That said, this is the argument that gun-owning cowards use, so does it fall under the “How do we stop this happening, says only country in the world where this happens regularly” category?
I see how that might make sense to lawmakers. It does present itself as a problem. But the fact that it is a symptom of a security issue is the reason it shouldn’t be outright banned. I haven’t used the thing, but it has looked to me like a pretty snazzy multitool.
It’s like banning swiss army knives. I can see why it looks like it makes sense, but it really doesn’t.
No, it was a few years back when a researcher found that there was a plain text file of county employee social security numbers just sitting inside the JavaScript of a government website.
There are too many Google results from the upcoming election for me to sort through but suffice it to say, the guy was a class A idiot.
The real problem is Flipper Zero is just a nicely packaged tool that can also br easily assembled with other off the shelf parts. And those parts alone can do many other things that should not be made illegal.
The real solution should be from car manufacturers and ensuring that they don’t use tech that can be so easily hacked.
The device only gives easy access to already extremely weak/non existent security systems. That’s literally it.
It’s just something that’s existed forever, but put into a convenient package and marketed well enough that suddenly normal people are realising how insecure their electronic systems actually are.
Kinda like how they used to make pacemakers hackable because they never thought to add any security at all. I bet many of them still don’t.
Anyway, the issue lies not with this device, which can’t “hack” anything with any actual security, the issue is with manufacturers making devices that literally leave the door wide open to anybody with an extremely basic electronic sniffer/cloner device.
Yep you can do the same operations with a RTLSDR (20-40$) and a signal repeater (20ish) and raspberry pi/netbook. It’s somewhat harder to do if you don’t know the software but it really just exposes very insecure hardware. Companies should put a semblance of security and it would take care of things. These kind of devices are everywhere not just the flipper. Flipper just made it a tiny bit more friendly.
It seems like maybe the problem is that automakers were able to widely market vehicles that use wireless protocols that are relatively easy targets for attack. This was never properly secure.
Automakers should absolutely be held to higher standards (in general) than they are, and it’s not likely that banning specific devices is going to have any measurable outcome here. It’s pretty well known that people buy and sell malware, and people can just… make devices similar to a Flipper with cheaply and readily available hardware.
This is just dumb posturing to avoid holding automakers and tech companies accountable for yet another dumb, poorly thought out, design feature.
And obviously it doesn’t stop at cars. It seems pretty clear that snooping on any feature using RFID or NFC tech is only going to become more widespread. Novel idea: what about using… actual keys as the primary method of granting physical access? Lock picking is obviously possible but a properly laid out disc-detainer lock is pretty goddamn hard to bypass even with the proper tools, and that skill can’t just be acquired in the same way as with electronic methods of bypass.
RollJam and RollBack are the exploits for bypassing rolling codes. These exploits are possible because you can replay captured codes at a later time.
What’s happening in most cases is the proximity-based fobs are simply amplified with a device to reach the person’s car in the driveway, since most people keep their keys by the door, and in some cases even within reach of the car without a device. It’s this low hanging fruit where the theft happens, or just a tow truck…
The Flipper is more of an enthusiast and pranking device. The devices used in actual thefts are like disposable $50 alibaba pieces of shit. Canada is effectively creating a clandestine market for simple radio amplifiers made from the most basic electronic components. As someone in Canada who used to build the classic cmoy Altoid-tin headphone amps to sell on etsy, this is tempting…
This is about more than just cars. Anything that uses RFID, NFC, etc, such as an employee badge or even contactless credit/debit card payments, are vulnerable to such an attack.
Regardless of whether it’s open source hardware/technology, should we be authorising sales of such prebuilt devices for $170 which can allow the average Joe to break into an office or steal a car?
I would have expected an OTP type code to unlock a car… Considering how expensive cars are, this is really cheap to implement. Heck, I could buy a yubikey for €25, and I’m sure if a big company wants to buy a million of them, they can do it for a fraction of that cost… A brand new car costs tens of thousands…, it should’ve been a no brainer to include better security.
I believe you, this world is so weird… For companies that make tens of billions in profit, saving a million dollars on chips is almost a rounding error compared to the benefit to their reputation when their cars are more secure.
Ever since I first met the insanity that are business indicator numbers, I lost my believe in humanity. People knowingly hurt their companies effectiveness and prosperity just to improve those numbers. And they get rewarded for it.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
If the flipper can help you stealing a car, the flipper is not the problem, but the neglect and incompetence of the car company is.
removed by mod
Tyrannically.
Sounds like buying a bunch of Flipper Zero devices and selling them on the street corner is a great investment opportunity
removed by mod
Let’s ban a product instead of solving the issue at hand… Seriously? I hate my country more and more as each day passes
Ah yes banning the tool will 100% take care of the problem.
Clearly criminals who steal cars will DEFINITELY listen to this new law banning their tools.
That said, this is the argument that gun-owning cowards use, so does it fall under the “How do we stop this happening, says only country in the world where this happens regularly” category?
Probably a wise move to nip it in the bud
Maybe, but guns are a very different problem.
A toddler won’t kill their sibling with this by accident.
We just need to make crime illegal 👌
That’s the main issue here, the flipper isn’t useful in car theft
Not only that, you can easily buy more advanced car stealing tools that are made for this purpose from Chinese websites.
I see how that might make sense to lawmakers. It does present itself as a problem. But the fact that it is a symptom of a security issue is the reason it shouldn’t be outright banned. I haven’t used the thing, but it has looked to me like a pretty snazzy multitool.
It’s like banning swiss army knives. I can see why it looks like it makes sense, but it really doesn’t.
It reminds me of a lawmaker in one of the flyover states that wanted to make it illegal to look at the source code of a website.
Think about this for a second.
And realize that this twat is writing laws.
I had not heard of that one. Was it the “internet is full of tubes” guy?
No, it was a few years back when a researcher found that there was a plain text file of county employee social security numbers just sitting inside the JavaScript of a government website.
There are too many Google results from the upcoming election for me to sort through but suffice it to say, the guy was a class A idiot.
I’ve been watching flipper since it was announced. I should probably buy one and play with it.
All this is going to do is increase sales of the thing and probably increase the number of “kids” trying to break into cars. Streisand effect ftw.
The real problem is Flipper Zero is just a nicely packaged tool that can also br easily assembled with other off the shelf parts. And those parts alone can do many other things that should not be made illegal. The real solution should be from car manufacturers and ensuring that they don’t use tech that can be so easily hacked.
At least the article did a good job of calling this ban the bullshit it is.
Guns kill people… How about banning guns?
But then how would we well-regulate our militias
Oh yeah. Sorry, what was I thinking! 🤔
The device only gives easy access to already extremely weak/non existent security systems. That’s literally it.
It’s just something that’s existed forever, but put into a convenient package and marketed well enough that suddenly normal people are realising how insecure their electronic systems actually are.
Kinda like how they used to make pacemakers hackable because they never thought to add any security at all. I bet many of them still don’t.
Anyway, the issue lies not with this device, which can’t “hack” anything with any actual security, the issue is with manufacturers making devices that literally leave the door wide open to anybody with an extremely basic electronic sniffer/cloner device.
Yep you can do the same operations with a RTLSDR (20-40$) and a signal repeater (20ish) and raspberry pi/netbook. It’s somewhat harder to do if you don’t know the software but it really just exposes very insecure hardware. Companies should put a semblance of security and it would take care of things. These kind of devices are everywhere not just the flipper. Flipper just made it a tiny bit more friendly.
It seems like maybe the problem is that automakers were able to widely market vehicles that use wireless protocols that are relatively easy targets for attack. This was never properly secure.
Automakers should absolutely be held to higher standards (in general) than they are, and it’s not likely that banning specific devices is going to have any measurable outcome here. It’s pretty well known that people buy and sell malware, and people can just… make devices similar to a Flipper with cheaply and readily available hardware.
This is just dumb posturing to avoid holding automakers and tech companies accountable for yet another dumb, poorly thought out, design feature.
And obviously it doesn’t stop at cars. It seems pretty clear that snooping on any feature using RFID or NFC tech is only going to become more widespread. Novel idea: what about using… actual keys as the primary method of granting physical access? Lock picking is obviously possible but a properly laid out disc-detainer lock is pretty goddamn hard to bypass even with the proper tools, and that skill can’t just be acquired in the same way as with electronic methods of bypass.
I wanted to get one one day. This sucks. Now I’m gunna have to import it from some rando in Brazil like I did for my switch mods.
RollJam and RollBack are the exploits for bypassing rolling codes. These exploits are possible because you can replay captured codes at a later time.
What’s happening in most cases is the proximity-based fobs are simply amplified with a device to reach the person’s car in the driveway, since most people keep their keys by the door, and in some cases even within reach of the car without a device. It’s this low hanging fruit where the theft happens, or just a tow truck…
The Flipper is more of an enthusiast and pranking device. The devices used in actual thefts are like disposable $50 alibaba pieces of shit. Canada is effectively creating a clandestine market for simple radio amplifiers made from the most basic electronic components. As someone in Canada who used to build the classic cmoy Altoid-tin headphone amps to sell on etsy, this is tempting…
I absolutely love mine :)
This is about more than just cars. Anything that uses RFID, NFC, etc, such as an employee badge or even contactless credit/debit card payments, are vulnerable to such an attack.
Jason Thor Hall (ex-Blizzard employee) explains how such things can be used in social engineering attacks. A Proxmark is a similar device to the Flipper Zero.
Regardless of whether it’s open source hardware/technology, should we be authorising sales of such prebuilt devices for $170 which can allow the average Joe to break into an office or steal a car?
Car security is horrible
I bought a copying remote from aliexpress thinking “no way my car has a static code and not a rolling one… right?”
Nope, fuck you Kia, any stupid cheap remote from aliexpress can be used to copy keys from a surprising amount of cars.
Car security should improve and I hope this becomes a big enough issue that it get’s better regulated
I would have expected an OTP type code to unlock a car… Considering how expensive cars are, this is really cheap to implement. Heck, I could buy a yubikey for €25, and I’m sure if a big company wants to buy a million of them, they can do it for a fraction of that cost… A brand new car costs tens of thousands…, it should’ve been a no brainer to include better security.
Yeah, but saving 1.50 per car improves some stupid business performance indicator, which respectively will get some manager a nice bonus.
I believe you, this world is so weird… For companies that make tens of billions in profit, saving a million dollars on chips is almost a rounding error compared to the benefit to their reputation when their cars are more secure.
Ever since I first met the insanity that are business indicator numbers, I lost my believe in humanity. People knowingly hurt their companies effectiveness and prosperity just to improve those numbers. And they get rewarded for it.