Flipper Zero Could Be the Next 'Kia Boys' Hack, or Maybe Not

Flipperzero.one

Wireless communications make today’s cars possible, but they also introduce ways to access what’s supposed to be locked up.
Hacking into a vehicle using software tools isn’t new, but a new device called the Flipper Zero might make it easy for the next wave of car thieves (although its maker claims thieves don’t need its help).
Automakers haven’t seen any upticks in crime reports because of the tool with the toy-like appearance. Yet.

Thanks to the “Kia Boys” wave of car thefts in recent years, Kia and Hyundai have stories to share about security hacks targeting their vehicles. Now a new potential threat created by a low-cost device called the Flipper Zero means the list of automakers who might have something to share when it comes time to tell crime stories might be about to grow. The Flipper Zero is an open-source, customizable device that people can load up with various software to “explore the digital world around [them].” The main idea behind the device, the company behind it said, is to “combine all the research and penetration hardware tools that you could need on the go in a single case.”
The device has been available for a few years, but the open nature of the tool gave hackers the chance recently to start selling software that supposedly allows the handheld device to become an ersatz key fob for a large number of vehicles, including some from Ford, Audi, Volkswagen, Subaru, Hyundai, and Kia, among other brands, according to investigative news site 404 Media, which broke the story.Flipperzero.oneTo be clear, automakers haven’t said they’ve yet noticed any noticeable increase in vehicle break-ins due to the Flipper Zero, but this device has the potential to turn all those “Kia Boys [into] Flipper Boys by 2026,” according to an underground source who spoke with 404 Media. Hyundai and Kia Deny Any Impact So FarVW, Ford, and Subaru have not yet responded to Car and Driver’s requests for comment, but Kia and Hyundai both quickly said they have not yet seen any vehicle break-ins caused by the Flipper Zero.”Hyundai is aware of recent media reports of custom firmware for the Flipper Zero tool that targets certain key fobs for vehicles made by several automakers,” the company told C/D in a statement. “We are evaluating this issue and, to date, have not identified any confirmed cases of this method being used in thefts of Hyundai or Genesis vehicles.”Kia’s response was similar. “As of August 28, 2025, Kia America has not received a customer or law enforcement report or complaint related to this issue,” the company said. “We take the impact of theft on Kia customers very seriously, and therefore will continue to monitor the situation closely in the U.S.”Designed to DeliverSecurity bypass capability was built into the Flipper Zero from the start. When the device was first crowdfunded in 2020, the company compared the toylike device to a Tamagotchi, describing it as a “multi-tool device for hackers” and stating that it was “open source and customizable, so you can extend its functionality in whatever way you like.” The company also pitched the device as a tool for “pentesters,” or penetration testers, people who want to see if they can find a vulnerability in a locked system. The premise was clear. The campaign raised almost $5 million for a fun hacking device that came with a software dolphin “who really loves to hack” and cost around $115. Today, a Flipper Zero retails for around $200.The Flipper Zero is just the latest in a growing number of software hacking tools that thieves might use to gain access to other people’s vehicles. In 2020, a similar hacking device, resembling a Game Boy, called the SOS Key Tool, was available for $25,000. The device was promoted as working with Kia, Hyundai, Nissan, and Mitsubishi vehicles.The trick, though, is to get the software onto these devices that will then allow them to wirelessly unlock car doors. Available only on the shadier parts of the internet, car unlocking codes can be difficult to access, especially with some in the Flipper Zero community gatekeeping these codes away from new users. “Real car thieves don’t use Flipper Zero—they have purpose-built relay tools,” the company said.And then there’s the question of whether this all adds up to a reasonable freakout. The company behind the Flipper Zero, which did not respond to a request for comment, posted a blog response to the news that said everyone is making too big a deal out of this, and that simply accessing a locked car with a Flipper Zero doesn’t mean you can then start it and drive. “Real car thieves don’t use Flipper Zero—they have purpose-built relay tools,” the company said.The unlocking software that can be loaded onto a Flipper Zero was originally published online more than a decade ago, the company said, and should not be considered as “new hacks” since they target a known weakness in a hardware-dedicated block cipher technology (KeeLoq) originally developed in the mid-1980s. According to the CDVI Group, a global security solutions manufacturer, KeeLoq uses a “hopping code” system with a 66-bit transmission code (32 bits of which are encrypted). The company said that there are almost 4 billion possible code combinations in the encrypted section and that “once a passcode has been used, it will not be valid again until approximately 65,000 other valid codes have been used. In normal usage scenarios, it would take more than 20 years for a code to become valid again.”
Keeping It SafeIn the end, the company behind the Flipper Zero is correct that all they really sell is just a tool. But it’s also a capable tool that has been promoted from the beginning as a way to get around other people’s locks. There’s a gray area there between creating something that breaks rules and something useful, and it all depends on how you use the thing. One of the main people behind the Flipper Zero, Pavel Zhovner, posted on social media this summer that they were working on an undetectable airtag that would actually work to prevent stolen bikes. Zhovner said he had five bicycles stolen in a year of living in London. He tried to prevent this by adding Apple’s AirTags to the bikes, but these devices notify someone that they’re present. This is a way to prevent stalkers from adding a tracker to your vehicle without your knowledge. But, if you’ve just stolen a bicycle and get this notification, it also lets you need to find and dispose of a tracker to get away clean.So Zhovner is looking to build a tiny device that cuts the power to the AirTag when it’s moving and then turn it back on when it hasn’t moved for five hours. On one hand, this will be an effective way to find a stolen bike and is an example of using this kind of brainpower for good. On the other hand, a device like this would give a stalker a way to do what they wanted to do before Apple put its notification protocol into effect. Zhovner’s company is also currently working on a new Flipper One, this time as a Linux-based ARM computer.
Related