• @n3m37h
    link
    English
    21310 months ago

    Let’s ban a product instead of solving the issue at hand… Seriously? I hate my country more and more as each day passes

    • sab
      link
      fedilink
      2510 months ago

      While this is seems a bit incompetent, it is easier for them to make technology less available than to fix the underlying issues here. They might set out to do both, but solving the underlying issues will take more time.

      At least they’re trying to do the right thing, and they’re making an effort to deal with a problem that affects real people. Good on them.

      • edric
        link
        fedilink
        English
        10210 months ago

        This is like banning usb cables so Hyundai/Kia cars won’t be stolen, instead of forcing the car manufacturer to just install an actual immobilizer on affected vehicles. Seeing Hyundai/Kia do everything but install immobilizers is infuriating as well. They’re rolling out software updates, giving out wheel locks, installing cages on the ignition panel, etc. Literally everything but fix the problem.

        • @[email protected]
          link
          fedilink
          English
          -4910 months ago

          This is like banning usb cables

          If USB cables were used almost exclusively for illegal and just generally anti social behavior.

          I’d never heard of this thing, and it does sound fun, but this was the use case list from the paragraph calling it a “humble hobbyist device” doesn’t come across as very defensible:

          People can use them to change the channels of a TV at a bar covertly, clone simple hotel key cards, read the RFID chip implanted in pets, open and close some garage doors, and, until Apple issued a patch, send iPhones into a never-ending DoS loop.

          But also agreed on fuck those car companies that just don’t care and would rather weaponize the government than try to fix anything (without a subscription fee of course). Anti social behavior forced Kia to change their shitty grift of a product so 🤷

          • edric
            link
            fedilink
            English
            5410 months ago

            exclusively for illegal and just generally anti social behavior.

            Except they aren’t. These devices are used for various non-illegal purposes and are actually helpful for pentesters so we can learn about potential vulnerabilities on wireless systems before they can be exploited by bad actors. The same way a usb cable is useful for transferring data and at the same time can be used for illegal stuff (like literally any hack where you connect to a device via usb). The worst part (and the article mentions it), is that it doesn’t even work on security systems on cars built since the 90’s. So they’re banning something that isn’t even a problem in the first place.

            • @[email protected]
              link
              fedilink
              English
              -2010 months ago

              I totally get and agree this is a dumbfuck response to the problem they allege to be fixing, and hopefully their committee it whatever concludes the same, but the article didn’t mention any redeeming values for the device as you did

      • @[email protected]
        link
        fedilink
        English
        3110 months ago

        The problem is they are banning a device that doesn’t solve the issue at all except if you have a car from before the 90s. The tools being used for this are custom made with a much larger range. Maybe they should ban smartphones too since people are using them to detect laptops in cars to break into since they are being stupid about it.

        • @[email protected]
          link
          fedilink
          English
          410 months ago

          How do you use a phone to detect a laptop in a car? If it’s on, sure I get it but if the laptop is asleep or off I can’t see how a phone will detect it?

          • @[email protected]
            link
            fedilink
            English
            2010 months ago

            Article said they were using Bluetooth and a app on play store / app store I assume the app measures the signal strength to determine the proximity to the devices. Maybe some laptops don’t turn off Bluetooth in their sleep state or people just weren’t putting their laptops to sleep? Could pickup tablets or phones forgotten in cars too.

          • @fuzetsu
            link
            English
            39 months ago

            Most MacBooks keep Bluetooth on when in sleep mode. There isn’t even a setting to stop it, the only option is to manually turn Bluetooth off before closing the lid or to use 3rd party software to automate turning it off.

      • @n3m37h
        link
        English
        1610 months ago

        It won’t stop theives from being able to obtain them. And it’s a legit tool, should we ban all usb because they can be used to steal Hyundai and Kia cars?

        It’s obvious there are flaws to car manufacturers theft protection. Shit watch LPL, lock noob, Bosnian Bill (hope you’re doing well brother) and you will see most locks are a fucking joke.

        There are Defcon vids on YouTube that go over how cars can be hacked yet manufacturers are still using these systems

      • Kalcifer
        link
        fedilink
        English
        49 months ago

        The road to hell is paved with good intentions.

      • Cethin
        link
        fedilink
        English
        3
        edit-2
        9 months ago

        This device is probably not what a professional car thief would use. It may be used sometimes by someone messing around, but it’s a tool made for an introduction into different types of penetration (testing). It doesn’t do anything as well as a more dedicated device would, and it’s also not as customizable. If a car is vulnerable to this then it’s vulnerable to a lot more things. Also, if someone really wants to steal your car they don’t need this device specifically.

      • @n3m37h
        link
        English
        29 months ago

        More like hide the problem so no one knows about it. This is the entire locksmith ideology, security through obscurity and that has been working out great hasn’t it?

        I don’t have any faith in our incompetent government to do anything right if it costs corporations money.

    • @[email protected]
      link
      fedilink
      English
      210 months ago

      I figure half the purpose of these sorts of devices is to prove just how insecure certain systems are to bring about change. Governments rarely have a good grasp on this sort of thing though. It’s not like banning the device will make anyone more secure.

      • @n3m37h
        link
        English
        39 months ago

        Who gives a shit? He prob doesn’t know what it is or what it is used for either, and neither does his party apparently

    • Jaytreeman
      link
      fedilink
      -3710 months ago

      Pick an issue. Literally any issue. Canada isn’t on the morally right side (with the exception of supporting Ukraine’s war for freedom).
      People are fine. Landscape is amazing. Government at all levels needs to be gone. We’d be better off with actual criminal mobs running everything. They’d at least be competent

  • fmstrat
    link
    fedilink
    English
    18310 months ago

    Read everyone, this is hype, and Canada is being dumb on this one.

    The Flipper Zero is also incapable of defeating keyless systems that rely on rolling codes, a protection that’s been in place since the 1990s that essentially transmits a different electronic key signal each time a key is pressed to lock or unlock a door.

    Most of this reaction is due to staged videos on TikTok and politicians not understanding technology. Maybe they’ll stop a few joyriding kids, but car thiefs aren’t using F0s.

    • Billiam
      link
      English
      7410 months ago

      Politicians passing laws based on things they don’t understand?

      Quelle surprise.

      But also:

      a protection that’s been in place since the 1990s

      That’s not necessarily a guarantee, c.f. Hyundai and Kia’s lack of ignition locks.

      • @[email protected]
        link
        fedilink
        English
        1810 months ago

        Politicians passing laws based on things they don’t understand?

        aka virtue signaling

        • @[email protected]
          link
          fedilink
          English
          89 months ago

          Another way of saying that is moral grandstanding, which I kind of like better. I like the imagery of grandstanding, especially when describing politicians.

      • Baggins [he/him]
        link
        fedilink
        English
        69 months ago

        That’s not a thing in Canada. Our motor vehicle standards require immobilizers.

        • Billiam
          link
          English
          49 months ago

          That’s because you all up there in America Lite hate capitalism, freedom, democracy, eagles, and baby Jesus.

      • @Chriswild
        link
        English
        310 months ago

        The lack of arrestors is the issue there and the company should be liable.

    • Aatube
      link
      fedilink
      7
      edit-2
      10 months ago

      Isn’t it possible for someone to code a code-roller onto the flipper zero app store?

      • @SlopppyEngineer
        link
        English
        3710 months ago

        Probably possible but the thing would be running for hours or days to crack the code. That’s not really useful for a quick hack.

      • @EdibleFriend
        link
        English
        710 months ago

        If so I’m sure someone can find this app and show its been done?

      • Lev_Astov
        link
        English
        19 months ago

        deleted by creator

    • @[email protected]
      link
      fedilink
      English
      610 months ago

      With a jammer it’s definitely possible to bypass rolling codes with Flipper, but it’s only temporary and has limited usefulness

      • @[email protected]
        link
        fedilink
        English
        159 months ago

        That isn’t bypassing rolling codes, that’s capturing a single code while preventing it from reaching the car.

        And once the code is used once, or the fob gets a new code to the car, the previously captured code is useless.

        This isn’t the same thing as bypassing rolling codes.

        • @[email protected]
          link
          fedilink
          English
          19 months ago

          Hmm, I don’t know the precise terminology, I meant bypass as a way to temporarily get around the rolling code system without actually breaking the code itself. You’re probably right though

      • @Takumidesh
        link
        English
        69 months ago

        It’s pretty difficult, you need to get the rolling code from the fob, but you also need to jam it so it doesn’t reach the car.

        Then you have one opportunity to replay the code before the holder of the fob hits the button in range and rolls the code over.

        So even if you manage to set that up that only gets you in the car, it doesn’t get it started.

  • @[email protected]
    link
    fedilink
    English
    1419 months ago

    Im a security professional who works to harden medical devices. I use the flipper zero to easily test many different protocols that would be a pain in the ass to do “manually”.

    The flipper makes it easy for me to verify IR, sub GHz, USB, SPI, and many other protocols while being able to walk around the devices I test.

    Without the flipper I could totally do these checks with homebrew tools, a pi and an rtlsdr (unless thats gonna be illegal too?) But it would take me writing new tools and procedures rather than the ease of the flipper.

    Anybody in the know can tell you that the hardware isn’t anything special, and like many others have said, its like making a swiss army knife illegal cause the toothpick can be used to pick a lock.

    This isn’t gonna stop anybody, if pentest tools are showing flaws in your product, maybe we should send flippers to the car manufacturers and tell them to fix their shit. You shouldn’t be allowed to sell a car that can be wirelessly hacked like this, just like how the FDA doesn’t let you sell medical devices that can be hacked like that.

    You don’t just put the cat back in the bag…

    • @kameecoding
      link
      English
      259 months ago

      Based on your description it sounds like banning the flipper would be encouraging security throigh obscurity

      • @go_go_gadget
        link
        English
        479 months ago

        I remember when they had the same conversations about packet sniffers.

        Turned out the answer was to use encryption and switches.

    • sebinspace
      link
      English
      39 months ago

      My girlfriend has a medical implant for her gastroparresis. How concerned should we be? If that device shuts off, she can’t eat, and there’s only a handful of doctors in the country that can work on it, and the one that sees her is often booked two weeks out

      • @[email protected]
        link
        fedilink
        English
        109 months ago

        The thing is, if there’s a wireless exploit/hack that can cause “patient harm” the FDA+Health Canada would force a recall the sec its publicly known.

        The flipper wouldn’t be the only thing able to exploit it, anybody with a radio and some software would be able to. It just so happens the flipper can also do it cause its a swiss army knife and has a general purpose radio.

        Generally by the time an attack exists on the flipper, its already been mastered on laptops and raspberry pis and stuff, putting it on the flipper is more to make it available to test easily without having to lug out the laptop. Nobody is inventing new exploits for such underpowered hardware as the flipper. People are porting known exploits to it.

        I can’t say how concerned you should be, but this won’t make her any safer than before, equal risk. Just as likely someone with a laptop in a backpack doing that. We don’t make laptops illegal tho.

        What I would be concerned about is the idea that the company that makes the implant would not be able to easily test for issues in the implant with such an “illegal” device. Yes they could use a laptop, but you don’t use an xray machine to find a stud, you use a handheld studfinder cause its cheap and easy.

        Hope that helps explain a bit

        • sebinspace
          link
          English
          09 months ago

          the flipper wouldn’t be the only thing able to exploit it

          No, and I never once thought these capabilities were unique to the Flipper. My concern is how much it lowers the barrier of entry to potentially dangerous behavior. When people say they got one “just to be evil”, it’s deeply concerning. If someone said the same thing about a gun, something else that can be dangerous and needs to be handled responsibly, I’d be notifying someone. It’s not the capabilities themselves, it’s how accessible it makes those capabilities to the otherwise-inept

  • Obinice
    link
    English
    1099 months ago

    The device only gives easy access to already extremely weak/non existent security systems. That’s literally it.

    It’s just something that’s existed forever, but put into a convenient package and marketed well enough that suddenly normal people are realising how insecure their electronic systems actually are.

    Kinda like how they used to make pacemakers hackable because they never thought to add any security at all. I bet many of them still don’t.

    Anyway, the issue lies not with this device, which can’t “hack” anything with any actual security, the issue is with manufacturers making devices that literally leave the door wide open to anybody with an extremely basic electronic sniffer/cloner device.

    • mesamune
      link
      English
      409 months ago

      Yep you can do the same operations with a RTLSDR (20-40$) and a signal repeater (20ish) and raspberry pi/netbook. It’s somewhat harder to do if you don’t know the software but it really just exposes very insecure hardware. Companies should put a semblance of security and it would take care of things. These kind of devices are everywhere not just the flipper. Flipper just made it a tiny bit more friendly.

  • originalucifer
    link
    fedilink
    10410 months ago

    canada just streisanded me into obtaining one of these. i cant wait to play with it

    even in its anger, canada helps. thanks!

    • @[email protected]
      link
      fedilink
      English
      1510 months ago

      I have one and I highly recommend the wifi card. I also have a slightly working Carbon Dioxide sensor - I say slightly because it’s readings are consistently off when compared to my Aranet. Supposedly there’s a way to calibrate, but I haven’t had time to dig into it further.

      My only issue with the device is that I wish there were more tamagochi elements to the dolphin buddy.

  • @[email protected]
    link
    fedilink
    English
    939 months ago

    So, rather than hold automakers accountable for not having proper and effective security practices you focus on a tool designed for security professionals.

    This take is so unbelievably brain dead I’m surprised these people are able to breathe without machine assistance

    • @[email protected]
      link
      fedilink
      English
      249 months ago

      Auto makers are really bad about it. CAN Injection has been a thing for a while now. Cars are going IoT, and a flipper will be the least of the vulnerabilities as things progress.

      • @Custoslibera
        link
        English
        59 months ago

        I’ve just had premonitions of cars crashing into each other in car parks when the ‘self parking’ mode is hacked…

      • @arin
        link
        English
        19 months ago

        As things progress, security should improve. Keyword SHOULD. But they don’t because good security ain’t cheap.

      • @[email protected]
        link
        fedilink
        English
        99 months ago

        Direct quote from https://flipperzero.one/:

        Flipper Zero Multi-tool Device for Geeks Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware, and more. It’s fully open-source and customizable, so you can extend it in whatever way you like.

        Flipper Zero is a portable multi-tool for pentesters and geeks

        multi-tool for pentesters

        pentesters

        Pentester or penetration tester is a cybersecurity professional that can be located on red team (offence) or blue team (defence) and works to determine potential vectors for attack that need to be rectified or exploited, depending on who they’re working for and what their goals are for their employer.

        • DrMango
          link
          English
          -29 months ago

          I mean of course the official website isn’t going to say “it’s a great tool for hackers and car thieves”

          • @[email protected]
            link
            fedilink
            English
            49 months ago

            A tool is just that, a tool.

            Just because what you consider immoral or moral individuals use it doesn’t change the inherent nature of the tool to be used for specific circumstances. You’ll also notice I didn’t put any deterministic language when describing a penetration tester, because regardless of what side of the law they’re on they’re still cybersecurity professionals, it’s just that one side happens to pay better.

            A knife can be used to dissect as well as it can be used to mutilate or even vivisect. How a tool is used is determined by the user not the creator.

            Complaining that a few people use the item for nefarious purposes when the majority of problematic cases are issues at the developer level for the items being affected (i.e. vehicles) is extremely short sighted. Are you going to restrict all PC’s because they can be used for network intrusion?

            Are you going to limit access to the internet because the freely available information can teach anyone to create a dirty bomb?

            The premise of your outlook is inherently erroneous in my opinion.

            • DrMango
              link
              English
              19 months ago

              I’m not talking about the uses for the tool, I’m talking about how you used the company’s own website as a point of reference for the tool’s capabilities. They have a profit motive so of course they’re not going to advertise unsavory uses for their product, just like your knife companies aren’t going to advertise that their product can be used for mutilation.

              But go on with your pedantry I guess.

              • @[email protected]
                link
                fedilink
                English
                0
                edit-2
                9 months ago

                The irony of you saying I am the one being pedantic is seriously hilarious.

                You should probably work on your reading comprehension and critical thinking skills.

                The entire premise of your argument is ‘only criminals use this tool’ or ‘the majority of users of this tool are criminals’ when that is fundamentally and objectively incorrect.

                You clearly lack any serious experience in computer science, let alone cybersecurity, and it shows.

  • @Treczoks
    link
    English
    919 months ago

    If the flipper can help you stealing a car, the flipper is not the problem, but the neglect and incompetence of the car company is.

  • @[email protected]
    link
    fedilink
    English
    909 months ago

    Maybe cars should not be so easy to steal… I thought we came to an agreement on this.

    • @[email protected]
      link
      fedilink
      English
      269 months ago

      I work for a company of under 100 employees in a small city. Our head IT guy bought a Flipper Zero with his own money so he could make sure our building key fobs couldn’t be easily copied.

      If this guy can do it, I think the bajillion dollar auto industry can figure out a solution!

      • @[email protected]
        link
        fedilink
        English
        159 months ago

        A single guy does not have 3 layers of managers and bosses above him, who have “better ideas”, costscutting policies and “i have no idea what you just explained to me, so lets just not do it!”.

        • @[email protected]
          link
          fedilink
          English
          89 months ago

          Absolutely. I bet it’s just easier and cheaper for them to not bother securing their fob radio.

          To be clear, I’m saying they should get their shit together as a company, because it’s clearly not a hard thing to fix.

        • @[email protected]
          link
          fedilink
          English
          29 months ago

          So we can either have secure cars or late stage capitalism? Sounds like a worthwhile trade.

  • @[email protected]
    link
    fedilink
    English
    879 months ago

    "It is unacceptable that it is possible to buy tools that help car theft on major online shopping platforms.”

    I can buy a hammer and screwdriver online, and those could be used for car theft. Does that make those also unacceptable?

    • @[email protected]
      link
      fedilink
      English
      69 months ago

      They’re also really good at murder, a much more serious crime.

      While we’re at it let’s just ban all metal cutlery, just to be on the safe side.

        • @[email protected]
          link
          fedilink
          English
          39 months ago

          I guess you haven’t seen all the TikTok videos of kids steeling Kia’s with nothing but a USB cable (used to turn the ignition, not anything digital).

          To be fair, it doesn’t work in Canada because immobilizers are mandatory. They really love their cost cutting in the US though…

      • 🇰 🌀 🇱 🇦 🇳 🇦 🇰 ℹ️
        link
        fedilink
        English
        5
        edit-2
        9 months ago

        I can buy lockpicks, slimjims, and all sorts of other locksmith tools made specifically to gain access to cars quickly and easily. And I could have been doing so for way, way longer than the Flipper has existed.

  • Rentlar
    link
    fedilink
    English
    72
    edit-2
    10 months ago

    It’s called pretending to do something about the problem.

    The way they get access is by amplifying a signal of a car key near the entrance to trick the car into thinking the key is nearby. Others do just pick the driver’s side lock. Then once inside, they connect to the vehicle and pair new keys so they can drive away in less than 10 minutes.

    I’ve never understood the way modern cars just unlock without any button press, that seems really insecure. Some organized thieves probably aren’t even bothering with lock-picking and ignition hot-wiring these days as older cars would be low value to them. Oh and if a random crackhead really wanted something in the car they would probably just smash the window or pry the door anyway.

    A solution would be a 24 hour lockout timer to program new keys. That would prevent mall jackings and be a small incovenience for repair shops to need to keep cars in the garage overnight.

    • @[email protected]
      link
      fedilink
      English
      2110 months ago

      I call it virtue signaling. It’s the same idea, just a clearer term for it.

      Do those mythical organized thieves really exist? I think 80+% of crimes are crimes of opportunity done by vulnerable people like crackheads, mentally ill, or other low income people.

      • Rentlar
        link
        fedilink
        English
        21
        edit-2
        10 months ago

        Well you can address drug addiction and vulnerability to an extent but this is about autotheft? What do drug addicts or vulnerable low income people need 6497 stolen cars for? Those will probably be caught relatively easily anyway if they just drive in the area.

        The thing is that they ship these cars overseas as quick as possible and for big money and nearly impossible to recover. You can’t do that as some lone Joe looking for your next blow, it’s a profitable criminal enterprise with multiple people taking part, to steal the cars, schmooze through the paperwork, get the cars in containers to ship, then receive payment at the other end.

        • @[email protected]
          link
          fedilink
          English
          410 months ago

          Crimes of opportunity are not need based, they are want based. People take something because they want it and are unconcerned with the potential consequences of taking it. Even the cop quoted in your linked article admitted that 'Cars stolen for the purpose of committing another crime are not what’s behind the majority of thefts.

      • @[email protected]
        link
        fedilink
        English
        1110 months ago

        Some of the initial carjackings may be opportunistic, but the people shipping the stolen cars out of the country are definitely organized.

      • @dexa_scantron
        link
        English
        7
        edit-2
        10 months ago

        Nah, flip that around. What’s a random crackhead going to do with a stolen car? Vs an already-organized and knowledgeable business like a towing company who wants to add a lucrative side gig. That’s who’s doing catalytic converter theft, too.

        • @[email protected]
          link
          fedilink
          English
          610 months ago

          I would say my OC at least applies to the people who get caught. Maybe not always to those who actually do the crime.

    • @Death_Equity
      link
      English
      119 months ago

      Cars that unlock without pressing anything or by pressing a button on the door look for the key that is bound to them. It is secure in that only a key programmed to the car can tell the car it is ok to unlock. They keys are authenticated with a rolling code that is synced between a car and key when the key is programmed to the car. Thieves clone the key’s signal and then the car has no idea that the fake key is not the real key.

      You can’t hotwire a modern car. On a modern pushbutton ignition car the starting function is allowed through a security module that makes sure the key is there before starting. Pushing the button only asks permission to start the car and then the module is the one that tells the car to start.

      Lock-picking a modern car can be done, but it is far easier to use a wedge and inflatable air bag to pry the door open enough to use a hooked tool to open the door from the inside. Nobody picks automotive locks anymore, a lot of the door locks can be ripped out and bypassed anyways. You can of course just break the glass, but it may sound an alarm. The F150 has a massive theft issue Ford won’t bother to address, the alarm can be disabled from outside the car using no tools whatsoever.

      Once a thief has access to the inside of the car, they can program a new fake key using specialized software which is usually dealer level software but it can be done using 3rd party software. You can’t just ban all non-dealers from having the capability to reprogram keys, that is user-repair hostile and would mean you have to pay whatever the dealer wants to replace a lost or damaged key. Not to mention that thieves will still find a way to access dealer tools and keep on stealing anyways.

      A lockout period wouldn’t accomplish anything, the original key still gets cloned and can be used to drive the car away. Once the stolen car is taken, the thieves have all the time they want to reprogram a key.

      Enhancing security measures by using a more secure key authentication method will only go so far as to preventing theft and will add considerable costs to cars and key replacement. Thieves will catch up to any means of securing cars. A better solution is to improve economic prospects and enforce the current laws effectively to remove incentive to steal cars.

      • Rentlar
        link
        fedilink
        English
        4
        edit-2
        9 months ago

        Your points are all valid and I agree with your suggestions. I still think every hour of delay is important to try to track down the car before it gets out of the country…

        So compare an easy to steal car with a keyed ignition, with a modern push to start car. I don’t drive now but I used to drive the former. It wouldn’t sell for much in a used market or criminal market. Being stolen for use in a crime it may be more useful on the other hand. I don’t know if thieves looking for easy marks would go for that car over one with more modern tech…

        • @Death_Equity
          link
          English
          69 months ago

          Auto theft for sale in a foreign market or domestic is uncommon and mostly dealing with valuable or rare cars and typically happens within a gas tank of a international boarder. More common is for breaking down and selling parts, but that is still not that typical. Most auto theft is for personal use and to commit crime. The breakdown of types of thefts changes with area, so in America personal use or crime is more common than Europe where chopping or foreign sale is more common.

          Most turn-key ignition cars can’t be hotwired either, they have immobilizers that require a security chip authentication within the key. Most of the cars that can be hotwired are from before 2005, after that they get rarer. If it has an all metal key, those definitely can be hotwired.

          When it comes to tracking, by the time the car is located it is done being used. Most cars do not have any form of tracking that is accessible to law enforcement with cooperation from manufacturers. Modern cars with tracking can have their GPS or cell network disabled by pulling the right fuse with no impact on the drivability of the car. Aftermarket trackers are harder to disable if they are installed correctly and can lead to a faster recovery if the police move fast enough. Once the car is taken and the GPS fuse is pulled, they can keep the car indefinitely without fear of getting caught via tracking. If an aftermarket tracker is used, they just need to have the car in a place that will block the signal for long enough to disable it and then move the car again fast enough. Cops move slow, you can tell the cops where it is right now and they may not attempt recovery for hours.

          Since the majority of auto theft is just looking for a car to ditch, in America, the easier to steal the better and it doesn’t matter what the car is. F150s and Kia/Hyundai are the most popular now because they are easy to steal and common as dirt but grabbing a 2022 Honda that is left running or grabbing the keys from a driver are popular options.

    • @Madison420
      link
      English
      310 months ago

      Some cars have that already and have had it since like 98 iirc.

      • Rentlar
        link
        fedilink
        English
        29 months ago

        Then what’s the manufacturer’s excuse for not having them on current models? It would prevent the “one and done” type of attacks, there’s at least a chance that any setup gets caught on camera before the car is stolen later?

        • @Madison420
          link
          English
          29 months ago

          Ford still does have program timeout, like I said some cars have had it some haven’t and I can’t and moreover won’t try to explain anyone else’s feelings.

          • Rentlar
            link
            fedilink
            English
            19 months ago

            I understand. I’m upset at this but not trying to take it out on the messenger.

  • @[email protected]
    link
    fedilink
    English
    62
    edit-2
    9 months ago

    Sure, go ahead and blame the tool.
    Then blame the science.
    Then blame the scientists who developed it.

    Blame everything but the thief.

    \s


    Then blame free will for all crime in the world and all wars waged.

    • Ann Archy
      link
      English
      21
      edit-2
      9 months ago

      Removed by mod

      • @[email protected]
        link
        fedilink
        English
        79 months ago

        I remember one of my seniors at work asking me how open source software manages to develop so much without a direct monetary incentive.
        “There’s no lack of resources to give everyone everything they want.” <- is the point.

        Our civilisation has enough people who like coding, willing to put their spare time into OSS, to be able to get good quality tools for use in all fields. Now all we need is for all of those people to be given enough spare time without having to worry about things like mortgages, loan payments and basic survival in some cases and everyone can profit (including the companies who would be giving them the spare time).

    • @hyperhopper
      link
      English
      139 months ago

      First blame the thief. But then in the same breath blame the manufacturers that refuse to sell cars with meaningfully working locks. If you understand the tech many car companies keep selling cars that have locks that are about as secure as a zip tie.

      • @[email protected]
        link
        fedilink
        English
        19 months ago

        The companies will just go around blaming some random engineer for it and then go on throwing money for PR stuff.

  • no banana
    link
    English
    5510 months ago

    I see how that might make sense to lawmakers. It does present itself as a problem. But the fact that it is a symptom of a security issue is the reason it shouldn’t be outright banned. I haven’t used the thing, but it has looked to me like a pretty snazzy multitool.

    It’s like banning swiss army knives. I can see why it looks like it makes sense, but it really doesn’t.

    • @CosmicTurtle
      link
      English
      4610 months ago

      It reminds me of a lawmaker in one of the flyover states that wanted to make it illegal to look at the source code of a website.

      Think about this for a second.

      And realize that this twat is writing laws.

      • @rdyoung
        link
        English
        310 months ago

        I had not heard of that one. Was it the “internet is full of tubes” guy?

        • @CosmicTurtle
          link
          English
          2410 months ago

          No, it was a few years back when a researcher found that there was a plain text file of county employee social security numbers just sitting inside the JavaScript of a government website.

          There are too many Google results from the upcoming election for me to sort through but suffice it to say, the guy was a class A idiot.

        • @[email protected]
          link
          fedilink
          English
          1610 months ago

          I don’t think so, but it was in response to some smart people developing their government website with the database stored basically in the HTML of the website if I remember correctly. A good Samaritan reported it and was basically charged with hacking the state.

          • pixelmeow
            link
            English
            410 months ago

            The problem with this is that reading the generated HTML behind a page that has been served to your browser does not prove that data was stored in an HTML source file. The data is inserted into the page while it’s being served to the browser. That’s what the JavaScript does after it requests the data from the backend code, which gets the data from the database (or whatever storage is being used) and sends it back to the JavaScript, which puts it in the page.

            Saving data in source HTML files would mean every possible combination of data anyone might request must be saved in its own separate file, which is definitely not how web development is done. Laws should not be made by people who don’t know what they’re talking about.

          • Mario_Dies.wav
            link
            fedilink
            English
            110 months ago

            A good Samaritan reported it and was basically charged with hacking the state

            Wait, really? What would I search to read more about this? Do you remember which state?

            • lad
              link
              fedilink
              English
              510 months ago

              I remember hearing about this, so I tried searching for someone “being charged after reporting personal data exposed on a website”

              Turns out, it’s Missouri, 2019, or another article on the same topic

              • Mario_Dies.wav
                link
                fedilink
                English
                310 months ago

                Holy shit, that governor really made an ass of himself. He just kept doubling down lol

                Thanks for the links!

        • lad
          link
          fedilink
          English
          810 months ago

          Happened around 2021-10-15:

          Missouri Gov. Mike Parson said that his administration is pursuing the prosecution of a local newspaper reporter who alerted the government to website security flaws.

          It’s in the following sources, at least: TechCrunch, NPR, NY Times

        • Aatube
          link
          fedilink
          0
          edit-2
          10 months ago

          What’s wrong with that “a series of tubes” speech? It seems pretty accurate to bandwidth

          Edit: Searched it up. The part that was wrong was him blaming email delays on bandwidth.

    • lad
      link
      fedilink
      English
      1610 months ago

      It’s like banning swiss army knives

      That’s why we went forth and banned everything swiss, army, or knive, altogether

    • @rdyoung
      link
      English
      1210 months ago

      I’ve been watching flipper since it was announced. I should probably buy one and play with it.

      All this is going to do is increase sales of the thing and probably increase the number of “kids” trying to break into cars. Streisand effect ftw.

      • @[email protected]
        link
        fedilink
        English
        710 months ago

        I have one.

        Its fun.

        But on the subject of rolling codes, I was able to get through a security gate that relies on, essentially, a garage door opener.

        The exploit relied on the ridiculously low amount of rolling codes it cycled through.

        Capture one, and try it a few times to get through.

        Cars are more robust. Despite tinkering with it for about 8 hours, I wasn’t successful with defeating it. That being said, I picked up the device, in part, to start messing around with various signals as an educational tool.

        • @rdyoung
          link
          English
          210 months ago

          I really should get one. I should also grab the latest version of kali (if that’s still around), I haven’t played with that in a long time.

    • LazaroFilm
      link
      English
      4
      edit-2
      10 months ago

      The real problem is Flipper Zero is just a nicely packaged tool that can also br easily assembled with other off the shelf parts. And those parts alone can do many other things that should not be made illegal. The real solution should be from car manufacturers and ensuring that they don’t use tech that can be so easily hacked.

  • @MTK
    link
    English
    539 months ago

    Car security is horrible

    I bought a copying remote from aliexpress thinking “no way my car has a static code and not a rolling one… right?”

    Nope, fuck you Kia, any stupid cheap remote from aliexpress can be used to copy keys from a surprising amount of cars.

    Car security should improve and I hope this becomes a big enough issue that it get’s better regulated

    • @[email protected]
      link
      fedilink
      English
      99 months ago

      I would have expected an OTP type code to unlock a car… Considering how expensive cars are, this is really cheap to implement. Heck, I could buy a yubikey for €25, and I’m sure if a big company wants to buy a million of them, they can do it for a fraction of that cost… A brand new car costs tens of thousands…, it should’ve been a no brainer to include better security.

      • The Menemen!
        link
        English
        11
        edit-2
        9 months ago

        Yeah, but saving 1.50 per car improves some stupid business performance indicator, which respectively will get some manager a nice bonus.

        • @[email protected]
          link
          fedilink
          English
          29 months ago

          I believe you, this world is so weird… For companies that make tens of billions in profit, saving a million dollars on chips is almost a rounding error compared to the benefit to their reputation when their cars are more secure.

          • The Menemen!
            link
            English
            29 months ago

            Ever since I first met the insanity that are business indicator numbers, I lost my believe in humanity. People knowingly hurt their companies effectiveness and prosperity just to improve those numbers. And they get rewarded for it.

  • @[email protected]
    link
    fedilink
    English
    469 months ago

    Just ordered one. I had no real interest, but once you tell me I can’t have one…I must have one.

    • ɔiƚoxɘup
      link
      fedilink
      English
      139 months ago

      Sales will go through the roof, and being black market will only give it more publicity.

      Oh and yeah, it only works on cars without rolling codes, like, from the 90s

      • @MTK
        link
        English
        59 months ago

        Or modern Kia cars, it’s horrible

        • ɔiƚoxɘup
          link
          fedilink
          English
          29 months ago

          Yesterday I saw a new looking Kia with a club on the steering wheel. It’s no joke how bad Kia fucked up.

        • @Reddfugee42
          link
          English
          19 months ago

          Did you really just use FOMO unironically? 🤣

  • @banneryear1868
    link
    English
    399 months ago

    RollJam and RollBack are the exploits for bypassing rolling codes. These exploits are possible because you can replay captured codes at a later time.

    What’s happening in most cases is the proximity-based fobs are simply amplified with a device to reach the person’s car in the driveway, since most people keep their keys by the door, and in some cases even within reach of the car without a device. It’s this low hanging fruit where the theft happens, or just a tow truck…

    The Flipper is more of an enthusiast and pranking device. The devices used in actual thefts are like disposable $50 alibaba pieces of shit. Canada is effectively creating a clandestine market for simple radio amplifiers made from the most basic electronic components. As someone in Canada who used to build the classic cmoy Altoid-tin headphone amps to sell on etsy, this is tempting…