October 8, 2025
PETALING JAYA – A hacking device that can duplicate car keys, near field communication ( C) access cards, radio frequency identification (RFID) tags, automatic gate or garage door remote controls, and even open certain electronic safes is available on popular e-commerce platforms.
The pocket-sized device can read and emulate C signals when placed next to an C-enabled access card and, to a certain extent, record codes transmitted by older car key fobs.
ALSO READ: Regulate sale of hacking devices, say experts
Dubbed by many to be a “Swiss army knife of hacking”, some are priced as low as RM150 and go up to RM1,700 per unit on a popular e-commerce platform.
It is sourced locally and also shipped from overseas.
In 2023, the device was banned in Brazil, whose authorities flagged it as a tool for criminal purposes.
In several short videos on social media, the device can be seen opening hotel doors with just a click.
In some cases, the devices are sold under the guise of a basic handheld gaming device and as “robotic kits for pet lovers”.
The device is even seen copying data from C access control cards and then mimicking them to unlock compatible doors, including locked cars.
Dr Azree Nazri, head of laboratory at Universiti Putra Malaysia’s (UPM) Institute of Mathematical Research, said the device can emulate simple RFID or C codes, but it cannot copy modern rolling codes used in new cars.
“Rolling codes change in each use to prevent replay attacks,” said Dr Azree.
“Owners should use RFID pouches, avoid leaving keys near doors, and consider physical locks,” he added.
Dr Azree said for hobbyists and security researchers, the device is an invaluable and inexpensive tool to learn about tech gadgets such as RFID, C, and hardware security concepts.
“But its openness and extensibility mean skilled operators can combine it with custom firmware, signal analysers or other gear to probe vulnerable systems.
“Whether it is benign or malicious depends on intent and context. Defenders use it to find and fix flaws; attackers may weaponise it against legacy devices,” he said.
“Responsible vendors, clear laws and user education, plus simple mitigation like RFID pouches, help reduce misuse,” he added.
Dr Azree said the device should be regulated, as a blanket ban would only drive its use underground.
According to him, sales on e-commerce platforms should require clear labelling, age verification and responsible usage guidelines.
“Regulation ensures transparency while allowing ethical learning and innovation.
“The focus should be on user intent and awareness, not on criminalising technology, which also helps improve security and train the next generation of tech professionals,” he added.
Dr Rabiah Ahmad, deputy vice chancellor of Research and Innovation at University Tun Hussein Onn, downplayed concerns over the device, saying that it requires basic IT knowledge to operate.
“For devices with current technology, it is equipped with advanced security. So it is impossible to operate it with limited skill,” she said.
“But, with the advancement of media, learning can be easily done,” she added.
Dr Rabiah said the device should only be used strictly for educational purposes.
“It should also be regulated to minimise risks associated with digital security issues,” she added.
The device, first distributed in 2022, was reportedly banned by American e-commerce site Amazon in 2023 after it was alleged to be used as a “card skimming device”.
There were proposals in February 2024 by Canada to ban the device, but its government eventually walked back on the suggestion, saying that it would only ban the use of the device for illegal acts.