Technology

Let's ban a product instead of solving the issue at hand... Seriously? I hate my country more and more as each day passes

Read everyone, this is hype, and Canada is being dumb on this one.

The Flipper Zero is also incapable of defeating keyless systems that rely on rolling codes, a protection that's been in place since the 1990s that essentially transmits a different electronic key signal each time a key is pressed to lock or unlock a door.

Most of this reaction is due to staged videos on TikTok and politicians not understanding technology. Maybe they'll stop a few joyriding kids, but car thiefs aren't using F0s.

Im a security professional who works to harden medical devices. I use the flipper zero to easily test many different protocols that would be a pain in the ass to do "manually".

The flipper makes it easy for me to verify IR, sub GHz, USB, SPI, and many other protocols while being able to walk around the devices I test.

Without the flipper I could totally do these checks with homebrew tools, a pi and an rtlsdr (unless thats gonna be illegal too?) But it would take me writing new tools and procedures rather than the ease of the flipper.

Anybody in the know can tell you that the hardware isn't anything special, and like many others have said, its like making a swiss army knife illegal cause the toothpick can be used to pick a lock.

This isn't gonna stop anybody, if pentest tools are showing flaws in your product, maybe we should send flippers to the car manufacturers and tell them to fix their shit. You shouldn't be allowed to sell a car that can be wirelessly hacked like this, just like how the FDA doesn't let you sell medical devices that can be hacked like that.

You don't just put the cat back in the bag...

The device only gives easy access to already extremely weak/non existent security systems. That's literally it.

It's just something that's existed forever, but put into a convenient package and marketed well enough that suddenly normal people are realising how insecure their electronic systems actually are.

Kinda like how they used to make pacemakers hackable because they never thought to add any security at all. I bet many of them still don't.

Anyway, the issue lies not with this device, which can't "hack" anything with any actual security, the issue is with manufacturers making devices that literally leave the door wide open to anybody with an extremely basic electronic sniffer/cloner device.

canada just streisanded me into obtaining one of these. i cant wait to play with it

even in its anger, canada helps. thanks!

So, rather than hold automakers accountable for not having proper and effective security practices you focus on a tool designed for security professionals.

This take is so unbelievably brain dead I'm surprised these people are able to breathe without machine assistance

If the flipper can help you stealing a car, the flipper is not the problem, but the neglect and incompetence of the car company is.

Maybe cars should not be so easy to steal... I thought we came to an agreement on this.

"It is unacceptable that it is possible to buy tools that help car theft on major online shopping platforms.”

I can buy a hammer and screwdriver online, and those could be used for car theft. Does that make those also unacceptable?

It's called pretending to do something about the problem.

The way they get access is by amplifying a signal of a car key near the entrance to trick the car into thinking the key is nearby. Others do just pick the driver's side lock. Then once inside, they connect to the vehicle and pair new keys so they can drive away in less than 10 minutes.

I've never understood the way modern cars just unlock without any button press, that seems really insecure. Some organized thieves probably aren't even bothering with lock-picking and ignition hot-wiring these days as older cars would be low value to them. Oh and if a random crackhead really wanted something in the car they would probably just smash the window or pry the door anyway.

A solution would be a 24 hour lockout timer to program new keys. That would prevent mall jackings and be a small incovenience for repair shops to need to keep cars in the garage overnight.

Sure, go ahead and blame the tool.
Then blame the science.
Then blame the scientists who developed it.

Blame everything but the thief.

\s

Then blame free will for all crime in the world and all wars waged.

I see how that might make sense to lawmakers. It does present itself as a problem. But the fact that it is a symptom of a security issue is the reason it shouldn't be outright banned. I haven't used the thing, but it has looked to me like a pretty snazzy multitool.

It's like banning swiss army knives. I can see why it looks like it makes sense, but it really doesn't.

Car security is horrible

I bought a copying remote from aliexpress thinking "no way my car has a static code and not a rolling one... right?"

Nope, fuck you Kia, any stupid cheap remote from aliexpress can be used to copy keys from a surprising amount of cars.

Car security should improve and I hope this becomes a big enough issue that it get's better regulated

Just ordered one. I had no real interest, but once you tell me I can't have one....I must have one.

RollJam and RollBack are the exploits for bypassing rolling codes. These exploits are possible because you can replay captured codes at a later time.

What's happening in most cases is the proximity-based fobs are simply amplified with a device to reach the person's car in the driveway, since most people keep their keys by the door, and in some cases even within reach of the car without a device. It's this low hanging fruit where the theft happens, or just a tow truck...

The Flipper is more of an enthusiast and pranking device. The devices used in actual thefts are like disposable $50 alibaba pieces of shit. Canada is effectively creating a clandestine market for simple radio amplifiers made from the most basic electronic components. As someone in Canada who used to build the classic cmoy Altoid-tin headphone amps to sell on etsy, this is tempting...

Honestly, I am embarrassed with the whole "look like were doing something" shtick by my government. An expensive gathering of decision makers from various sectors, a National Summit, just to say: we are now gonna be soooo tough on crime and let's ban the toy we just saw on TikTok.

Car theft was a major problem before 2010 until engine immobilizers became mandatory since 2007 on all vehicles made in Canada

Then everyone got too comfortable. The regulatory bodies and car manufacturers were too focused pretending doing some work and publishing all the buzzword-of-the-day "accomplishments" they were doing while patting each others backs without explicitely requiring manufacturers to comply/implement immediately anything. Meanwhile, manufacturers were happy to integrate almost off-the-shelf "children's RC" car starter pack obfuscated through invisible/non-existent security and protected under dubious industrial secrets.

Obviously, criminals smelled the easy money. Starting around 2013 — mystery car unlocking device | 2015 — signal repeater car burglary, car thefts by relay attacks were known by automakers but ignored as one-offs, too technical, already dealt with by law enforcement to lets pretent it's not that big of a problem or leave it to the police. Meanwhile, insurance claim replacement vehicles are selling like hotcakes and it is "convenient" to ignore the problem.

The following years various reprogramming theft become known and finally CAN bus injection — new form of keyless car theft that works in under 2 minutes or in depth investigation by Dr. Ken Tindell, becomes so easy, so cheap and widely available that even kids uses them to gain Youtube/TikTok followers.

Car hacking was a becoming serious concern during the pandemic, but now it's simply ridiculous and as if current automaker included/provided anti-theft/GPS tracking were (un)knowingly made "defective".

Hence, everyone is playing catch up and blaming left and right on who is responsible for this in-slow-motion public safety disaster.

Brian Kingston, president and CEO of the Canadian Vehicle Manufacturers' Association, which includes Ford Motor Company of Canada, General Motors of Canada and Stellantis, said increasing the risk of prosecution is the most effective way to deter vehicle theft.

"And at the same time, providing more outbound inspection controls at the ports to prevent the flow of stolen vehicles to foreign markets by organized criminal organizations," he added.

New vehicle safety standards have been published (rushed?) recently. We will see if all the panic settles down like after 2007.

Moreover, the exponential prevalence of car theft also laid bare the incredibly poor and ineffective security at the various ports of Canada. Unsurprisingly, it has been a known constant devolution:

The devolution of port authorities in Canada has not been without debate over the past 70 years. This paper provides a brief introduction to the role of ports in Canada and then examines the history of port policy and devolution, concluding that past policies were considered to have failed due to their inability to respond to changing circumstances.

Ah yes banning the tool will 100% take care of the problem.

The whole "these can be used for high scale crimes" argument is straight up fearmongering. One or two people have reverse engineered the remote protocol on one or two specific models of Volkswagen car, and, after listening to the car being locked and unlocked several times using a laptop and $500 SDR, can reconstruct a signal to unlock the car. When a cybersecurity professional figures out this is possible at all, it makes the news.

If your car can get broken into by any random script kiddie with a Flipper Zero, sue the car company for gross negligence.

Ya but, you can't steal cars with this unit.

If our politicians are not the laughing stock, they should be.

This reminds me of IMSI catchers, which governors and mayors don't mind if law enforcement has them, but when your neighbor makes one out of a mail-order kit and a soldering gun then suddenly it's an instrument of terror.

Oh and police aren't supposed to have them in the US, but no one punishes them for using one. It's inadmissible in court, so they have to parallel construct (id est, lie ) about how they got your location from an informant or through detection dogs or something.

In fact, a lot of security is lax, and we don't bother until it's private interests rather than law enforcement that are using them with malicious intent.

I absolutely love mine :)

It seems like maybe the problem is that automakers were able to widely market vehicles that use wireless protocols that are relatively easy targets for attack. This was never properly secure.

Automakers should absolutely be held to higher standards (in general) than they are, and it's not likely that banning specific devices is going to have any measurable outcome here. It's pretty well known that people buy and sell malware, and people can just... make devices similar to a Flipper with cheaply and readily available hardware.

This is just dumb posturing to avoid holding automakers and tech companies accountable for yet another dumb, poorly thought out, design feature.

And obviously it doesn't stop at cars. It seems pretty clear that snooping on any feature using RFID or NFC tech is only going to become more widespread. Novel idea: what about using... actual keys as the primary method of granting physical access? Lock picking is obviously possible but a properly laid out disc-detainer lock is pretty goddamn hard to bypass even with the proper tools, and that skill can't just be acquired in the same way as with electronic methods of bypass.

I don't even know how to use this thing but I bought one reflexively when I got the sense it would likely be outlawed in the future.

Oh right, forgot about this little thing. Had my eye it long time ago, but forgot about it. Thanks for reminding me Canada. Should probably read up on Streisand effect.

I think people need more visibility over the electromagnetic spectrum, not less, to catch car thieves. This needs to be white hat into a car theft attempt detection kit.

Dude I think I might pick one of these up just for the IR, I miss the good ol days of controlling my tv and tvs on the go with my phone. I need to find out what all else it can do (and only use the powers for good), the RFID and NFC and garage doors and all that sounds like it could be convenient.