Canada to ban the Flipper Zero to stop surge in car thefts

Oh shit, I wanted to steal a car but now because of this ban it will be illegal, how bad.

Yeah, since we can’t stop murderers, we should do nothing about it.
- Banning flipper is exactly that- doing nothing- because you can't actually use one to steal a car.
- The thing we should do is to hold car manufacturers accountable for neglecting security in cars.
- Flipper Zero can't be used to hijack any car, specifically the ones produced after the 1990s, since their security systems have rolling codes
  
  So actually doing nothing.
- "If you want to stop murders just ban kitchen knives." --canadian politicians
- Let's establish an international anti-murder day. It won't save anyone, but at least we did SOMETHING!
- We can't stop murderers, so let's band all guns, knives, baseball bats and tire irons.

They should really try banning car theft, it's a lot more direct and to the point.

But at least they can persecute tinkerers and cyber security professionals while the criminals continue to steal cars.

It's win-win for the POS in law enforcement. They create more crime stats for themselves to ensure their increased funding, and the criminals continue stealing cars.
- Even better, tinkerers and cyber security professionals are easy to find and there's a much lower chance of them fighting back compared to actual car thieves so it's very low risk for the police. They get to be lazy and safe while padding their numbers, all their favorite things at once.

Classic response, don't hold the billion dollar corpos who actually design and manufacture the cars responsible. Ban the little device that exposes the flaws in their designs.

Yeah, let's entirely outlaw pentesting while we're at it. What could possibly go wrong? 🙈
- Lets outlaw devices that could be used for pentesting while we're at it. PCs, laptops, phones, etc.
It doesn't even do that

lol, you can do many things with a flipper zero. Stealing a car is not one of those things.

Well it can give access to a car. Soooo…
- Only 30+ year old cars, but a coat hanger can do that too. Soooo...
- Butter knives can be used to murder people. Quick let's ban them to solve all murder.
  
  JFC.

"Flipper Zero can't be used to hijack any car, specifically the ones produced after the 1990s, since their security systems have rolling codes," Flipper Devices COO Alex Kulagin told BleepingComputer.

I guess Canada must have a ton of old cars?

Or the "rolling codes" have glaring implementation issues, but it is cheaper to ban the Flipper Zero than recall the cars, so the manufacturers made an executive decision... (⚠️ YouTube)
- Here is an alternative Piped link(s):
  
  executive decision
  
  Piped is a privacy-respecting open-source alternative frontend to YouTube.
  
  I'm open-source; check me out at GitHub.
It also can't be used to hijack cars produced before the 1990s, since they mostly don't have keyless entry in the first place.
Rolljack attacks are absolutely not trivial to pull off and I am quite skeptical that a flipper can even do it reliably, if at all, since it requires reactively jamming the transmission after the attacker has already decoded it. I don't believe these devices have enough power to reliably jam the key fob, much less the speed to do it reactively.

Next, ban radio waves, because car companies are too damn dense to create a proper product lol

I’m surprised no fobs use a time-based token to prevent replay attacks. Would make it a bit of a removed to replace the battery, but hey-ho, tradeoffs.
- They use rolling codes that aren't susceptible to FlipperZero anyway. This is a dog and pony show.
- Instead of a time based token they should have authentication. To start the car you need biometric or passcode or Bluetooth to connect and the fob.
  
  For the life of me I don't understand why my phone has better security than my car.
- Challenges-reponse protocols are what's needed
- More of an issue with the fob being to connect to a service to get the current time. Technically possible, but would add cost. And if that time is ever out of sync it just won’t work.

I doubt this is the real reason they are being banned, it's just the excuse they came up with.

They just want to appear to be doing something, even though they aren't doing anything useful.
Another distraction for the big problems not getting solved

Literally nobody is using flippers to steal cars. Grow the fuck up.

They're just doing it to get the votes of the people that see headlines like this and think it's a good thing without reading the article at all.

Oh man, since it is banned, there's no way at all that anybody can get their hands on it. No possible way. /s

Just like guns.
- Exactly, ban anything and only those you call "ctiminals" will have them.

That’s fucking bullshit wtf. This is exactly like bad gun reform that comes from someone who doesn’t know shit about the thing they are trying to reform

Welcome to Canada. Turning dials that aren't connected to anything is the specialty of our "leaders".

Might as well outlaw crowbars because they can be used to break into houses...

Fucking idiots who's microwaves blink midnight for decades think they can make meaningful decisions about tech.

Canada u okay

no
The only thing our lawmakers know how to do is ban things to look like they're doing something when really they have no idea how to actually bring effectual change or fix the problems.

Flipper zero, foreign buyers, handguns....
We're a country of 3 monopolies in a trenchcoat... run by a party of corrupt idiots, whose replacements look even more incompetent.

No we are not

That’s not how thieving works….

Honestly, I am embarrassed with the whole "look like were doing something" shtick by my government. An expensive gathering of decision makers from various sectors, a National Summit, just to say: we are now gonna be soooo tough on crime and let's ban the toy we just saw on TikTok.

Car theft was a major problem before 2010 until engine immobilizers became mandatory since 2007 on all vehicles made in Canada

Then everyone got too comfortable. The regulatory bodies and car manufacturers were too focused pretending doing some work and publishing all the buzzword-of-the-day "accomplishments" they were doing while patting each others backs without explicitely requiring manufacturers to comply/implement immediately anything. Meanwhile, manufacturers were happy to integrate almost off-the-shelf "children's RC" car starter pack obfuscated through invisible/non-existent security and protected under dubious industrial secrets.

Obviously, criminals smelled the easy money. Starting around 2013 — mystery car unlocking device | 2015 — signal repeater car burglary, car thefts by relay attacks were known by automakers but ignored as one-offs, too technical, already dealt with by law enforcement to lets pretent it's not that big of a problem or leave it to the police. Meanwhile, insurance claim replacement vehicles are selling like hotcakes and it is "convenient" to ignore the problem.

The following years various reprogramming theft become known and finally CAN bus injection — new form of keyless car theft that works in under 2 minutes or in depth investigation by Dr. Ken Tindell, becomes so easy, so cheap and widely available that even kids uses them to gain Youtube/TikTok followers.

Car hacking was a becoming serious concern during the pandemic, but now it's simply ridiculous and as if current automaker included/provided anti-theft/GPS tracking were (un)knowingly made "defective".

Hence, everyone is playing catch up and blaming left and right on who is responsible for this in-slow-motion public safety disaster.

Brian Kingston, president and CEO of the Canadian Vehicle Manufacturers' Association, which includes Ford Motor Company of Canada, General Motors of Canada and Stellantis, said increasing the risk of prosecution is the most effective way to deter vehicle theft.

"And at the same time, providing more outbound inspection controls at the ports to prevent the flow of stolen vehicles to foreign markets by organized criminal organizations," he added.

New vehicle safety standards have been published (rushed?) recently. We will see if all the panic settles down like after 2007.

Moreover, the exponential prevalence of car theft also laid bare the incredibly poor and ineffective security at the various ports of Canada. Unsurprisingly, it has been a known constant devolution:

The devolution of port authorities in Canada has not been without debate over the past 70 years. This paper provides a brief introduction to the role of ports in Canada and then examines the history of port policy and devolution, concluding that past policies were considered to have failed due to their inability to respond to changing circumstances.

(Reposting my same reply for a similar thread about the Canadian Government banning the Flipper Zero, please check my post history for the other thread)

Might as well ban brains too, you need that to steal a car.

I thought the US was already working on that?

Never heard of these devices but now I kinda want one.

streisand effect they are going to be sold out everywhere now
- They already were.
Do it, they're a lot of fun to play with.

What is a flipper zero?

It has a bunch of abilities, but the most important one is that it can recieve and transmit radio signals that can trick devices like remote door locks and garage door openers into thinking that a key was pressed to open them, but only if they don't have proper security systems set up. It's built for penetration testing on systems to see how secure they are
I still don’t understand

The Flipper Zero is a portable and programmable pen-testing tool that helps experiment with and debug various hardware and digital devices over multiple protocols, including RFID, radio, NFC, infrared, and Bluetooth.
- Pen-testing is short for penetration testing. Which is testing if you can break into the things. Like a locked office or a computer system, etc. Legally, it's done to find flaws that need to be fixed before they get used nefariously.
  
  Pen testing techniques and tools are essentially break in tools. In this case, a tool for mimicking car key fobs and the wireless signals they send to the car.
- Pen-testing: penetration testing, basically good guy hacking to find security vulnerabilities so that they can be fixed, basically finding out how easy a security system is to penetrate.
  
  Debugging: fixing problems in hardware and software
  
  RFID (Radio Frequency IDentification), radio, NFC (Near Field Communication,) infrared, Bluetooth: different forms of wireless communication.
  
  RFID is used for stuff like security tags on merchandise, car key fobs
  
  NFC is similar (you could probably make an argument that NFC is basically a type of RFID) with a very short range used for things like making payments with your phone
  
  Bluetooth you're probably somewhat familiar with, in used for a lot of consumer electronics, wireless headphones, speakers, computer mice, etc.
  
  All of those use radio waves in some form to pass information from one device to another.
  
  Infrared uses a infrared light to send information, the most common use you've probably seen is for TV remotes, which is why you have to point the remote at the TV to work, you're basically flashing an invisible flashlight at the sensor on the TV
  
  This device can basically mimic any of those kinds of signals allowing it access, control, or bypass devices and systems that use those protocols.
  
  This can be useful for people working on those kinds of systems, you don't need to have the actual key card, remote, device, etc. to test it out, you can try a bunch of different configurations without needing to reprogram the card a bunch of times, and gives you a lot of options to test for different vulnerabilities and issues.
  
  But those same capabilities make it attractive to people who would use it maliciously. If they don't have the right security measures in place, something like this device could be used to gain access to secure areas by spoofing a key card, unlock cars, interfere with cell phones, snoop on wireless communications, gain access to a someone's devices, etc.
- It's basically a 2 way radio with tools for those who like to mess with the radio spectrum. That's the most simple explanation I can make for such a device.

That's all Trudeau has been good for, for years, attempting to appear to do something about a problem but never, never, ever, actually fixing anything, but also inconveniencing/ removing rights or making criminals out of ancillary people to the actual issue.

Personally, i would require car manufacturers to make their cars resistant to such trivial exploits, but this works too i guess

But, but, what about their precious profits??
Eh it doesn't really, there isn't a surge in radio attacks on cars, it's just a novel concept so people are feeling spooked

But I'm with you on your first point, security needs to be hardened and the only one who can truly do that is the manufacturer
It's the equivalent of banning paperclips because they saw a videoclip of somebody opening locks with a paper clip, and completely ignoring all other tools that can open a lock faster than using the key.
This, but apparently they already did this in 1990. Though it sounds like this might instead make the fob go out of sync and no longer work, but that's also on the manufacturers.

Also I wouldn't be surprised if phones could be made to do radio signal recording and playback. You might need a USB ADC/DAC and antenna, but it's not like this device is doing something really sophisticated for this particular attack.

This is our government in a nutshell. Don't like guns? Ban them from licensed owners instead of working against smuggling or changing the license requirement from a PAL to an RPAL. Don't like gas cars? Ban them instead of working on public transit and infrastructure. Don't like the flipper zero? Ban it instead of either licensing purchase and use like a billion other radio devices that exist, or holding car manufacturers responsible for ass security practices.

Can't wait to find out what they don't like next, I wonder what they'll do? /s

Good thing I ordered one a couple days ago

This has made me think that I should order one too. Must be a good tool if it needs to be made illegal.
- You can break into thirty year old cars!

People are cutting locks so we should ban long arm metal snips and angle grinders.

Go for the source, ban the locks

Um.... You don't even need the flipper zero to steal a car. I'm not even sure it's strong enough to emulate the key.

Pretty sure you can't even use the Flipper in the way thieves are using cheap alibaba radio amplifiers on the proximity fobs that people keep near their front door...

“This here’s the Lockpocking Lawyer, and today we’re going to take a closer look at the Flipper Zero….”

One question, has the Canadian police actually arrested people using the flipper to steal cars?

How hard would it be to make a similar device?

A single-board computer, radio modules, and the appropriate software. Trivial for someone with the technical knowledge. The only thing that made the flipper unique is that it comes pre-packaged.
- The uniformity is also nice. Lots of tutorials targetting it
- Any determined thief will just build their own, or one guy will do it and sell to all the thieves, this is the wrong solution.
Politicians being stupid and thick, as usual.

This can be replicated with off-the-shelf components and readily available software. The real issue is the low security of cars.

Also, a similar device with better capabilities is about to hit the market.
- Also, a similar device with better capabilities is about to hit the market.
  
  What's it called?
How specific is the law? I can imagine these idiots either...

Very specifically banning flipper so now people make a functionally identical device called the reppilf that is totally legal

Banning any computing device capable of transmitting radio, thus outlawing all cellphones, laptops, desktops, iot, etc.
- This is how every licensed gun owner in Canada has felt for years. You can go read how they word those laws to get a good idea of how they would go about wording this one. It's not great.

Oh Canada...

this is funny.

Confidentiality incorrect

Good luck

Here is an alternative Piped link(s):

Good luck

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

The sheer cognitive dissonance of everyone in this thread saying "criminals don't follow laws so banning this will do nothing!!" But will turn around and say "dur it'll with guns though," is painful.

Build multi-use guns with hobbyist supplies in your house and then we'll talk
- Lol you can this isn't even a new concept
- Bro you can make an ak-47 out of a shovel.
  
  https://militaryhumor.net/homemade-ak-47-made-from-shovel/
  
  The FGC-9 is a gun designed to be built only from common hardware store tools and a shitty 3d printer and has been used by even the myanmar rebel forces who built it themselves. (Also you can build 3d printers themselves from hardware store and hobbyist electronics store supplies).
  
  Guns are just metal tubes with some extra bits, as knowledge and materials get better, making them gets easier. You're making this statement like it hasn't been a common thing for years