This $300 Tamagotchi Can Hack Into Your Car | The Flipper Zero
What is the Flipper Zero?
The Flipper Zero started as a Kickstarter campaign back in July of 2020 with the self-proclaimed goal of being an:
“Open source multi-tool device for researching and pentesting radio protocols, access control systems, hardware, and more. ”
The project reached its goal of raising $60,000 USD in only 8 minutes after launch! At the time of writing this, two years later, it has raised over $4.8 Million. With all of this hype behind it, it is clear that there is a high demand for this device. But the question still remains… What does it do? In short, it boils down to 5 main features:
- Sub-1 GHz Radio Transceiver
- RFID/NFC Reading/Writing/Emulating
- Infrared Transceiver
- Ibutton Reading/Writing/Emulating
- Its a Tamagotchi
But what do these features do?
1. Sub-1 GHz Radio Transceiver
The first (and in my opinion the best) feature on the Flipper is its Sub 1 GHz radio. This (depending on your region) allows you to send/receive almost anything on a particular frequency that is allowed to be used where you live. For example, with a Flipper Zero, you could record the radio message that a doorbell sends out and emulate it. If you then replay the code, it will trick the receiver into believing that the doorbell is being pushed and in turn, make a sound. While doing this to a doorbell isn’t that useful, having the power to read and emulate the signals coming from vulnerable car keys, could cause more damage.
2.RFID/NFC Reading/Writing/Emulating
I have grouped RFID and NFC technology together because they are essentially the same thing. You probably use these technologies in your everyday life. Do you need to scan a key fob to get into your apartment? That’s probably RFID. Have you ever used tap and pay on your credit/debit card? That’s probably NFC. The Flipper Zero has the ability to read the contents of any of these cards and emulate them. Someone could use this to clone their key fobs so they could use their Flipper instead. However if you are wanting to clone someones credit/debit card, it won’t work. Newer, more secure protocols are being put into fobs which means that a simple emulating attack won’t work.
3. Infrared Transceiver
TV remotes, air-con remotes, and those cheep LED light remotes all have one thing in common. They use infrared light to communicate. With the Flipper, you are able to record the messages that all of these devices send out. With this you would be able to play them back. Infrared technology is typically only used for consumer remotes. This means that basically the worst thing someone could do with this feature is turn your TV off.
4. Ibutton Reading/Writing/Emulating
While I have never seen an Ibutton in real life, according to the Flipper Zero developers, it is still commonly used all through the world. Ibuttons are essentially just another key fob. The only difference that I am aware of is they they use physical contact to transfer signals. As with all of the other features, the Flipper is able to read, write, and emulate these keys.
5. Its a Tamagotchi
While this feature isn’t as practical as the others, it still adds to the charm of the project. Unlike a normal Tamagotchi, you feed this one by reading and emulating various things around you. The more that you do this, the more your Dolphin levels up.
How can this break into a car?
Most modern car keys transmit different codes every time you press the button. This means that if you manage to capture one of the codes the car wont unlock because the code is old. The problem is that some cars haven’t implemented this feature. This means that if someone is able to record you unlocking your car once. They will have the ability to unlock it forever. For example the Honda Civic (2021) doesn’t implement this security feature. This attack can be seen in action here:
Conclusion
Over all, the Flipper Zero lives up to its hype. It is a compact, versatile, penetration testing tool that is cheap and accessible. Tools like this are vital to pressuring manufacturers to improve their security features. Problems like this have been discovered and known by Honda since 2012, yet they are still plaguing their cars today.