Comment

Comment on Inside the Underground Trade of ‘Flipper Zero’ Tech to Break into Cars

YiddishMcSquidish@lemmy.today ⁨3⁩ ⁨days⁩ ago

Fucking real! My car (2016 Toyota Avalon) uses a rolling code for the transponder! It’s like one of the most basic things any manufacturer can do to avoid this shit! And it can’t be more than a few dozen lines of code (I’m no expert so this may be an exaggeration)?

source

Sort:hotnew top

Doomsider@lemmy.world ⁨3⁩ ⁨days⁩ ago
It is almost like their should be something written down somewhere. Like a guideline or rule or something…

Oh that is right, it is called a regulation requiring basic wireless security for extremely expensive consumer items.

source
- YiddishMcSquidish@lemmy.today ⁨3⁩ ⁨days⁩ ago
  Nope can’t do that.
  
  But with mega corpos
  
  Won’t someone think of the multi billion dollar corporations‽
  
  source
ArcaneSlime@lemmy.dbzer0.com ⁨2⁩ ⁨days⁩ ago
Of course, this particular attack actually “works” with rolling codes (WILL desync your real keyfob), it requires the attacker to sniff one signal off your key (incl lock) and then they can spoof your key’s rollover protocol (and any button, not just the one they sniffed) to reset the rolling code back to 0 and allowing them access. Iirc it’s different from a standard replay attack in (definitely) that it can spoof other keys on the fob it hasn’t read, and (I think) that while a trad replay attack requires the car not to hear the signal when recording I believe that doesn’t matter with this attack.

Unfortunately I haven’t been able to test it out since I’m not buying a serial locked flipper firmware from some guy who just got out of prison selling it on telegram.

source
- YiddishMcSquidish@lemmy.today ⁨2⁩ ⁨days⁩ ago
  What if I only use the fob as a fob? I usually only use the touch pad to lock and inner handle’s proximity sensor to unlock, so the car is only range finding after initial sense.
  
  source
  - ArcaneSlime@lemmy.dbzer0.com ⁨2⁩ ⁨days⁩ ago
    If you literally never press the buttons, nor leave your keys alone with anyone else who could possibly push the buttons?
    
    Then a guy with a $20 car unlock kit from Autozone can still get in. And so can a guy with a hammer, and a guy with a broken spark plug. Locks are suggestions, especially when you have windows.
    
    And that’s not even to mention people with actual SDRs that can repeat your key’s signal and remote start your car, keep your fob in a faraday bag.
    
    source
    YiddishMcSquidish@lemmy.today ⁨2⁩ ⁨days⁩ ago
    I totally got you in the weakness order of operation. I used to be a locksmith in a previous life in South Florida. Used to tell people they needed double sided deadbolt cause there’s a piece of glass next to it, and that they could also just climb through the window so if they were really worried they would want to put up bars or invisible hard screen. Also I am THE most techy person in my friend group and the most I’ve done is put together a tiny esp32 marauder with an old Bitcoin lottery miner, and even then my keys stay in my pocket. Plus it’s an almost ten year old car with 100k+ miles with a few dents and scratches. So I wouldn’t expect such a sophisticated stack especially considering the town I live in is only like ~50k pop.
    
    source
    -> View More Comments