A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in most modern vehicles, potentially putting millions of cars at risk of theft.

Demonstrations by the YouTube channel “Talking Sasquach” reveal that the firmware, said to be circulating on the dark web, can clone a vehicle’s keyfob with just a single, brief signal capture.

Rikolliset ovat ottaneet askeleen eteenpäin ja moderneihin autoihin pystyy nyt murtautumaan Nintendon Game Boy -käsikonsolia muistuttavalla välineellä. Kyseessä on auton lukituksen radiosignaalia lukeva emulaattori, joka laskee auton lukituksen koodin pahimmillaan jopa sekunneissa.

Asiasta kertoneen InsideEV:n mukaan laite alkaa laskemaan avaimettoman kulun koodia. Avaimettomassa kulussa auton avaimien ei tarvitse olla kuin taskussa.

Laite ei tosin ole ihan jokaisen autovarkaan saatavilla. Laite maksaa InsideEVn tietojen mukaan mallista riippuen noin 14 700–27 600 euroa.

Laitteella voi murtautua muun muassa useisiin Infinitin, Lexuksen, Mercedes-Benzin, Mitsubishin, Nissanin, Subarun ja Toyotan malleihin – ainakin niihin, jotka ovat USA:n markkinoilla. Euroopan markkinoilla olevien ajoneuvojen haavoittuvuudesta ei ole tietoa.

Puolalainen Polsat News sai käsiinsä kyseisen laitteen ja testasi laitteen toimivuutta yhdessä virkavallan kanssa. Videolla näkyy, miten toimittaja pääsee laitteen avulla sisälle autoon ja käynnistää auton.

https://www.youtube.com/watch?v=_Go6byfIgaU

Hyundai Ioniq 5, Kia EV6 Are Newest Victims Of ‘Game Boy’ Hack
Using a small “Game Boy”-like device, thieves are able to steal Hyundai and Kia EVs in just seconds.
https://insideevs.com/news/724328/hyundai-kia-ioniq-5-gameboy/

The Zero Day Initiative (ZDI) will host a new Automotive Pwn2Own at the Automotive World Conference in Tokyo, January 24 to 26, 2024.

ZDI is offering more than $1 million at the Pwn2Own Automotive hacking contest, hosted in January at the Automotive World conference in Tokyo.

The Zero Day Initiative (ZDI) this week announced that it will be offering more than $1 million in cash and prizes at Pwn2Own Automotive, the first Pwn2Own hacking contest focused on car systems.

The competition will be hosted at the Automotive World conference, which is scheduled for January 24 – 26, 2024, in Tokyo, Japan.

Interested security researchers have until January 18 to register for the contest and submit an entry, consisting of “a detailed whitepaper completely explaining your exploit chain and instructions on how to run the entry”, ZDI has announced.

The same as with other similar events, ZDI is allowing remote participation to Pwn2Own Automotive, on the basis that not all researchers will be able to attend the conference.