[HN Gopher] Flipper Zero DarkWeb Firmware Bypasses Rolling Code ...
___________________________________________________________________
Flipper Zero DarkWeb Firmware Bypasses Rolling Code Security
Author : lq9AJ8yrfs
Score : 58 points
Date : 2025-08-07 21:10 UTC (1 hours ago)
(HTM) web link (www.rtl-sdr.com)
(TXT) w3m dump (www.rtl-sdr.com)
| lq9AJ8yrfs wrote:
| flipper zero implementation of a variant [1] of the rolljam [2]
| attack
|
| [1] https://arxiv.org/abs/2210.11923 [2]
| https://news.ycombinator.com/item?id=10018934
| IshKebab wrote:
| Kind of insane that this works... Surely whoever implemented
| this knew it was insecure? I honestly wouldn't have thought to
| check for this vulnerability because... who would do that??
| palata wrote:
| > A consequence of this is that the original keyfob gets out of
| sync, and will no longer function.
|
| I always wonder about this: what is the consequence of that? Can
| the user reset it, or does it have to be done by a retailer or
| something?
| brk wrote:
| Depends on the implementation. Most times you just have to
| click it a few times in a row. The receiver then realizes it
| missed a few button presses and it re-syncs. I'm not sure what
| that window is though, at some point it might get so out of
| sync that the receiver ignores it and assumes it is a wrong
| fob.
| cakealert wrote:
| Why are so many car manufacturers incapable of using cryptography
| properly?
| the_mitsuhiko wrote:
| To some degree customers love it. It allows you to program your
| own replacement key without having to go through the
| manufacturer or an official dealer.
| j1elo wrote:
| No doubt they would charge $100 or more for just clicking a
| button and having the equivalent of an NFC writer.
| colechristensen wrote:
| When my favorite quadruped knocked my keys into the trash I
| had to get my car towed to the dealer for them to program
| me a new key. One one hand, top notch security as it was
| impossible to do any other way. On the other hand the total
| to get this done was something like $500 after everything.
| dylan604 wrote:
| I did this to myself by placing my keys in a pocket of a
| bag that I've never used before when returning to the
| airport parking. I found the keys in the bag _after_
| paying to have it re-keyed after paying for the tow from
| the airport to the closest dealer.
| IshKebab wrote:
| What does? The article is very unclear about what exactly
| this does.
| the_mitsuhiko wrote:
| The attacks to rolling code keys are well known but these
| keys continue to exist. They allow you to pair a key
| yourself to the car that you buy online. Particularly in
| the US it's quite common that people buy used cars and then
| another key online that they pair themselves.
|
| You won't be able to do this for instance with VAG cars
| that have KESSY. First of all the immobilizer is paired to
| the key, secondly the only way to pair a new key to it is
| via the manufacturer or a licensed dealership because you
| need a blob from their central server. But the consequence
| is that people feel like they are being fleeced when they
| need another key, because it can cost you hundreds of
| dollars to pair one.
|
| In general these types of attacks are much harder in Europe
| where immobilizers have a legal minimum standard that
| manufacturers have to meet. On the other hand in the US
| immobilizer are entirely optional, which has famously led
| to KIA and Hyundai cars shipping without them and the Kia
| Boys TikTok phenomenon.
| tamimio wrote:
| Car manufacturers are like automation/control manufacturers;
| they existed before cybersecurity and never caught up to the
| pace. If you ever audited any SCADA system, you will see
| nightmares. For cars, some new models of popular brands (not
| specifying any), you can access the CANbus from the headlight
| where you can reprogram the ECM to your new key. It's that
| simple to "own" a modern car.
| sneak wrote:
| They're not. There is AFAIK an ssh key infrastructure for
| OnStar that's modern and well-run, for example.
|
| Things like key fobs are most likely very incremental changes
| on "this is the way we've always done it". These organizations
| are behemoths and steer with all of the inertia of a
| containership.
| dylan604 wrote:
| Proper security is a total pain in the ass, and makes things
| nigh impossible to use in the manner people want to use them.
| This naturally makes things more expensive to recover from
| oopsies.
|
| This is why YubiKeys will only ever work for people technical
| enough to understand them. Normies will loose it at the first
| chance, and then be locked out of everything. At that point,
| YubiKeys will be banned by Congress from all of the people
| writing in demanding something be done about their own
| inabilities to not be an ID10T
| tamimio wrote:
| Cool, I was planning to get a spare car key, not anymore!
|
| Also, glad I have one before they would ban it. It's a neat tool
| that I have everything I want there, instead of having 4 fobs,
| one garage remote, plenty of IR remotes, it's AIO. Plus I don't
| have to pay fees to replace my lost fobs
| imzadi wrote:
| Sadly, it won't work as an extra key, because it causes the
| original key to stop working.
| tamimio wrote:
| Welp, that's a bummer! Have you tried it?
| Alejandro9R wrote:
| It says in the article
| xyst wrote:
| cool, I needed a new car, thanks
| hsbauauvhabzb wrote:
| What practical use does this have? From my reading if I capture
| an unlock signal, the car will not unlock for the owner, so
| they'll press their remote a few times.
|
| If I capture a lock signal, presumably I can instead prevent it
| from locking. The only real world malicious action I can see is
| being viable is to block the car lock, meaning the car is still
| in an unlocked state, open the boot (which I'm guessing can be
| done from the car dash anyway) then locking it afterwards?
| Terr_ wrote:
| [delayed]
___________________________________________________________________
(page generated 2025-08-07 23:00 UTC)