Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown
Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown
How do you ban a device built with open source hardware and software anyway?
Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown
How do you ban a device built with open source hardware and software anyway?
Let's ban a product instead of solving the issue at hand... Seriously? I hate my country more and more as each day passes
While this is seems a bit incompetent, it is easier for them to make technology less available than to fix the underlying issues here. They might set out to do both, but solving the underlying issues will take more time.
At least they're trying to do the right thing, and they're making an effort to deal with a problem that affects real people. Good on them.
This is like banning usb cables so Hyundai/Kia cars won’t be stolen, instead of forcing the car manufacturer to just install an actual immobilizer on affected vehicles. Seeing Hyundai/Kia do everything but install immobilizers is infuriating as well. They’re rolling out software updates, giving out wheel locks, installing cages on the ignition panel, etc. Literally everything but fix the problem.
The problem is they are banning a device that doesn't solve the issue at all except if you have a car from before the 90s. The tools being used for this are custom made with a much larger range. Maybe they should ban smartphones too since people are using them to detect laptops in cars to break into since they are being stupid about it.
It won't stop theives from being able to obtain them. And it's a legit tool, should we ban all usb because they can be used to steal Hyundai and Kia cars?
It's obvious there are flaws to car manufacturers theft protection. Shit watch LPL, lock noob, Bosnian Bill (hope you're doing well brother) and you will see most locks are a fucking joke.
There are Defcon vids on YouTube that go over how cars can be hacked yet manufacturers are still using these systems
The road to hell is paved with good intentions.
This device is probably not what a professional car thief would use. It may be used sometimes by someone messing around, but it's a tool made for an introduction into different types of penetration (testing). It doesn't do anything as well as a more dedicated device would, and it's also not as customizable. If a car is vulnerable to this then it's vulnerable to a lot more things. Also, if someone really wants to steal your car they don't need this device specifically.
More like hide the problem so no one knows about it. This is the entire locksmith ideology, security through obscurity and that has been working out great hasn't it?
I don't have any faith in our incompetent government to do anything right if it costs corporations money.
I figure half the purpose of these sorts of devices is to prove just how insecure certain systems are to bring about change. Governments rarely have a good grasp on this sort of thing though. It's not like banning the device will make anyone more secure.
What does blackface Trudeau have to say on the matter I wonder.
Who gives a shit? He prob doesn't know what it is or what it is used for either, and neither does his party apparently
Pick an issue. Literally any issue. Canada isn't on the morally right side (with the exception of supporting Ukraine's war for freedom).
People are fine. Landscape is amazing. Government at all levels needs to be gone. We'd be better off with actual criminal mobs running everything. They'd at least be competent
You should get those brain worms checked out
Read everyone, this is hype, and Canada is being dumb on this one.
The Flipper Zero is also incapable of defeating keyless systems that rely on rolling codes, a protection that's been in place since the 1990s that essentially transmits a different electronic key signal each time a key is pressed to lock or unlock a door.
Most of this reaction is due to staged videos on TikTok and politicians not understanding technology. Maybe they'll stop a few joyriding kids, but car thiefs aren't using F0s.
Politicians passing laws based on things they don't understand?
Quelle surprise.
But also:
a protection that's been in place since the 1990s
That's not necessarily a guarantee, c.f. Hyundai and Kia's lack of ignition locks.
Politicians passing laws based on things they don’t understand?
aka virtue signaling
That's not a thing in Canada. Our motor vehicle standards require immobilizers.
The lack of arrestors is the issue there and the company should be liable.
Isn't it possible for someone to code a code-roller onto the flipper zero app store?
Probably possible but the thing would be running for hours or days to crack the code. That's not really useful for a quick hack.
If so I'm sure someone can find this app and show its been done?
With a jammer it's definitely possible to bypass rolling codes with Flipper, but it's only temporary and has limited usefulness
That isn’t bypassing rolling codes, that’s capturing a single code while preventing it from reaching the car.
And once the code is used once, or the fob gets a new code to the car, the previously captured code is useless.
This isn’t the same thing as bypassing rolling codes.
It's pretty difficult, you need to get the rolling code from the fob, but you also need to jam it so it doesn't reach the car.
Then you have one opportunity to replay the code before the holder of the fob hits the button in range and rolls the code over.
So even if you manage to set that up that only gets you in the car, it doesn't get it started.
Im a security professional who works to harden medical devices. I use the flipper zero to easily test many different protocols that would be a pain in the ass to do "manually".
The flipper makes it easy for me to verify IR, sub GHz, USB, SPI, and many other protocols while being able to walk around the devices I test.
Without the flipper I could totally do these checks with homebrew tools, a pi and an rtlsdr (unless thats gonna be illegal too?) But it would take me writing new tools and procedures rather than the ease of the flipper.
Anybody in the know can tell you that the hardware isn't anything special, and like many others have said, its like making a swiss army knife illegal cause the toothpick can be used to pick a lock.
This isn't gonna stop anybody, if pentest tools are showing flaws in your product, maybe we should send flippers to the car manufacturers and tell them to fix their shit. You shouldn't be allowed to sell a car that can be wirelessly hacked like this, just like how the FDA doesn't let you sell medical devices that can be hacked like that.
You don't just put the cat back in the bag...
Based on your description it sounds like banning the flipper would be encouraging security throigh obscurity
I remember when they had the same conversations about packet sniffers.
Turned out the answer was to use encryption and switches.
My girlfriend has a medical implant for her gastroparresis. How concerned should we be? If that device shuts off, she can’t eat, and there’s only a handful of doctors in the country that can work on it, and the one that sees her is often booked two weeks out
The thing is, if there's a wireless exploit/hack that can cause "patient harm" the FDA+Health Canada would force a recall the sec its publicly known.
The flipper wouldn't be the only thing able to exploit it, anybody with a radio and some software would be able to. It just so happens the flipper can also do it cause its a swiss army knife and has a general purpose radio.
Generally by the time an attack exists on the flipper, its already been mastered on laptops and raspberry pis and stuff, putting it on the flipper is more to make it available to test easily without having to lug out the laptop. Nobody is inventing new exploits for such underpowered hardware as the flipper. People are porting known exploits to it.
I can't say how concerned you should be, but this won't make her any safer than before, equal risk. Just as likely someone with a laptop in a backpack doing that. We don't make laptops illegal tho.
What I would be concerned about is the idea that the company that makes the implant would not be able to easily test for issues in the implant with such an "illegal" device. Yes they could use a laptop, but you don't use an xray machine to find a stud, you use a handheld studfinder cause its cheap and easy.
Hope that helps explain a bit
canada just streisanded me into obtaining one of these. i cant wait to play with it
even in its anger, canada helps. thanks!
I have one and I highly recommend the wifi card. I also have a slightly working Carbon Dioxide sensor - I say slightly because it's readings are consistently off when compared to my Aranet. Supposedly there's a way to calibrate, but I haven't had time to dig into it further.
My only issue with the device is that I wish there were more tamagochi elements to the dolphin buddy.
tamagochi elements to the dolphin buddy.
hahaha thanks! i love the idea of the co2 sensor
The Wi-Fi card is a must in my opinion. Learning about EAPOL handshakes, hashing, cracking and list vs masks was an awesome use of some 200 hours. Obviously I only used hardware I own and configured, but boy do I feel like Mr. Robot lol.
The device only gives easy access to already extremely weak/non existent security systems. That's literally it.
It's just something that's existed forever, but put into a convenient package and marketed well enough that suddenly normal people are realising how insecure their electronic systems actually are.
Kinda like how they used to make pacemakers hackable because they never thought to add any security at all. I bet many of them still don't.
Anyway, the issue lies not with this device, which can't "hack" anything with any actual security, the issue is with manufacturers making devices that literally leave the door wide open to anybody with an extremely basic electronic sniffer/cloner device.
Yep you can do the same operations with a RTLSDR (20-40$) and a signal repeater (20ish) and raspberry pi/netbook. It's somewhat harder to do if you don't know the software but it really just exposes very insecure hardware. Companies should put a semblance of security and it would take care of things. These kind of devices are everywhere not just the flipper. Flipper just made it a tiny bit more friendly.
So, rather than hold automakers accountable for not having proper and effective security practices you focus on a tool designed for security professionals.
This take is so unbelievably brain dead I'm surprised these people are able to breathe without machine assistance
Auto makers are really bad about it. CAN Injection has been a thing for a while now. Cars are going IoT, and a flipper will be the least of the vulnerabilities as things progress.
I’ve just had premonitions of cars crashing into each other in car parks when the ‘self parking’ mode is hacked…
As things progress, security should improve. Keyword SHOULD. But they don't because good security ain't cheap.
If the flipper can help you stealing a car, the flipper is not the problem, but the neglect and incompetence of the car company is.
Maybe cars should not be so easy to steal... I thought we came to an agreement on this.
I work for a company of under 100 employees in a small city. Our head IT guy bought a Flipper Zero with his own money so he could make sure our building key fobs couldn't be easily copied.
If this guy can do it, I think the bajillion dollar auto industry can figure out a solution!
A single guy does not have 3 layers of managers and bosses above him, who have "better ideas", costscutting policies and "i have no idea what you just explained to me, so lets just not do it!".
Yeah however how will the car companies make even more money?
"It is unacceptable that it is possible to buy tools that help car theft on major online shopping platforms.”
I can buy a hammer and screwdriver online, and those could be used for car theft. Does that make those also unacceptable?
They're also really good at murder, a much more serious crime.
While we're at it let's just ban all metal cutlery, just to be on the safe side.
Go then champ
It's called pretending to do something about the problem.
The way they get access is by amplifying a signal of a car key near the entrance to trick the car into thinking the key is nearby. Others do just pick the driver's side lock. Then once inside, they connect to the vehicle and pair new keys so they can drive away in less than 10 minutes.
I've never understood the way modern cars just unlock without any button press, that seems really insecure. Some organized thieves probably aren't even bothering with lock-picking and ignition hot-wiring these days as older cars would be low value to them. Oh and if a random crackhead really wanted something in the car they would probably just smash the window or pry the door anyway.
A solution would be a 24 hour lockout timer to program new keys. That would prevent mall jackings and be a small incovenience for repair shops to need to keep cars in the garage overnight.
I call it virtue signaling. It's the same idea, just a clearer term for it.
Do those mythical organized thieves really exist? I think 80+% of crimes are crimes of opportunity done by vulnerable people like crackheads, mentally ill, or other low income people.
Well you can address drug addiction and vulnerability to an extent but this is about autotheft? What do drug addicts or vulnerable low income people need 6497 stolen cars for? Those will probably be caught relatively easily anyway if they just drive in the area.
The thing is that they ship these cars overseas as quick as possible and for big money and nearly impossible to recover. You can't do that as some lone Joe looking for your next blow, it's a profitable criminal enterprise with multiple people taking part, to steal the cars, schmooze through the paperwork, get the cars in containers to ship, then receive payment at the other end.
Some of the initial carjackings may be opportunistic, but the people shipping the stolen cars out of the country are definitely organized.
Nah, flip that around. What's a random crackhead going to do with a stolen car? Vs an already-organized and knowledgeable business like a towing company who wants to add a lucrative side gig. That's who's doing catalytic converter theft, too.
Cars that unlock without pressing anything or by pressing a button on the door look for the key that is bound to them. It is secure in that only a key programmed to the car can tell the car it is ok to unlock. They keys are authenticated with a rolling code that is synced between a car and key when the key is programmed to the car. Thieves clone the key's signal and then the car has no idea that the fake key is not the real key.
You can't hotwire a modern car. On a modern pushbutton ignition car the starting function is allowed through a security module that makes sure the key is there before starting. Pushing the button only asks permission to start the car and then the module is the one that tells the car to start.
Lock-picking a modern car can be done, but it is far easier to use a wedge and inflatable air bag to pry the door open enough to use a hooked tool to open the door from the inside. Nobody picks automotive locks anymore, a lot of the door locks can be ripped out and bypassed anyways. You can of course just break the glass, but it may sound an alarm. The F150 has a massive theft issue Ford won't bother to address, the alarm can be disabled from outside the car using no tools whatsoever.
Once a thief has access to the inside of the car, they can program a new fake key using specialized software which is usually dealer level software but it can be done using 3rd party software. You can't just ban all non-dealers from having the capability to reprogram keys, that is user-repair hostile and would mean you have to pay whatever the dealer wants to replace a lost or damaged key. Not to mention that thieves will still find a way to access dealer tools and keep on stealing anyways.
A lockout period wouldn't accomplish anything, the original key still gets cloned and can be used to drive the car away. Once the stolen car is taken, the thieves have all the time they want to reprogram a key.
Enhancing security measures by using a more secure key authentication method will only go so far as to preventing theft and will add considerable costs to cars and key replacement. Thieves will catch up to any means of securing cars. A better solution is to improve economic prospects and enforce the current laws effectively to remove incentive to steal cars.
Your points are all valid and I agree with your suggestions. I still think every hour of delay is important to try to track down the car before it gets out of the country...
So compare an easy to steal car with a keyed ignition, with a modern push to start car. I don't drive now but I used to drive the former. It wouldn't sell for much in a used market or criminal market. Being stolen for use in a crime it may be more useful on the other hand. I don't know if thieves looking for easy marks would go for that car over one with more modern tech...
Some cars have that already and have had it since like 98 iirc.
Then what's the manufacturer's excuse for not having them on current models? It would prevent the "one and done" type of attacks, there's at least a chance that any setup gets caught on camera before the car is stolen later?
Sure, go ahead and blame the tool.
Then blame the science.
Then blame the scientists who developed it.
Blame everything but the thief.
\s
Then blame free will for all crime in the world and all wars waged.
First blame the thief. But then in the same breath blame the manufacturers that refuse to sell cars with meaningfully working locks. If you understand the tech many car companies keep selling cars that have locks that are about as secure as a zip tie.
The companies will just go around blaming some random engineer for it and then go on throwing money for PR stuff.
I see how that might make sense to lawmakers. It does present itself as a problem. But the fact that it is a symptom of a security issue is the reason it shouldn't be outright banned. I haven't used the thing, but it has looked to me like a pretty snazzy multitool.
It's like banning swiss army knives. I can see why it looks like it makes sense, but it really doesn't.
It reminds me of a lawmaker in one of the flyover states that wanted to make it illegal to look at the source code of a website.
Think about this for a second.
And realize that this twat is writing laws.
I had not heard of that one. Was it the "internet is full of tubes" guy?
It's like banning swiss army knives
That's why we went forth and banned everything swiss, army, or knive, altogether
Now I have to put holes in my own cheese using my own secret, illegal methods
I've been watching flipper since it was announced. I should probably buy one and play with it.
All this is going to do is increase sales of the thing and probably increase the number of "kids" trying to break into cars. Streisand effect ftw.
I have one.
Its fun.
But on the subject of rolling codes, I was able to get through a security gate that relies on, essentially, a garage door opener.
The exploit relied on the ridiculously low amount of rolling codes it cycled through.
Capture one, and try it a few times to get through.
Cars are more robust. Despite tinkering with it for about 8 hours, I wasn't successful with defeating it. That being said, I picked up the device, in part, to start messing around with various signals as an educational tool.
The real problem is Flipper Zero is just a nicely packaged tool that can also br easily assembled with other off the shelf parts. And those parts alone can do many other things that should not be made illegal. The real solution should be from car manufacturers and ensuring that they don’t use tech that can be so easily hacked.
Car security is horrible
I bought a copying remote from aliexpress thinking "no way my car has a static code and not a rolling one... right?"
Nope, fuck you Kia, any stupid cheap remote from aliexpress can be used to copy keys from a surprising amount of cars.
Car security should improve and I hope this becomes a big enough issue that it get's better regulated
Just ordered one. I had no real interest, but once you tell me I can't have one....I must have one.
Sales will go through the roof, and being black market will only give it more publicity.
Oh and yeah, it only works on cars without rolling codes, like, from the 90s
Or modern Kia cars, it's horrible
You'll love it
RollJam and RollBack are the exploits for bypassing rolling codes. These exploits are possible because you can replay captured codes at a later time.
What's happening in most cases is the proximity-based fobs are simply amplified with a device to reach the person's car in the driveway, since most people keep their keys by the door, and in some cases even within reach of the car without a device. It's this low hanging fruit where the theft happens, or just a tow truck...
The Flipper is more of an enthusiast and pranking device. The devices used in actual thefts are like disposable $50 alibaba pieces of shit. Canada is effectively creating a clandestine market for simple radio amplifiers made from the most basic electronic components. As someone in Canada who used to build the classic cmoy Altoid-tin headphone amps to sell on etsy, this is tempting...
Ah yes banning the tool will 100% take care of the problem.
Clearly criminals who steal cars will DEFINITELY listen to this new law banning their tools.
We just need to make crime illegal 👌
That said, this is the argument that gun-owning cowards use, so does it fall under the "How do we stop this happening, says only country in the world where this happens regularly" category?
Probably a wise move to nip it in the bud
That's the main issue here, the flipper isn't useful in car theft
I guess it could steal maybe some 90s cars with remote fobs, but I don't think it can do modern keyless entry cars in any useful way.
Not only that, you can easily buy more advanced car stealing tools that are made for this purpose from Chinese websites.
Honestly, I am embarrassed with the whole "look like were doing something" shtick by my government. An expensive gathering of decision makers from various sectors, a National Summit, just to say: we are now gonna be soooo tough on crime and let's ban the toy we just saw on TikTok.
Car theft was a major problem before 2010 until engine immobilizers became mandatory since 2007 on all vehicles made in Canada
Then everyone got too comfortable. The regulatory bodies and car manufacturers were too focused pretending doing some work and publishing all the buzzword-of-the-day "accomplishments" they were doing while patting each others backs without explicitely requiring manufacturers to comply/implement immediately anything. Meanwhile, manufacturers were happy to integrate almost off-the-shelf "children's RC" car starter pack obfuscated through invisible/non-existent security and protected under dubious industrial secrets.
Obviously, criminals smelled the easy money. Starting around 2013 — mystery car unlocking device | 2015 — signal repeater car burglary, car thefts by relay attacks were known by automakers but ignored as one-offs, too technical, already dealt with by law enforcement to lets pretent it's not that big of a problem or leave it to the police. Meanwhile, insurance claim replacement vehicles are selling like hotcakes and it is "convenient" to ignore the problem.
The following years various reprogramming theft become known and finally CAN bus injection — new form of keyless car theft that works in under 2 minutes or in depth investigation by Dr. Ken Tindell, becomes so easy, so cheap and widely available that even kids uses them to gain Youtube/TikTok followers.
Car hacking was a becoming serious concern during the pandemic, but now it's simply ridiculous and as if current automaker included/provided anti-theft/GPS tracking were (un)knowingly made "defective".
Hence, everyone is playing catch up and blaming left and right on who is responsible for this in-slow-motion public safety disaster.
Brian Kingston, president and CEO of the Canadian Vehicle Manufacturers' Association, which includes Ford Motor Company of Canada, General Motors of Canada and Stellantis, said increasing the risk of prosecution is the most effective way to deter vehicle theft.
"And at the same time, providing more outbound inspection controls at the ports to prevent the flow of stolen vehicles to foreign markets by organized criminal organizations," he added.
New vehicle safety standards have been published (rushed?) recently. We will see if all the panic settles down like after 2007.
Moreover, the exponential prevalence of car theft also laid bare the incredibly poor and ineffective security at the various ports of Canada. Unsurprisingly, it has been a known constant devolution:
The whole "these can be used for high scale crimes" argument is straight up fearmongering. One or two people have reverse engineered the remote protocol on one or two specific models of Volkswagen car, and, after listening to the car being locked and unlocked several times using a laptop and $500 SDR, can reconstruct a signal to unlock the car. When a cybersecurity professional figures out this is possible at all, it makes the news.
If your car can get broken into by any random script kiddie with a Flipper Zero, sue the car company for gross negligence.
Exactly. If the car can be broken into that easily, it's the car company's fault.
Ya but, you can't steal cars with this unit.
If our politicians are not the laughing stock, they should be.
They're too busy profiting from all of the illegal activity in this country. Organized crime is absolutely thriving in Canada because the people in charge are allowing it to occur.
It seems like maybe the problem is that automakers were able to widely market vehicles that use wireless protocols that are relatively easy targets for attack. This was never properly secure.
Automakers should absolutely be held to higher standards (in general) than they are, and it's not likely that banning specific devices is going to have any measurable outcome here. It's pretty well known that people buy and sell malware, and people can just... make devices similar to a Flipper with cheaply and readily available hardware.
This is just dumb posturing to avoid holding automakers and tech companies accountable for yet another dumb, poorly thought out, design feature.
And obviously it doesn't stop at cars. It seems pretty clear that snooping on any feature using RFID or NFC tech is only going to become more widespread. Novel idea: what about using... actual keys as the primary method of granting physical access? Lock picking is obviously possible but a properly laid out disc-detainer lock is pretty goddamn hard to bypass even with the proper tools, and that skill can't just be acquired in the same way as with electronic methods of bypass.
This reminds me of IMSI catchers, which governors and mayors don't mind if law enforcement has them, but when your neighbor makes one out of a mail-order kit and a soldering gun then suddenly it's an instrument of terror.
Oh and police aren't supposed to have them in the US, but no one punishes them for using one. It's inadmissible in court, so they have to parallel construct (id est, lie ) about how they got your location from an informant or through detection dogs or something.
In fact, a lot of security is lax, and we don't bother until it's private interests rather than law enforcement that are using them with malicious intent.
I don't even know how to use this thing but I bought one reflexively when I got the sense it would likely be outlawed in the future.
I want to do the same but at $165 it's a bit steep for something I probably won't understand enough to use.
Use it to prank your friends and family. Wholesome, legal, fun.
Oh right, forgot about this little thing. Had my eye it long time ago, but forgot about it. Thanks for reminding me Canada. Should probably read up on Streisand effect.
They are a fun little tool for hardware hacking and teaching yourself more about what it can do. I bought one last year.
I absolutely love mine :)
Dude I think I might pick one of these up just for the IR, I miss the good ol days of controlling my tv and tvs on the go with my phone. I need to find out what all else it can do (and only use the powers for good), the RFID and NFC and garage doors and all that sounds like it could be convenient.
It can control pretty much anything that uses a wireless signal, it's a pretty neat device.
I just looked up some random youtube videos and man this thing would have been great while I was delivering pizza!
xiaomi phones have an IR blaster still.
Well unfortunately, call me when they have grapheneOS. The F0 honestly seems perfect just for that and it looks like it can do so much more!
I think people need more visibility over the electromagnetic spectrum, not less, to catch car thieves. This needs to be white hat into a car theft attempt detection kit.
I understand and appreciate the point of the childish look of the f-zero, but I often find myself wishing it was in more of a phone or phone case form factor.
Why? No one questions a phone in your hand. You can be literally anywhere, including places that disallow phone usage, and no one is going to bat an eye. But a f-zero raises questions. I can’t tell you have many times I’ve been asked “what is that thing?”
And now, it’s reached a level of popularity that people will recognize it for what it is. It’s not generic looking, in fact quite the opposite. Whereas a long, wide, thin black box looks like every other phone out there.
So what are you doing with it that makes you prefer not to be noticed?
I’ve used it in multiple places that I don’t like the questions. Hospitals when the tv remote has been “misplaced” (aka staff doesn’t give a fuck and someone stole it,) bars (with permission,) entry into hotel rooms, at my work because I forgot my badge.
And as mentioned, pen testing. Though not professionally and just at the office (with permission) to see how far it could get (surprisingly far actually, with the right badge.)
The thing about it is though, it stands out to an extreme. Even if I have it out on a table while sitting down (it’s rather bulky for a pocket) people take notice and ask what it is. “It’s like a universal remote” just raises more questions.
Besides the obvious nefarious purposes, a pen test is something legit I can think of that would be useful for.
Some people just prefer to care for their little digital dolphin in peace.
Maybe read the article before presuming anyone using a flipper is a criminal. Like damn yo.
There is nothing this thing can do that a dedicated hobbyist couldn't replicate with parts bought off the shelf at a RadioShack, so where does the line get drawn
We don't have any Radio Shacks anymore 😞
I miss Radio Shack, but also I feel like toward the end there the workers wouldn't even let me breathe.
If you have one in your area, check out Sayal Electronics
Clearly they should ban RadioShack... Wait..
I’ve got one and it’s a lot of fun. Can’t lock me out of anything now.
It's a multi faceted blame. Yes, you blame the hardware that's helped used to commit the crime, then you blame the people using it to commit the crime, then you blame the people still allowing it to be done. Look at America for example. People use guns to kill children in schools. Then you blame the person for committing the crime, then you blame the politicians who refuse to make it harder to get a gun
I don't get these arguments. These tools aren't weapons, and limiting legal access to pentesting tools will decrease corp's and individuals' ability to be proactive about security.
These devices can be manufactured relatively easily and making them illegal will essentially mean the only people doing security tests are criminals. Large tech companies, correctly, run bug bounties where independent security researchers can make income by reporting reproducible and exploitable bugs. The concept here is called offensive security and it's extremely important for building better and more secure platforms. This situation will never be improved by limiting legal access to useful testing tools.
The responsibility should be on automakers and other companies that have massively insecure products, not on open source developers who are making products for security researchers.
The problem is where does the line end? I can use a Mason jar, metal bits, and some simple household chemicals to make a shrapnel bomb like they used in the Boston Bombing. Should we ban Mason jars? I can additionally buy a dozen consumer drones and then attach those shrapnel bombs and fly them into a crowd at eye level - making the Boston Bombing look tame in comparison.
Are we to ban drones? I can use basic household cleaners to make mustard gas, I can get cyanide from regular items, I can take my car and drive it into a group of children waiting for the bus.
If someone wants to commit a crime, they are going to find a way. There's a line where we have to look and say - the costs of living in a free society means that individuals have the capacity to commit crimes. If we get rid of the capacity to commit crimes entirely, we would have also necessarily gotten rid of the free society.
"It's really easy to duplicate keys for this car, let's ban key makers."
While we're at it, let's make theft illegal
The truth of the matter is, Canadian laws are intentionally non-sensical and intentionally don't address the root cause of crime. Our country's leaders are openly engaging in numerous large scale scams not the least of which is the stolen car market. How do you think alllllll of these stolen cars wind up in Africa and SE Asia? Shipping manifests, inspections, public awareness of the string of thefts. How does the government manage to always miss these blind spots do you think?
I'm no expert, but wouldn't it be very expensive to ship a bunch of cars to a different continent? Particularly stolen ones?
Yea but not as expensive as shipping a bunch of cars and also paying full price.
A quick google tells me 90% of the legal trade is shipped by boat, so you are paying for the boat regardless.
Not really. Those don't go on specialized car freighters, they're just packed into a shipping container.
I wanted to get one one day. This sucks. Now I'm gunna have to import it from some rando in Brazil like I did for my switch mods.
This is the best summary I could come up with:
Presumably, such tools subject to the ban would include HackRF One and LimeSDR, which have become crucial for analyzing and testing the security of all kinds of electronic devices to find vulnerabilities before they’re exploited.
This slim, lightweight device bearing the logo of an adorable dolphin acts as a Swiss Army knife for sending, receiving, and analyzing all kinds of wireless communications.
People can use them to change the channels of a TV at a bar covertly, clone simple hotel key cards, read the RFID chip implanted in pets, open and close some garage doors, and, until Apple issued a patch, send iPhones into a never-ending DoS loop.
The price and ease of use make Flipper Zero ideal for beginners and hobbyists who want to understand how increasingly ubiquitous communications protocols such as NFC and Wi-Fi work.
Lost on the Canadian government, the device isn’t especially useful in stealing cars because it lacks the more advanced capabilities required to bypass anti-theft protections introduced in more than two decades.
The most prevalent form of electronics-assisted car theft these days, for instance, uses what are known as signal amplification relay devices against keyless ignition and entry systems.
The original article contains 617 words, the summary contains 195 words. Saved 68%. I'm a bot and I'm open source!
I can't be the only person who reads "I'm open source" with the same cadence as "I'm on a horse" then hears the Old Spice jingle in my head, can I?
Well in any case, if you were the only one, you aren't anymore.
Guns kill people.... How about banning guns?
But then how would we well-regulate our militias
Oh yeah. Sorry, what was I thinking! 🤔
How do you ban a device built with open source hardware and software anyway?
Tyrannically.
It's hardly tyrannical. It's a device meant to be used to steal cars. Not banning it would be seen as willfully ignoring part of the problem. They're still ignoring the root cause of the problem, but they have to be seen attempting to govern. If they're not banning the open source hardware, then we're not living under the thumb of a tyrant.
It’s a device meant to be used to steal cars.
No, that's a lie. It's no different than saying that a VCR is "a device meant to steal movies."
Bro what are you talking about
At least the article did a good job of calling this ban the bullshit it is.
Why not improve the security with an arms race? Keep it legal and the responsibility of the manufacturer to make a secure vehicle.
and recall every car they ever made that can be opened with a remote?
Isn't that what happened with the KIA and Hyundai cars?
Right? That's the thing. Car thieves don't care if the tool is illegal; they're already planning on stealing a car.
If you make the tool illegal, you're just making it harder for security experts who do care about the law.
The problem, of course, is distinguishing between harmless and harmful use. There are painfully few things that are objectively good or bad.
Hey, I've seen your deleted post about trying to seed your instance.
You seem to be the admin of a new instance.
By default, your instance won't see any remote communities content until someone subscribes.
Which is kind of a catch 22, because you kinda have to know about it to subscribe.
To browse for communities:
https://lemmyverse.net/communities
You can then use your instance's search bar to fetch it initially in order to subscribe to it yourself.
Which you've likely already done for this one.
There's also a tool that can do this for you:
https://lemmy-federate.com/ (which was formerly known as communityboost)
Then again it may subscribe to things you aren't interested in, so that may or may not be for you.
Cheers, welcome and good luck.
Sounds like buying a bunch of Flipper Zero devices and selling them on the street corner is a great investment opportunity
WTB.
I'm in the US. PM me with your scalper prices.
Can you even buy these without ending up on a list somewhere? Since its only sold online this feels like the kind of thing that gets you on a list
I know of a mattress company that you can only purchase from online.
The only list it gets you on is a mailing list about their mattresses.
Mattresses vs Contraband. I wonder if the government monitors web traffic to the contraband website.
Ok I see why you guys might think this guy is being dumb, but having spent some time on Agora with all the honey pots, it's not too crazy.
That said, it's probably much less likely here my dude.
Only because Canada doesn't actually give a shit about car theft. If they did, this would be a very obvious honey pot.
Why is that shit even legal?
I could care less about cars, but this thing has hacked glucose pumps and led to a St Jude's pacemaker recall, so fuck em. People can have their toys back after manufacturers of literally everything are better regulated. Until then, it's a weapon.
it can't do anything a rooted phone can't.
most features don't even require root (like android allows direct control over the ir blaster)
Then why weren't glucose pumps and pacemakers being targeted by phones before these Flipper Zero started trending?
This is about more than just cars. Anything that uses RFID, NFC, etc, such as an employee badge or even contactless credit/debit card payments, are vulnerable to such an attack.
Jason Thor Hall (ex-Blizzard employee) explains how such things can be used in social engineering attacks. A Proxmark is a similar device to the Flipper Zero.
Regardless of whether it's open source hardware/technology, should we be authorising sales of such prebuilt devices for $170 which can allow the average Joe to break into an office or steal a car?
Yes we should allow them, because the problem isn't that this tool is available. The problem is that cars and other devices aren't more secure.
If you broke into a bank vault with a screwdriver, you don't ban screwdrivers; you get mad at the bank.
did you read the article? the flipper can essentially "break into" next-to no cars produced after 1990
Should 'we' be 'authorizing sales' is an interesting choice of words imo also, nothing negative just saying it made me question who the "we" part really is, and if something being sold has thus been authorized by some all powerful body
Here is an alternative Piped link(s):
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.