Canada to ban the Flipper Zero to stop surge in car thefts::The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.

  • @[email protected]
    link
    fedilink
    English
    14311 months ago

    Oh shit, I wanted to steal a car but now because of this ban it will be illegal, how bad.

    • @MindSkipperBro12
      link
      English
      -5811 months ago

      Yeah, since we can’t stop murderers, we should do nothing about it.

      • Baggins [he/him]
        link
        fedilink
        English
        4611 months ago

        Banning flipper is exactly that- doing nothing- because you can’t actually use one to steal a car.

      • @[email protected]
        link
        fedilink
        English
        32
        edit-2
        11 months ago

        The thing we should do is to hold car manufacturers accountable for neglecting security in cars.

      • edric
        link
        fedilink
        English
        3011 months ago

        Flipper Zero can’t be used to hijack any car, specifically the ones produced after the 1990s, since their security systems have rolling codes

        So actually doing nothing.

        • @MindSkipperBro12
          link
          English
          -1811 months ago

          If you truly want to solve something then you have to make some draconian-like laws and enforce it with rigorous effort. Sometimes the harshest measures are the safest measures.

          • @CurbsTickle
            link
            English
            1211 months ago

            Now tell everyone how banning a device which can’t be used for car thefts, will somehow help with car thefts.

            I think we’d all like to know.

            Or, you know, it’s incredibly stupid to ban. But what do I know? Other than that you can’t use a flipper to steal a car of course.

      • @agent_flounder
        link
        English
        1311 months ago

        “If you want to stop murders just ban kitchen knives.” --canadian politicians

      • @deafboy
        link
        English
        611 months ago

        Let’s establish an international anti-murder day. It won’t save anyone, but at least we did SOMETHING!

      • @[email protected]
        link
        fedilink
        English
        311 months ago

        We can’t stop murderers, so let’s band all guns, knives, baseball bats and tire irons.

    • @WhatAmLemmy
      link
      English
      46
      edit-2
      11 months ago

      But at least they can persecute tinkerers and cyber security professionals while the criminals continue to steal cars.

      It’s win-win for the POS in law enforcement. They create more crime stats for themselves to ensure their increased funding, and the criminals continue stealing cars.

      • @orclev
        link
        English
        1611 months ago

        Even better, tinkerers and cyber security professionals are easy to find and there’s a much lower chance of them fighting back compared to actual car thieves so it’s very low risk for the police. They get to be lazy and safe while padding their numbers, all their favorite things at once.

      • @rockSlayer
        link
        English
        811 months ago

        I’m confused, do you think that systemic issues aren’t a major factor in all crime, especially theft?

        • @FireRetardant
          link
          English
          -2
          edit-2
          11 months ago

          I do think its a factor, i dont think the solution is just letting car theives walk away because they are in a tough spot. That thief will just keep stealing cars and they will get better at it the more they steal and more confident the more they know they won’t be prosecuted.

            • Dadd Volante
              link
              fedilink
              English
              3
              edit-2
              11 months ago

              This person who is insisting we punish low level criminals because they all will turn into high level criminals needs to stop playing GTA, pay a bill or two in life, and realize that poverty creates desperation, and in fact, locking up “low level” criminals actually exposes them to the more hardened ones who have turned it into a lifestyle.

              If you don’t get thrown in a cage with dangerous people and treated like an animal, your odds of rehabilitation skyrocket.

              Exposing people to violence, punishment and harder criminals is the least productive way to rehabilitation.

        • @FireRetardant
          link
          English
          011 months ago

          I did initially but I edited it and it seems to work for me

      • CommunityLinkFixerBotB
        link
        fedilink
        English
        211 months ago

        Hi there! Looks like you linked to a Lemmy community using a URL instead of its name, which doesn’t work well for people on different instances. Try fixing it like this: [email protected]

      • @[email protected]
        link
        fedilink
        English
        211 months ago

        Them: if someone’s getting caught stealing their third car then clearly jail doesn’t work to stop them from doing that and maybe we should think of trying something else?

        You: they want to just let car thieves walk free!

        See what makes you look silly?

  • Lettuce eat lettuce
    link
    fedilink
    English
    10411 months ago

    Classic response, don’t hold the billion dollar corpos who actually design and manufacture the cars responsible. Ban the little device that exposes the flaws in their designs.

    • 7heo
      link
      fedilink
      English
      50
      edit-2
      11 months ago

      Yeah, let’s entirely outlaw pentesting while we’re at it. What could possibly go wrong? 🙈

      • @fluxion
        link
        English
        3111 months ago

        Lets outlaw devices that could be used for pentesting while we’re at it. PCs, laptops, phones, etc.

        • @twack
          link
          English
          1611 months ago

          Don’t forget paperclips, string, and aerosol cans. Hell, we should probably just ban wire altogether.

        • 7heo
          link
          fedilink
          English
          811 months ago

          Brains. Technically that is the most useful device when pentesting. Along with curiosity. Altho on the former, I believe we, as a society, have actually started to…

  • @Fapper_McFapper
    link
    English
    6811 months ago

    lol, you can do many things with a flipper zero. Stealing a car is not one of those things.

    • @coffeebiscuit
      link
      English
      -1911 months ago

      Well it can give access to a car. Soooo…

        • @[email protected]
          link
          fedilink
          English
          2111 months ago

          “Trudeau to ban coat hangers, other clothing care items, after rash of thefts of ancient vehicles”

        • @Fapper_McFapper
          link
          English
          611 months ago

          And you need additional hardware and custom firmware. Then you have to GitHub that shit into the flipper.

          Most people think it works like Dr. Who’s sonic screwdriver. Just press a button, wave it around and voila! You’re in the NSA database.

            • @twack
              link
              English
              611 months ago

              Isn’t that because it can desync the actual keyfob?

              Nvm… Clicked the link. That’s exactly why you shouldn’t do that.

              • @Fapper_McFapper
                link
                English
                211 months ago

                That is my understanding and why I haven’t ventured into that area with my personal vehicles yet.

              • @Buddahriffic
                link
                English
                111 months ago

                Ah, so the cars still have shitty security implementations, only now it’s in the direction of “car needs service if someone tries to playback a previous signal”.

                Though how does it work when you hit the button while out of range of the car?

                It should be each fob has a private key that is used to generate a cryptographic hash of a random challenge string. Or hell, even give a rolling code a sequence number so they the car and fob can resync if necessary (I don’t think this would break the security, since the sequence could be started at a number other than 0).

                • @[email protected]
                  link
                  fedilink
                  English
                  311 months ago

                  That sounds dangerously close to an open standard that would prevent charging $500 for key fobs.

          • @[email protected]
            link
            fedilink
            English
            411 months ago

            No the world just ran out of coat hanger bones and is trying to hide it with plastic replacements

        • @coffeebiscuit
          link
          English
          -511 months ago

          Who are you fooling? Tech savvy people don’t know how to handle coat hangers.

          Plus videos show you that it also works on newer cars. To much Hassle though, but thatch’s also mentioned in the article.

          • Q*Bert Reynolds
            link
            fedilink
            English
            611 months ago

            Those videos are staged. The signal playback trick doesn’t work on newer cars because the code changes every time you lock or unlock your car. You could probably replicate the functionality of a key fob on your Flipper, but it would need to be registered with the car’s computer the same as any other key fob, which means you’d already have to have to access to the car.

            • @[email protected]
              link
              fedilink
              English
              311 months ago

              There are definitely some basic attacks that you can do with a flipper. They are quite a bit more limited than what you can do with an SDR though, and I’m skeptical that they are widely deployed by anyone. You definitely can’t steal a car like this, you can possibly unlock one. But hammers are much more useful in that regard and have a significantly lower skill floor.

      • @agent_flounder
        link
        English
        711 months ago

        Butter knives can be used to murder people. Quick let’s ban them to solve all murder.

        JFC.

        • @coffeebiscuit
          link
          English
          -1211 months ago

          He/she stated that you can’t steal a car with a flipper. But you can. That it isn’t a go to tool is something else.

          Besides this, you can use a flipper as a butter knife…

          Snow fucking white.

          • @agent_flounder
            link
            English
            3
            edit-2
            11 months ago

            Yes it can be used to steal some cars.

            Banning it because it can be used to steal cars doesn’t make sense

            Btw… Some folks may not realize it is a go to tool for many things.

            Flipper Zero - Wikipedia Flipper Zero is a portable Tamagotchi-like multi-functional device developed for interaction with access control systems. The device is able to read, copy, and emulate RFID and NFC tags, radio remotes, iButton, and digital access keys, along with a GPIO interface.

            It is a swiss army knife for RF access control systems as well as harmless, related things like remote controls.

            It is used by penetration testers (information security professionals) to do myriad kinds of legit, legal work in their field.

            Like any tool it can be used for good or evil. The problem isn’t the tool but the vulnerabilities in cars demonstrating shocking negligence on the part of manufacturers.

            Banning the tools just gives us a false sense of security. The vulnerability still exists. It isn’t that difficult for someone to either get the tool, reproduce the tool, or make a new tool with existing parts. Meanwhile law abiding people cannot find the vulnerabilities as easily.

            This mostly only serves to penalize a smallish company and protect large car manufacturers from the consequences of their negligence.

            It is already illegal to steal cars. Why would criminals risking felony jail time care about whether their tools are suddenly illegal, too?

  • RBG
    link
    fedilink
    English
    5811 months ago

    “Flipper Zero can’t be used to hijack any car, specifically the ones produced after the 1990s, since their security systems have rolling codes,” Flipper Devices COO Alex Kulagin told BleepingComputer.

    I guess Canada must have a ton of old cars?

    • 7heo
      link
      fedilink
      English
      3411 months ago

      Or the “rolling codes” have glaring implementation issues, but it is cheaper to ban the Flipper Zero than recall the cars, so the manufacturers made an executive decision… (⚠️ YouTube)

    • @grue
      link
      English
      711 months ago

      It also can’t be used to hijack cars produced before the 1990s, since they mostly don’t have keyless entry in the first place.

    • @[email protected]
      link
      fedilink
      English
      311 months ago

      Rolljack attacks are absolutely not trivial to pull off and I am quite skeptical that a flipper can even do it reliably, if at all, since it requires reactively jamming the transmission after the attacker has already decoded it. I don’t believe these devices have enough power to reliably jam the key fob, much less the speed to do it reactively.

  • @febra
    link
    English
    4311 months ago

    Next, ban radio waves, because car companies are too damn dense to create a proper product lol

    • sebinspace
      link
      English
      611 months ago

      I’m surprised no fobs use a time-based token to prevent replay attacks. Would make it a bit of a bitch to replace the battery, but hey-ho, tradeoffs.

      • @ikidd
        link
        English
        511 months ago

        They use rolling codes that aren’t susceptible to FlipperZero anyway. This is a dog and pony show.

        • sebinspace
          link
          English
          111 months ago

          they use rolling codes

          All of them? Source?

          • @ikidd
            link
            English
            411 months ago

            It’s been that way for a long time, it’s just kinda the accepted way. The vehicle builders had seen what garage door systems problems came about from hard-switched or dip-switched codes and just went that way from the start.

            https://en.wikipedia.org/wiki/Remote_keyless_system#Security

            The newer vehicles have these always-on systems now, the owner doesn’t have to press a specific button. So theives can amplify the fob signal that’s constantly being emitted in the house and get the car to open, then program new keys once they’re in the vehicle and drive away. But that has nothing to do with the Flipper, that’s just a radio repeater.

      • @[email protected]
        link
        fedilink
        English
        311 months ago

        More of an issue with the fob being to connect to a service to get the current time. Technically possible, but would add cost. And if that time is ever out of sync it just won’t work.

        • sebinspace
          link
          English
          511 months ago

          I can put an RTC in an Arduino for about $8. It keeps time accurately. If it gets out of sync, maybe a Bluetooth connection to let it do an NTP request through another device.

          Cellular connectivity is not required.

          • @[email protected]
            link
            fedilink
            English
            111 months ago

            RTC’s are not inherently accurate. You have an RTC in your computer, but disconnect it from the internet for a year and it’s extremely unlikely it will be able to pass an OTP check.

            Add to that the fact that RTCs run off power, means that the fob would need to actively pull from the battery 24/7. What happens when that battery voltage drops below the required power level? The time goes out of sync. Not to mention you need to change the battery at some point.

            Adding Bluetooth would be a terrible idea. You’d then need to make sure the device can receive firmware updates, and we all know the reputation car companies have for updates to things.

            Better option would be to receive the date and time from a transmission, be it FM or cell. And no, you wouldn’t have to pay for cell.

            The problem comes when you’re in an area that doesn’t have these available, which is still quite possible in the US.

            So we loop back to these not really being that viable. They will work most of the time, in most instances. But they’d be shooting themselves in the foot in certain places and with certain users.

      • Natanael
        link
        fedilink
        English
        211 months ago

        Challenges-reponse protocols are what’s needed

      • @Chriswild
        link
        English
        211 months ago

        Instead of a time based token they should have authentication. To start the car you need biometric or passcode or Bluetooth to connect and the fob.

        For the life of me I don’t understand why my phone has better security than my car.

        • @[email protected]
          link
          fedilink
          English
          211 months ago

          Cause what’s in the title is normal news. That’s why. Dumbasses having power to decide for us that it’s the tools to blame.

    • @[email protected]
      link
      fedilink
      English
      1011 months ago

      They’re just doing it to get the votes of the people that see headlines like this and think it’s a good thing without reading the article at all.

  • @[email protected]
    link
    fedilink
    English
    3711 months ago

    I doubt this is the real reason they are being banned, it’s just the excuse they came up with.

    • @Labtec6
      link
      English
      2511 months ago

      They just want to appear to be doing something, even though they aren’t doing anything useful.

    • @finkrat
      link
      English
      511 months ago

      Another distraction for the big problems not getting solved

  • @[email protected]
    link
    fedilink
    English
    3011 months ago

    Oh man, since it is banned, there’s no way at all that anybody can get their hands on it. No possible way. /s

  • @mods_are_assholes
    link
    English
    2711 months ago

    Might as well outlaw crowbars because they can be used to break into houses…

    Fucking idiots who’s microwaves blink midnight for decades think they can make meaningful decisions about tech.

  • @Fades
    link
    English
    2611 months ago

    That’s fucking bullshit wtf. This is exactly like bad gun reform that comes from someone who doesn’t know shit about the thing they are trying to reform

    • @ikidd
      link
      English
      911 months ago

      Welcome to Canada. Turning dials that aren’t connected to anything is the specialty of our “leaders”.

    • @[email protected]
      link
      fedilink
      English
      611 months ago

      The only thing our lawmakers know how to do is ban things to look like they’re doing something when really they have no idea how to actually bring effectual change or fix the problems.

      Flipper zero, foreign buyers, handguns…

    • @[email protected]
      link
      fedilink
      English
      411 months ago

      We’re a country of 3 monopolies in a trenchcoat… run by a party of corrupt idiots, whose replacements look even more incompetent.

      No we are not

  • @Brkdncr
    link
    English
    2011 months ago

    That’s not how thieving works….

  • @[email protected]
    link
    fedilink
    English
    1711 months ago

    Honestly, I am embarrassed with the whole “look like were doing something” shtick by my government. An expensive gathering of decision makers from various sectors, a National Summit, just to say: we are now gonna be soooo tough on crime and let’s ban the toy we just saw on TikTok.

    Car theft was a major problem before 2010 until engine immobilizers became mandatory since 2007 on all vehicles made in Canada

    Then everyone got too comfortable. The regulatory bodies and car manufacturers were too focused pretending doing some work and publishing all the buzzword-of-the-day “accomplishments” they were doing while patting each others backs without explicitely requiring manufacturers to comply/implement immediately anything. Meanwhile, manufacturers were happy to integrate almost off-the-shelf “children’s RC” car starter pack obfuscated through invisible/non-existent security and protected under dubious industrial secrets.

    Obviously, criminals smelled the easy money. Starting around 2013 — mystery car unlocking device | 2015 — signal repeater car burglary, car thefts by relay attacks were known by automakers but ignored as one-offs, too technical, already dealt with by law enforcement to lets pretent it’s not that big of a problem or leave it to the police. Meanwhile, insurance claim replacement vehicles are selling like hotcakes and it is “convenient” to ignore the problem.

    The following years various reprogramming theft become known and finally CAN bus injection — new form of keyless car theft that works in under 2 minutes or in depth investigation by Dr. Ken Tindell, becomes so easy, so cheap and widely available that even kids uses them to gain Youtube/TikTok followers.

    Car hacking was a becoming serious concern during the pandemic, but now it’s simply ridiculous and as if current automaker included/provided anti-theft/GPS tracking were (un)knowingly made “defective”.

    Hence, everyone is playing catch up and blaming left and right on who is responsible for this in-slow-motion public safety disaster.

    Brian Kingston, president and CEO of the Canadian Vehicle Manufacturers’ Association, which includes Ford Motor Company of Canada, General Motors of Canada and Stellantis, said increasing the risk of prosecution is the most effective way to deter vehicle theft.

    “And at the same time, providing more outbound inspection controls at the ports to prevent the flow of stolen vehicles to foreign markets by organized criminal organizations,” he added.

    New vehicle safety standards have been published (rushed?) recently. We will see if all the panic settles down like after 2007.

    Moreover, the exponential prevalence of car theft also laid bare the incredibly poor and ineffective security at the various ports of Canada. Unsurprisingly, it has been a known constant devolution:

    The devolution of port authorities in Canada has not been without debate over the past 70 years. This paper provides a brief introduction to the role of ports in Canada and then examines the history of port policy and devolution, concluding that past policies were considered to have failed due to their inability to respond to changing circumstances.

    (Reposting my same reply for a similar thread about the Canadian Government banning the Flipper Zero, please check my post history for the other thread)

    • @SoleInvictus
      link
      English
      211 months ago

      I thought the US was already working on that?