High-tech carjackers use Flipper Zero patches to quietly unlock hundreds of vehicle models, investigation finds

An independent investigation has identified a new, low‑violence method for stealing cars that uses a small handheld device running illegal software patches to unlock doors and enable theft without breaking windows or forcing ignitions.

404 Media reported that Russian‑based hackers are selling modified firmware for the Flipper Zero, a credit‑card‑sized multi‑tool popular with hobbyists, that can be loaded onto the device to interact with vehicle entry systems. One seller, who identified himself only as Daniel, told investigators he has sold the patches for $600 to $1,000 apiece and moved roughly 150 copies, and that the modified code can unlock doors on more than 200 models from a range of automakers, including cars built as recently as this year.

The technique, as described by the reporting, differs from high‑profile cinematic or social‑media car thefts by allowing thieves to take vehicles quietly and quickly. Victims often find their cars later stripped for parts rather than wrecked during a chase. Daniel said locksmiths and some auto‑shop owners have shown interest in the software, and suggested some buyers may use it for legitimate or illegitimate access, telling investigators, "Maybe someone is using it to steal from cars or steal cars."

Flipper Devices, the company that makes the handheld remote, disputed broad assertions that its gadget is enabling vehicle theft. In a statement to the Daily Mail, the company said the Flipper Zero "has limited functionality and cannot be used as a repeater to attack keyless entry systems" and "does not have the hardware to suppress radio signals, which would be necessary to crack vehicle safety systems." The company also described the device as "a tiny piece of hardware with a curious personality of a cyber‑dolphin" that is intended to interact with digital systems in real life and support benign experimentation.

At the same time, the company has acknowledged in blog posts that automakers have shipped some vehicles with outdated or weak security designs, an observation echoed by security researchers. The modified firmware reportedly exploits those lapses in some models, allowing the device to send signals that the vehicles accept as legitimate.

Independent security experts and law‑enforcement analysts warned that even if the Flipper Zero hardware has constraints, the spread of tailored software is a concern because it lowers the technical barrier to stealing cars. "Carmakers have not kept uniform pace on security across product lines," said Dave Baker, security architect at LiveView Technologies, a surveillance camera company. "The main things to remember are sight and light. The best advice is to be proactive and make your car as visible and unattractive to thieves as possible."

U.S. car theft and carjacking rates rose sharply between 2019 and 2023, peaking in the pandemic era. Data cited by several outlets shows a rise from about 20.1 thefts per 100,000 drivers before the pandemic to more than 30 during the spike. The trend included high‑visibility social media phenomena such as the "Kia Boys" videos that highlighted vulnerabilities in older Kia and Hyundai models. Theft rates have declined somewhat from their peak but remain above pre‑2019 levels.

So far, Flipper Devices said it has not been able to directly link the device to vehicle thefts in the United States. Law‑enforcement agencies have prosecuted cases involving relay attacks and other methods that abuse wireless entry systems, and investigators say modified consumer hardware can be a component in a broader criminal ecosystem that includes resale and parts networks.

Industry advocates and some security researchers say the episode highlights a broader issue: consumer devices that are intended for learning and tinkering can be repurposed when automakers do not consistently update security standards. Automakers have moved in recent years to strengthen keyless and remote‑entry systems, but advocates say patches and hardware updates are uneven across models and regions.

Practical steps recommended by security experts to reduce the likelihood of theft include parking in well‑lit, visible areas, using physical steering‑wheel locks for older vehicles, storing keys and fobs well inside buildings to reduce exposure to signal‑amplifying attacks, and installing surveillance cameras. Manufacturers and policy makers have also faced calls to accelerate retrofits and software updates for vulnerable vehicles, though timelines and costs for broad fixes remain unsettled.

The investigation adds to a growing record of how inexpensive or hobbyist electronics can be modified for criminal use when combined with outdated vehicle security. Law‑enforcement officials, automakers and device makers have different perspectives on how immediate and widespread the risk is, and they continue to monitor developments as researchers and some commercial actors probe and harden systems. Flipper Devices did not immediately respond to follow‑up requests for comment beyond its published statements.