The topic of hacking and stealing cars using the Flipper Zero has once again made headlines in the global media. This time, hackers claim to be selling “secret firmware” for the gadget that supposedly can be used against Ford, Audi, Volkswagen, Subaru, Hyundai, Kia, and a number of other brands. The Flipper developers explain that this is not true.
At the end of last week, the outlet 404 Media reported on the underground trade in modified firmware for the Flipper Zero that allegedly allows people to break into and steal cars.
Journalists spoke with a hacker named Daniel, who allegedly lives in Russia, as well as his partner Derrow, who have developed and sell special Unleashed firmware for the Flipper Zero on the dark web.
Daniel said that he bought and obtained various fragments of source code needed to build the firmware from other people. According to him, these firmware builds may indeed be used for stealing cars, but they are also popular among technicians at auto repair shops.
Hackers claim that a modified device can intercept key fob signals and compute the next code to unlock the car, creating a “shadow copy of the original key.” According to the provided documentation, such attacks work against nearly 200 car models, including 2025 model-year vehicles from Ford, Audi, Volkswagen, Subaru, Hyundai, Kia, Fiat, Mitsubishi, Suzuki, Peugeot, Citroën, and Skoda.
Two firmware versions are offered for sale: a basic one for $600 (current version only) and an extended one for $1000 (with future updates and support), with payment accepted in cryptocurrency. The firmware is allegedly tied to a specific device via its serial number to prevent unauthorized distribution. To that end, buyers are asked to provide photos of the Flipper Zero box showing the device’s serial number, as well as a photo of a specific part of the gadget’s settings.
Daniel told reporters that over two years he sold this technology to about 150 buyers. Derrow, meanwhile, claims that “sales are through the roof.”
In the article, the journalists expressed concerns that if this technology becomes widespread, it could lead to a surge in car thefts. The outlet writes that in 2026 “Kia Boys could become Flipper Boys,” referring to the well-known trend of youths stealing Kia and Hyundai vehicles.
In response to numerous media reports, one of Flipper Zero’s creators, Pavel Zhovner, published a lengthy post on the official blog.
“Some darknet marketplaces have begun selling so-called ‘private’ firmware for Flipper Zero, claiming it can be used to hack countless cars. Allegedly, information leaked online about new vulnerabilities that allow breaking dynamic protocols such as KeeLoq.
In reality, all these methods were published more than 10 years ago. Nothing new. The authors of such firmware are simply reworking known vulnerabilities and passing them off as ‘new hacks.’ And importantly, these vulnerabilities have nothing to do with real car thefts, because they do not let you start the engine,” Zhovner writes.
The developer explains that KeeLoq was developed in the 1980s and was mainly used in older access systems (for example, garage door openers and early car alarms). It is a rolling code (also known as hopping code) system, where each transmission uses a new unique signal encrypted with the manufacturer’s 64-bit key.
According to Zhovner, the manufacturer key is the weak point of KeeLoq. The problem is that car makers often used the same key for an entire model lineup. If this key leaked, attackers could intercept signals from any remote key fob of that brand.
“The authors of these ‘hacker’ firmwares are simply distributing old keys stolen from various automakers. There’s nothing new here; such vulnerabilities were described in detail back in 2006,” explains the creator of Flipper. “Since then, automakers have moved to more modern radio protocols with two-way authentication, where the car and the key exchange messages to verify authenticity.”
After that, Zhovner reiterates the points that the Flipper Zero creators explained in detail in 2024, when the Canadian government announced it intended to ban the sale of Flipper Zero and similar devices in the country, claiming they could allegedly be used to steal cars.
In particular, he points out that real car thieves usually target keyless entry and ignition systems. They use relays and transmitters that relay the signal from the legitimate key fob, making the car believe the real key is nearby.
“If your car can be attacked with a Flipper Zero, it can just as easily be hacked with a piece of wire,” Zhovner sums up.
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…
Full article →
2025.01.22 — Fake Homebrew Infects macOS and Linux Machines with infostealer
Attackers use Google ads to disguise themselves as the Homebrew website and distribute malware targeting Mac and Linux systems and stealing logon credentials, browser data, and cryptocurrency wallets.…
Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article →
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework
According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…
Full article →
2025.04.08 — Website of Everest ransomware group hacked and defaced
Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: "Don't do crime…
Full article →
2025.02.06 — Let's Encrypt to stop sending expiration notification emails
The nonprofit organization announced that, starting June 4, 2025, it will stop sending expiration notification emails to subscribers. The primary reason behind this decision…
Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers
Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…
Full article →
2025.03.07 — YouTube warns of scam video featuring its CEO
According to YouTube, scammers use an AI-generated video of the company's CEO in phishing attacks to steal user credentials. The scammers attack content creators by sending them…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.02.21 — Microsoft fixes vulnerability in Power Pages exploited by cybercriminals
Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day. The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains…
Full article →