Sub 1-GHz: The Key Fob

-

 Some of the first viral videos to include the Flipper Zero were of people driving by Teslas and opening the charging port. Once the Flipper had gained a bit of momentum online, more videos came out, this time unlocking doors on various cars, or even starting the car, all with the push of a few orange buttons. In response to the potential for car theft, Canada banned the sale of the Flipper outright.

So, is this fact or more fiction? Well, here's where things get interesting. As usual, it's a bit of both. The videos of people popping open the charging ports of Teslas are, for the most part, completely real. Some videos of doing things like unlocking car doors are also real... sort of.

You see, cars have used radio signals to remotely perform operations for some time. Your car's key fob is simply a little radio made to serve only the purpose of making your car easier to use and interact with. When you push the unlock button on your key fob, it sends out a radio signal. Your car receives this signal and unlocks your car. For the most part, each car and fob operate on a unique frequency so your keys wont unlock someone else's car and vice versa. However, your car isn't just soaking up the signal -- other receivers can listen in on your unlock command, such as the one on the Flipper. This command can then be re-transmitted by the flipper later.

This is a bit like the RFID and NFC function i wrote about last time. You can't just magically push a button and unlock a car, but you can copy and emulate a code for later. Unlike a key card, however, you don't need access to the key fob to clone the code -- you just need to be close enough to receive the signal (maybe a hundred feet or so) and be recording when someone else pushes the unlock button.

Now, here's the catch. Car companies know that criminals can do this and prepare for it accordingly. Some brands have been using "rolling" codes since the 90's, and most followed suit by no later than 2014. Rolling codes, instead of having a single code that means "unlock" switch codes every time one of them is used. That means that if a criminal did manage to listen in on and record an unlock signal and then tried to use it later, it wouldn't work because that code was already used. The videos you see of people unlocking car doors are probably using an older model of car that still uses static codes.

There are still ways to unlock modern cars with a Flipper (sort of), but I'll address that later with some other real uses.

But what about Teslas? Well, Tesla didn't consider people wanting to open charging ports as a prank, so they not only didn't use rolling codes for their charging port opening, they left it largely universal. That means that anyone could get access to the unlock code and use it on any Tesla. However, such a blatant security concern couldn't stay unnoticed for long. Last year, Tesla sent out an update that patched this issue. Oh well, it was fun while it lasted.

Remember those videos of people controlling TVs with a Flipper? That's next.

Comments

Post a Comment

Popular posts from this blog

Introduction: The Flipper Zero

-
In august of 2020, an odd little device was put on the market. It was cute, white and orange, and would be more influential than anyone expected. This unassuming little handheld toy was marketed as a pen-tester's playground. For many of the real tools used by cyber security professionals, the flipper zero came equipped with a downsized (and powered) but fully functional version.  Within a few months, rumors about his device spread like wildfire all over the internet. Videos popped up showing it doing everything from opening charging ports of Teslas to cracking electronic locks with the push of a button. People would change the channels on restaurant televisions, turn their menu screens to news channels, and much more. Its sale was banned on Amazon after rumors arose that it had credit card skimming capabilities and its sale was banned entirely in Canada after videos showed it getting into locked cars.  So, what is this device really? What can it do and what can't it do? Which ...
Read more

RFID and NFC: The Key Issue

-
 Some of the more popular demonstrations of the Flipper Zero's capabilities are of the RFID and NFC functions. Viral videos showed the Flipper instantly bypassing electronic locks on hotel rooms, homes, businesses, and even cars. Others showed it copying and emulating credit card information. These videos earned the Flipper Zero a nation-wide sales ban in Canada as well as a sales ban on Amazon.  But is there any truth to videos? It's a bit complicated. The Flipper comes with built in RFID and NFC readers, writers, and emulators. Using this function, something like a business key card can be scanned, cloned, and emulated. To the lock, there is no difference between the emulated code from the Flipper and the actual key card. It's a neat little function, but without having physical access to a card, there's not much you can do. In most of the door unlocking videos, that's all that's happening -- they've cloned a card and are emulating its signature. I said mos...
Read more