Canada to ban the Flipper Zero to stop surge in car thefts::The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.
Banning it because it can be used to steal cars doesn’t make sense
Btw… Some folks may not realize it is a go to tool for many things.
Flipper Zero - Wikipedia
Flipper Zero is a portable Tamagotchi-like multi-functional device developed for interaction with access control systems. The device is able to read, copy, and emulate RFID and NFC tags, radio remotes, iButton, and digital access keys, along with a GPIO interface.
It is a swiss army knife for RF access control systems as well as harmless, related things like remote controls.
It is used by penetration testers (information security professionals) to do myriad kinds of legit, legal work in their field.
Like any tool it can be used for good or evil. The problem isn’t the tool but the vulnerabilities in cars demonstrating shocking negligence on the part of manufacturers.
Banning the tools just gives us a false sense of security. The vulnerability still exists. It isn’t that difficult for someone to either get the tool, reproduce the tool, or make a new tool with existing parts. Meanwhile law abiding people cannot find the vulnerabilities as easily.
This mostly only serves to penalize a smallish company and protect large car manufacturers from the consequences of their negligence.
It is already illegal to steal cars. Why would criminals risking felony jail time care about whether their tools are suddenly illegal, too?
Classic response, don’t hold the billion dollar corpos who actually design and manufacture the cars responsible. Ban the little device that exposes the flaws in their designs.
Brains. Technically that is the most useful device when pentesting. Along with curiosity. Altho on the former, I believe we, as a society, have actually started to…
The sheer cognitive dissonance of everyone in this thread saying “criminals don’t follow laws so banning this will do nothing!!” But will turn around and say “dur it’ll with guns though,” is painful.
The Flipper Zero is a portable and programmable pen-testing tool that helps experiment with and debug various hardware and digital devices over multiple protocols, including RFID, radio, NFC, infrared, and Bluetooth.
Pen-testing is short for penetration testing. Which is testing if you can break into the things. Like a locked office or a computer system, etc. Legally, it’s done to find flaws that need to be fixed before they get used nefariously.
Pen testing techniques and tools are essentially break in tools. In this case, a tool for mimicking car key fobs and the wireless signals they send to the car.
Pen-testing: penetration testing, basically good guy hacking to find security vulnerabilities so that they can be fixed, basically finding out how easy a security system is to penetrate.
Debugging: fixing problems in hardware and software
RFID (Radio Frequency IDentification), radio, NFC (Near Field Communication,) infrared, Bluetooth: different forms of wireless communication.
RFID is used for stuff like security tags on merchandise, car key fobs
NFC is similar (you could probably make an argument that NFC is basically a type of RFID) with a very short range used for things like making payments with your phone
Bluetooth you’re probably somewhat familiar with, in used for a lot of consumer electronics, wireless headphones, speakers, computer mice, etc.
All of those use radio waves in some form to pass information from one device to another.
Infrared uses a infrared light to send information, the most common use you’ve probably seen is for TV remotes, which is why you have to point the remote at the TV to work, you’re basically flashing an invisible flashlight at the sensor on the TV
This device can basically mimic any of those kinds of signals allowing it access, control, or bypass devices and systems that use those protocols.
This can be useful for people working on those kinds of systems, you don’t need to have the actual key card, remote, device, etc. to test it out, you can try a bunch of different configurations without needing to reprogram the card a bunch of times, and gives you a lot of options to test for different vulnerabilities and issues.
But those same capabilities make it attractive to people who would use it maliciously. If they don’t have the right security measures in place, something like this device could be used to gain access to secure areas by spoofing a key card, unlock cars, interfere with cell phones, snoop on wireless communications, gain access to a someone’s devices, etc.
It’s basically a 2 way radio with tools for those who like to mess with the radio spectrum. That’s the most simple explanation I can make for such a device.
That’s fucking bullshit wtf. This is exactly like bad gun reform that comes from someone who doesn’t know shit about the thing they are trying to reform
It’s been that way for a long time, it’s just kinda the accepted way. The vehicle builders had seen what garage door systems problems came about from hard-switched or dip-switched codes and just went that way from the start.
The newer vehicles have these always-on systems now, the owner doesn’t have to press a specific button. So theives can amplify the fob signal that’s constantly being emitted in the house and get the car to open, then program new keys once they’re in the vehicle and drive away. But that has nothing to do with the Flipper, that’s just a radio repeater.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
English
One question, has the Canadian police actually arrested people using the flipper to steal cars?
That’s not how thieving works….
Good luck
lol, you can do many things with a flipper zero. Stealing a car is not one of those things.
Well it can give access to a car. Soooo…
Butter knives can be used to murder people. Quick let’s ban them to solve all murder.
JFC.
He/she stated that you can’t steal a car with a flipper. But you can. That it isn’t a go to tool is something else.
Besides this, you can use a flipper as a butter knife…
Snow fucking white.
Yes it can be used to steal some cars.
Banning it because it can be used to steal cars doesn’t make sense
Btw… Some folks may not realize it is a go to tool for many things.
It is a swiss army knife for RF access control systems as well as harmless, related things like remote controls.
It is used by penetration testers (information security professionals) to do myriad kinds of legit, legal work in their field.
Like any tool it can be used for good or evil. The problem isn’t the tool but the vulnerabilities in cars demonstrating shocking negligence on the part of manufacturers.
Banning the tools just gives us a false sense of security. The vulnerability still exists. It isn’t that difficult for someone to either get the tool, reproduce the tool, or make a new tool with existing parts. Meanwhile law abiding people cannot find the vulnerabilities as easily.
This mostly only serves to penalize a smallish company and protect large car manufacturers from the consequences of their negligence.
It is already illegal to steal cars. Why would criminals risking felony jail time care about whether their tools are suddenly illegal, too?
Canada u okay
Never heard of these devices but now I kinda want one.
Do it, they’re a lot of fun to play with.
Confidentiality incorrect
Classic response, don’t hold the billion dollar corpos who actually design and manufacture the cars responsible. Ban the little device that exposes the flaws in their designs.
Yeah, let’s entirely outlaw pentesting while we’re at it. What could possibly go wrong? 🙈
Lets outlaw devices that could be used for pentesting while we’re at it. PCs, laptops, phones, etc.
Brains. Technically that is the most useful device when pentesting. Along with curiosity. Altho on the former, I believe we, as a society, have actually started to…
Don’t forget paperclips, string, and aerosol cans. Hell, we should probably just ban wire altogether.
The sheer cognitive dissonance of everyone in this thread saying “criminals don’t follow laws so banning this will do nothing!!” But will turn around and say “dur it’ll with guns though,” is painful.
What is a flipper zero?
I still don’t understand
Pen-testing is short for penetration testing. Which is testing if you can break into the things. Like a locked office or a computer system, etc. Legally, it’s done to find flaws that need to be fixed before they get used nefariously.
Pen testing techniques and tools are essentially break in tools. In this case, a tool for mimicking car key fobs and the wireless signals they send to the car.
Pen-testing: penetration testing, basically good guy hacking to find security vulnerabilities so that they can be fixed, basically finding out how easy a security system is to penetrate.
Debugging: fixing problems in hardware and software
RFID (Radio Frequency IDentification), radio, NFC (Near Field Communication,) infrared, Bluetooth: different forms of wireless communication.
RFID is used for stuff like security tags on merchandise, car key fobs
NFC is similar (you could probably make an argument that NFC is basically a type of RFID) with a very short range used for things like making payments with your phone
Bluetooth you’re probably somewhat familiar with, in used for a lot of consumer electronics, wireless headphones, speakers, computer mice, etc.
All of those use radio waves in some form to pass information from one device to another.
Infrared uses a infrared light to send information, the most common use you’ve probably seen is for TV remotes, which is why you have to point the remote at the TV to work, you’re basically flashing an invisible flashlight at the sensor on the TV
This device can basically mimic any of those kinds of signals allowing it access, control, or bypass devices and systems that use those protocols.
This can be useful for people working on those kinds of systems, you don’t need to have the actual key card, remote, device, etc. to test it out, you can try a bunch of different configurations without needing to reprogram the card a bunch of times, and gives you a lot of options to test for different vulnerabilities and issues.
But those same capabilities make it attractive to people who would use it maliciously. If they don’t have the right security measures in place, something like this device could be used to gain access to secure areas by spoofing a key card, unlock cars, interfere with cell phones, snoop on wireless communications, gain access to a someone’s devices, etc.
It’s basically a 2 way radio with tools for those who like to mess with the radio spectrum. That’s the most simple explanation I can make for such a device.
That’s fucking bullshit wtf. This is exactly like bad gun reform that comes from someone who doesn’t know shit about the thing they are trying to reform
Welcome to Canada. Turning dials that aren’t connected to anything is the specialty of our “leaders”.
Next, ban radio waves, because car companies are too damn dense to create a proper product lol
I’m surprised no fobs use a time-based token to prevent replay attacks. Would make it a bit of a bitch to replace the battery, but hey-ho, tradeoffs.
They use rolling codes that aren’t susceptible to FlipperZero anyway. This is a dog and pony show.
All of them? Source?
It’s been that way for a long time, it’s just kinda the accepted way. The vehicle builders had seen what garage door systems problems came about from hard-switched or dip-switched codes and just went that way from the start.
https://en.wikipedia.org/wiki/Remote_keyless_system#Security
The newer vehicles have these always-on systems now, the owner doesn’t have to press a specific button. So theives can amplify the fob signal that’s constantly being emitted in the house and get the car to open, then program new keys once they’re in the vehicle and drive away. But that has nothing to do with the Flipper, that’s just a radio repeater.
Instead of a time based token they should have authentication. To start the car you need biometric or passcode or Bluetooth to connect and the fob.
For the life of me I don’t understand why my phone has better security than my car.
Oh Canada…
“This here’s the Lockpocking Lawyer, and today we’re going to take a closer look at the Flipper Zero….”
deleted by creator