaru, according to an infographic provided with the firmware. The infographic says updates to attack other car makers, such as Honda, are “in development.” It also mentions high-end car companies such as Alfa Romeo, Ferrari and Maserati.

Numerous car companies listed as susceptible to attack did not respond to SAN’s requests for comment. James Bell, the head of corporate communications at Kia America, said his company “is not aware of this situation and therefore have no comment to offer.”

The team behind the Flipper Zero device, which does not endorse the custom firmware, did not respond to requests for comment.

Created by Russian hacker

The hack appears to be based on a 2022 attack known as “RollBack,” developed by researchers at CrySys Lab in Hungary. The researchers demonstrated how rolling code protections could be broken by capturing valid signals and replaying them in a specific order to bypass a vehicle’s code synchronization system.

The firmware for the Flipper Zero apparently was created by a Russian hacker. Advertisements for the firmware, which includes a serial lock designed to keep it from being distributed to additional users, show it being listed online for as much as $1,000.

The firmware obtained by SAN was a version that had its serial lock disabled by security researchers. The firmware’s creator told SAN that a newer version has since been developed. He shared an updated infographic that lists Suzuki as another vulnerable make.

SAN is not naming the hacker to avoid facilitating the sale of his firmware to potential thieves.

The freelance security researcher and YouTuber known as Talking Sasquach, who regularly covers the Flipper Zero, said the firmware’s creator is marketing the tool specifically to criminals.

‘Only a matter of time’

Protections against the attack are limited.

“There’s really not much people can do to protect themselves against this attack short of just not using your key fob and only using the keys,” Talking Sasquach said.

Given that many modern vehicles do not use traditional keys and rely entirely on key fobs, such workarounds are not viable for all drivers.

“Car companies could issue an update,” Talking Sasquach said, “but they’d have to pull in all of the vehicles and change their software and the key fob’s software, which would probably not be feasible, and a huge cost to manufacturers.”

Despite attempts by the firmware’s creator to limit its distribution, Yablan and other hackers have already managed to remove the built-in licensing restrictions.

The hack is likely to become more commonly used, security researcher Ryan Montgomery, founder of Pentester.com, told SAN.

“It’s only a matter of time,” he said, “before it gets leaked to the masses.”

Mikael Thalen (Tech Reporter)

Mikael Thalen is a tech reporter for Straight Arrow News, where he covers cybersecurity, surveillance, hacking and digital privacy.

Simone Del Rosario (Business Correspondent)

Simone makes sense of U.S. politics, business and economic policy in a way that’s clear and approachable. She covers everything from international trade and tariffs to tech regulation, inflation and the cost of living.

Alan Judd (Content Editor) and Mathew Grisham (Digital Producer) contributed to this report.

Tags: cars, Ford, Hackers, Honda, Hyundai, Kia, Mitsubishi, Technology

Forget the slim jim or smash and grab.

There’s a new way for criminals to break into your car, and all it takes is the push of a button.

It turns out, your key fob is putting your car at risk.

Take a look at this. Hackers can intercept and clone a key fob’s radio signal using custom firmware built for the Flipper Zero. The Flipper Zero is a legal, handheld device that can scan wireless signals. The company is not behind the firmware being used to break into cars; that’s apparently the work of a Russian hacker.

Online ads for the firmware list it for sale for as high as a thousand dollars.

One hacker told Straight Arrow News, “I can sit in a parking lot and wait for someone to lock their car and immediately I get all their fob buttons.”

The hacker tool bypasses a security measure for key fobs known as rolling codes, so a single click of the button from the rightful car owner, even to pop the trunk, grants the hacker full access to enter the car at any time. That’s what makes this tool stand out from other efforts to clone key fobs.

Starting the engine is another story.

SAN’s tech reporter Mikael Thalen got his hands on this firmware and used it to break into cars – with permission, of course.

Mikael, we’re going to talk about which car brands are the most vulnerable, but first, what’s new about this hacking technology that makes it harder for car companies to defend against?

Yeah, so as you noted, rolling codes are supposed to protect against this kind of attack. And so traditionally, if someone wanted to clone your key fob, not only would they need to intercept that unlock signal, but they’d actually have to use a signal jammer to stop that signal that you sent from reaching your car. Because once it reaches your car, it’s no longer valid, as every time you unlock the car, a new rolling code comes into play. So this new attack…All it needs to do is intercept a single code, even if it’s to pop your trunk, and even if it reaches the car, it can then gain access to your entire fob. So just with that one captured signal, it can decode your unlock, your lock, and your trunk popping open, and so this can be used at a later time.

And we have that video that shows you doing just that, using this technology.

With the technology, the firmware designer even tells the buyers what brands and models they can hack. Which cars are the most vulnerable?

Yeah, so when you obtain the firmware, it comes with actually a list of the vehicles that are affected.

And so that includes Chrysler, Dodge, Ford, Hyundai, Jeep, and Kia. And so it lists many models. And there’s also high-end vehicles like Ferrari listed on there. And it’s also entirely possible that there are models out there that are vulnerable that just haven’t been tested yet.

And I actually reached out to several of these car manufacturers to ask if they were aware of it. And the only one to get back to me was Kia of America, who said that they are not aware of the situation, therefore have no comment to offer.

Okay, given that, do you think that this is so new and it’s going to become more prevalent?

Yeah, I did speak with a prominent hacker who has concerns that this tool will eventually make its way to the masses. At the moment, the hacker is selling it for $1,000 online, and he actually has a serial lock on it that’s intended to keep it from getting into the hands of people who didn’t purchase it. But other hackers that I spoke with obtained the tool and actually removed that serial lock. So now they have a copy that is being spread around among security researchers. So it’s very likely that eventually it will reach everyday people.

One of the things that stood out to me in your story, and our viewers can read the entire story at san.com or our app, but one of those things was that a security researcher said there’s really not much that we can do to protect ourselves beyond not using the FOB.

Yeah, I mean really the only thing you can do to protect against this attack is use a physical key or let’s say if you’re getting out of your vehicle maybe locking the vehicle from inside with a physical button. But of course the problem is that many modern vehicles don’t even use physical keys anymore. They rely entirely on fobs. So there’s not much that can be done and you know in order for car companies to fix this issue they’d have to you know recall potentially millions of key fobs and place new software on it which is very unlikely to happen so.

Yeah, Mikael Thalen, SAN’s Tech reporter.

You can read his entire story at SAN.com or the SAN app. Appreciate you breaking this down for us.

Why this story matters

A recently developed hacking method exploiting key fob technology endangers the security of millions of vehicles, as researchers and industry sources warn it allows unauthorized access and even theft with minimal technical skill and few viable protections.

Vehicle cybersecurity

The vulnerability in key fob systems exposes a widespread gap in automotive cybersecurity, creating potential risks for vehicle owners and the automotive industry.

Ease of key fob exploitation

Bypassing rolling code protections with custom firmware and publicly available hardware demonstrates how accessible new hacking tools can make vehicle theft almost effortless for malicious actors.

Lifestyle

7 hrs ago

4 min read

Apple’s $230 iPhone Pocket taps into a bigger story on fashion, functionality
Military

8 hrs ago

5 min read

What would a ‘war’ between Venezuela and the US look like?
Politics

8 hrs ago

4 min read

Government shutdown to end, House approves funding through Jan. 30
U.S.

13 hrs ago

2 min read

Northern lights could return tonight; here’s where to look

Sources

Sources