Can You Steal a Car with a Flipper Zero? "Yes," Says Nic, "But It Certainly Has a Few Caveats"

If you're after cars at least 20 years old and already have access to the key, a Flipper Zero will get you in the door — but that's all.

Gareth Halfacree
4 months agoSecurity / HW101 / Automotive

Mononymous security engineer Nic, also known as "surlydirtbag," has put the Government of Canada's claim that the Flipper Zero can be used to steal a car to the test, finding that it can — providing you're trying to steal one of a very small number of cars built at least two decades ago, and don't mind having to deal with picking or forcing a mechanical ignition at the same time.

"Up until about five years ago I was an automotive locksmith," Nic explains by way of background. "My job mainly entailed showing up to vehicles that no longer had any working keys and then generating and programming new keys to them from scratch. When I got my Flipper Zero I had to see what, if any, car keys it could read. I found it could read and emulate a couple of older transponder types, [but] modern car keys just aren't as simple as they used to be."

Can a Flipper Zero really be used to steal cars, as the Government of Canada believes? Kinda-sorta, says Nic. (📹: surlydirtbag)

The Flipper Zero, once billed as a multi-tool for hackers before a subtle rebrand took the word off the table, was the only device name-checked following Canada's National Summit on Combating Auto Theft and the resulting decision that selected hardware would need to be banned to reduce the number of keyless car thefts in the nation.

"Criminals have been using sophisticated tools to steal cars," François-Philippe Champagne, minister for innovation, science, and industry, claimed at the event's conclusion. "And Canadians are rightfully worried. Today, I announced we are banning the importation, sale and use of consumer hacking devices, like flippers [sic], used to commit these crimes."

Flipper Devices, naturally, contests that its hardware — recently the subject of a partnership with Raspberry Pi resulting in an RP2040-powered gaming add-on — is suitable for car theft. "We're not aware of any events like this," the company wrote in response to Champagne, "and frankly speaking not sure what was the reason for this discussion to begin with."

Nic's findings largely come down on the side of Flipper Devices: modern keyless cars use encryption and rolling codes to prevent the sort of basic clone and replay attacks that a Flipper Zero could carry out, and are instead typically stolen by simply amplifying and rebroadcasting the signal from a legitimate key — something the Flipper Zero can't do. Older vehicles, which use unencrypted or weakly-encrypted transponders with fixed codes, though? That's a different matter.

"Does this mean you can actually steal a car with the Flipper Zero? The short answer is no; the longer answer is yes, but it certainly has a few caveats," Nic notes. "The number of vehicles that use a [vulnerable] transponder chip like this one here is incredibly small. [And] sure, the fixed data from the car key can be replayed, but the mechanical ignition is still present — preventing you from just emulating the data and driving off."

More information is available in Nic's YouTube video; at the time of writing, the Government of Canada had still not issued any details about its proposed ban on the Flipper Zero and other devices including software-defined radio (SDR) dongles.

Gareth Halfacree
Freelance journalist, technical author, hacker, tinkerer, erstwhile sysadmin. For hire: freelance@halfacree.co.uk.
Latest articles
Sponsored articles
Related articles
Latest articles
Read more
Related articles