Redazione RHC : 25 August 2025 11:14
The topic of hacking and car theft using Flipper Zero has returned to the forefront around the world, and we also talked about it in a recent article. This time, hackers claimed to be selling a “secret firmware” for the gadget, which could be used against Ford, Audi, Volkswagen, Subaru, Hyundai, Kia, and many other brands.
Our article published information about the evidence presented on the YouTube channel “Talking Sasquach” , which had tampered with the infamous firmware present in the underground. This Pinball Zero mod was apparently developed by a hacker named Daniel, who presumably lives in Russia, and his partner Derrow, who developed and sells the Unleashed firmware for the Pinball Zero on the darknet.
Daniel claimed to have purchased various snippets of source code needed to create the firmware from other people. He added that the firmware could indeed be used for car theft, but is also widely used among auto repair shops.
Hackers claim that the modified device can intercept signals from remote controls and calculate the next code to unlock the car, creating a “shadow copy of the original key”. According to the provided documentation, these attacks work against nearly 200 car models, including the 2025 releases of Ford, Audi, Volkswagen, Subaru, Hyundai, Kia, Fiat, Mitsubishi, Suzuki, Peugeot, Citroën, and Skoda.
Two versions of the firmware are available: the basic one for $600 (only the current version) and the extended one for $1,000 (with future updates and support); payment is accepted in cryptocurrency.
At the same time, the firmware is supposedly tied to a specific device via a serial number to prevent unauthorized distribution. To do so, buyers are required to provide photos of the Flipper Zero’s packaging, showing the device’s serial number, and a photo of a specific part of the gadget’s settings.
Daniel told reporters that he has sold the technology to about 150 customers in two years, while Darrow claims that “sales are skyrocketing.”
Of course, the automotive and cybersecurity community has expressed concern that if this technology becomes widespread, it could lead to a surge in car thefts. The publication writes that in 2026, “Kia Boys could become Flipper Boys,” referring to the well-known trend among young people stealing Kia and Hyundai cars.
In response to numerous media reports, one of the authors of Flipper Zero, Pavel Zhovner, posted a long message on the official blog.
“Some darknet shops have started selling so-called ‘private’ firmware for Flipper Zero, claiming it can be used to hack countless cars. In reality, all these methods were published more than 10 years ago. Nothing new. The authors of Such firmware simply reworks known vulnerabilities, passing them off as “new hacks.” And importantly, these vulnerabilities have nothing to do with actual car thefts, as they prevent the engine from starting,” Zhovner writes.
The developer explains that KeeLoq was developed in the 1980s and primarily used in older access systems (such as garage doors and early car alarms). It’s a rolling (or jump) code system, where each transmission uses a new, unique signal encrypted with a 64-bit vendor key.
According to Zhovner, the weak point of KeeLoq is the vendor key. The problem is that car manufacturers often used the same key for their entire model range. If this key were leaked, attackers would be able to intercept the signals of any remote control from this brand.
“The authors of the ‘hacker’ firmware simply distribute old keys stolen from various car manufacturers. This is nothing new; vulnerabilities of this type have been described in detail as far back as 2006,” explains Flipper’s creator. “Since then, car manufacturers have switched to more modern radio protocols with two-way authentication, in which the car and the key exchange messages to verify their authenticity.”
Zhovner then reiterates the points that the authors of Flipper Zero had explained in detail in 2024, when the Canadian government announced its intention to ban the sale of Flipper Zero and similar devices in the country because they could be used to steal cars.
In particular, remember that real car thieves usually target keyless entry and start systems. They use repeaters and transmitters that transmit a signal from the real key, tricking the car into believing the real key is nearby. “If your car can be hacked with Flipper Zero, it can be hacked with a piece of wire,” Zhovner concludes.
Redazione