A significant consequence of this attack is that the original, legitimate keyfob is immediately desynchronized from the vehicle and ceases to function. This could be the first sign for an owner that their vehicle’s security has been compromised.
I think the first sign would be the stolen car
How does this work if a family is using two keyfobs? Does each one have its own rolling code?
Technically, the other fob shouldn't be affected if it works the way I think it does. There's usually a maximum number of keys synced to the vehicle.
This attack basically forces the key fob the flipper zero is substituting itself for to fall out of sync because the flipper zero doesn't transmit the rollover response from the vehicle back to the key fob. So the F0 sends the rolling code it intercepted from the key fob to the vehicle. Vehicle is like, yep, that's matches, and then it does it's rollover and sends out the rollover response. The response doesn't get back to the key because of range etc and then the key remains a step behind the vehicle in the rollover sequence from then on out.
Technically I think ~~they~~ the key could potentially be resynced to the car. (My understanding is that a key of the correct type could be synced to any car that it can be programmed for so long as the key isn't physically damaged, and the security module isn't compromised with malicious code that would prevent it).
Yeah I would assume there's a maximum number of fobs you can register to an individual car and it just keeps the state for all of them individually
Until I see proof of concept in action I'm going to be suspicious that this is as bad as the sensational headlines claim.
Hysterica gets clicks, gets news coverage then turns into nothing more times than not.
I once tried to record / replay my FIAT keyfob with my F0, and it did unlock the car once. Then I spend a bunch of money having the remote lock replaced.
I'd like more evidence that this works reliably before attempting the same thing again...
Potentially misunderstanding but that's exactly what this is, right?
You recorded the code for a given unlock (I'm assuming out of range of the vehicle), replayed it, the car then rolled the code on to the next one and your replayed code was no longer valid and your existing fob didn't know to rollover too, so was left out of sync.
So yes I guess there's the risk it hasn't been implemented correctly, but adds the necessary functionality you were missing to accomplish this before.
Though it would still leave the fob out of sync, in theory I feel like it could be possible for the flipper to send the necessary information to allow the fob to be resynchronised too. Of course someone would need to write this functionally
And people wonder why I use my key toget into the car.
Because of some potential but low risk attack in the future that would be covered by insurance? Sounds like a posting in the ass for little gain.
I'm not going to deal with insurance if I can prevent a theft in the first place.
Why do you use your key toget into the car?
To get to the other side
Anybody know if this disables any fob or just one? I wouldn’t mind using my Flipper for my car, but my wife still needs to drive it.
So you'd just carry your flipper everywhere you go? Any benefit to that?
It’s got a rechargeable battery unlike my car fob.
Just one, there's no way your multiple fobs could sync with each other to begin with.
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Enjoy!