this post was submitted on 09 Sep 2025
145 points (91.9% liked)

Technology

75103 readers
1868 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
145
Flipper Zero, Car Thieves, and a Brewing Security Crisis: What’s Really Going On? (www.carsandhorsepower.com)
submitted 5 days ago by Changelin@discuss.tchncs.de to c/technology@lemmy.world
28 comments fedilink hide all child comments
 

Underground developers are selling Flipper Zero “car unlock” packages for hundreds of dollars, complete with a PDF listing targeted makes and models and whether the hack enables only door unlocks or full start/drive.

you are viewing a single comment's thread
view the rest of the comments
[–] panda_abyss@lemmy.ca 83 points 4 days ago* (last edited 4 days ago) (2 children)

None of this needs to happen. Frankly insurance companies need to be holding the car manufacturer's feet to the fire by not insuring cars that can be trivially stolen like this. If a Flipper Zero can steal a car that is 100% on the car manufacturer.

If a tiny yubikey can generate cryptographically unique keys so can a car key fob.

It would not be that difficult to design a key fob which pairs with the car wirelessly (just like Apple uses for AppleTV and Apple Watch).

Literally all you need is:

  1. Car has private/public key pair (which can be reset by technicians, but requires physically opening up the car)
  2. Sync keyfob to car -- keyfob generates unique key pair, keyfob shares public key with car.
  3. When the keyfob communicates with the car, all signals to unlock or start are cryptographically signed, then the car sends a token to authenticate and confirm the instruction.

If anyone complains about battery life just make the fob rechargable instead of the annoying shitty battery change process. You can even make a charging port in the car (where they keyhole used to be, or in the wireless charging tray).

Plus this can be extended to phones with zero trust and no need for external infrastructure or violating user privacy.

[–] pivot_root@lemmy.world 24 points 4 days ago (2 children)

Frankly insurance companies need to be holding the car manufacturer's feet to the fire by not insuring cars that can be trivially stolen like this.

The governments should be, too.

Instead, some countries are taking the approach of banning Flipper Zeros or restricting their sale instead. That's like outlawing flathead screwdrivers because you can use them to pop improperly-installed doors off of their hinges.

It's on the car manufacturers to fix their poor security, not on tool suppliers to not make tools.

[–] panda_abyss@lemmy.ca 14 points 4 days ago (1 children)

Yeah, you can ban flipper, but then someone is going to use a raspberry pi zero with a SDR hat, or an arduino, or an old android phone, or a wifi router and battery pack.

[–] martinb@lemmy.sdf.org 4 points 3 days ago

Ban electrons!

[–] SaveTheTuaHawk@lemmy.ca 3 points 3 days ago (1 children)

car manufacturers to fix their poor security

"oh no, your car got stolen....here's another car for you to buy"

We need a global system of digital ID that simply bricks any car reported stolen.

[–] JcbAzPx@lemmy.world 5 points 3 days ago

Yeah, because there's no way remotely brickable cars could ever be abused by the manufacturers.

[–] Broken@lemmy.ml 15 points 4 days ago

insurance companies need to be holding the car manufacturer's feet to the fire by not insuring cars

I agree with the sentiment, but unfortunately that screws over the owners far more and for far longer before it even impacts the car manufacturers.

Maybe a better attack (aside from government regulations) would be banks to not provide financing for loans to buy those cars. In the end, if the car is stolen they are at a loss so that makes sense.

People can't get loans, so don't buy the risky vehicle. It hurts a little in the now to direct them towards cars that will not be a problem in the future. And the car companies feel the sting of lost sales right away.