Canada to ban the Flipper Zero to stop surge in car thefts::The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.

        • @coffeebiscuit@lemmy.world
          link
          fedilink
          English
          -611 months ago

          He/she stated that you can’t steal a car with a flipper. But you can. That it isn’t a go to tool is something else.

          Besides this, you can use a flipper as a butter knife…

          Snow fucking white.

          • @agent_flounder@lemmy.world
            link
            fedilink
            English
            2
            edit-2
            11 months ago

            Yes it can be used to steal some cars.

            Banning it because it can be used to steal cars doesn’t make sense

            Btw… Some folks may not realize it is a go to tool for many things.

            Flipper Zero - Wikipedia Flipper Zero is a portable Tamagotchi-like multi-functional device developed for interaction with access control systems. The device is able to read, copy, and emulate RFID and NFC tags, radio remotes, iButton, and digital access keys, along with a GPIO interface.

            It is a swiss army knife for RF access control systems as well as harmless, related things like remote controls.

            It is used by penetration testers (information security professionals) to do myriad kinds of legit, legal work in their field.

            Like any tool it can be used for good or evil. The problem isn’t the tool but the vulnerabilities in cars demonstrating shocking negligence on the part of manufacturers.

            Banning the tools just gives us a false sense of security. The vulnerability still exists. It isn’t that difficult for someone to either get the tool, reproduce the tool, or make a new tool with existing parts. Meanwhile law abiding people cannot find the vulnerabilities as easily.

            This mostly only serves to penalize a smallish company and protect large car manufacturers from the consequences of their negligence.

            It is already illegal to steal cars. Why would criminals risking felony jail time care about whether their tools are suddenly illegal, too?

  • @Xavier@lemmy.ca
    link
    fedilink
    English
    1011 months ago

    Honestly, I am embarrassed with the whole “look like were doing something” shtick by my government. An expensive gathering of decision makers from various sectors, a National Summit, just to say: we are now gonna be soooo tough on crime and let’s ban the toy we just saw on TikTok.

    Car theft was a major problem before 2010 until engine immobilizers became mandatory since 2007 on all vehicles made in Canada

    Then everyone got too comfortable. The regulatory bodies and car manufacturers were too focused pretending doing some work and publishing all the buzzword-of-the-day “accomplishments” they were doing while patting each others backs without explicitely requiring manufacturers to comply/implement immediately anything. Meanwhile, manufacturers were happy to integrate almost off-the-shelf “children’s RC” car starter pack obfuscated through invisible/non-existent security and protected under dubious industrial secrets.

    Obviously, criminals smelled the easy money. Starting around 2013 — mystery car unlocking device | 2015 — signal repeater car burglary, car thefts by relay attacks were known by automakers but ignored as one-offs, too technical, already dealt with by law enforcement to lets pretent it’s not that big of a problem or leave it to the police. Meanwhile, insurance claim replacement vehicles are selling like hotcakes and it is “convenient” to ignore the problem.

    The following years various reprogramming theft become known and finally CAN bus injection — new form of keyless car theft that works in under 2 minutes or in depth investigation by Dr. Ken Tindell, becomes so easy, so cheap and widely available that even kids uses them to gain Youtube/TikTok followers.

    Car hacking was a becoming serious concern during the pandemic, but now it’s simply ridiculous and as if current automaker included/provided anti-theft/GPS tracking were (un)knowingly made “defective”.

    Hence, everyone is playing catch up and blaming left and right on who is responsible for this in-slow-motion public safety disaster.

    Brian Kingston, president and CEO of the Canadian Vehicle Manufacturers’ Association, which includes Ford Motor Company of Canada, General Motors of Canada and Stellantis, said increasing the risk of prosecution is the most effective way to deter vehicle theft.

    “And at the same time, providing more outbound inspection controls at the ports to prevent the flow of stolen vehicles to foreign markets by organized criminal organizations,” he added.

    New vehicle safety standards have been published (rushed?) recently. We will see if all the panic settles down like after 2007.

    Moreover, the exponential prevalence of car theft also laid bare the incredibly poor and ineffective security at the various ports of Canada. Unsurprisingly, it has been a known constant devolution:

    The devolution of port authorities in Canada has not been without debate over the past 70 years. This paper provides a brief introduction to the role of ports in Canada and then examines the history of port policy and devolution, concluding that past policies were considered to have failed due to their inability to respond to changing circumstances.

    (Reposting my same reply for a similar thread about the Canadian Government banning the Flipper Zero, please check my post history for the other thread)

  • Lettuce eat lettuce
    link
    fedilink
    English
    6011 months ago

    Classic response, don’t hold the billion dollar corpos who actually design and manufacture the cars responsible. Ban the little device that exposes the flaws in their designs.

    • 7heo
      link
      fedilink
      English
      30
      edit-2
      11 months ago

      Yeah, let’s entirely outlaw pentesting while we’re at it. What could possibly go wrong? 🙈

      • @fluxion@lemmy.world
        link
        fedilink
        English
        1711 months ago

        Lets outlaw devices that could be used for pentesting while we’re at it. PCs, laptops, phones, etc.

        • @twack@lemmy.world
          link
          fedilink
          English
          711 months ago

          Don’t forget paperclips, string, and aerosol cans. Hell, we should probably just ban wire altogether.

        • 7heo
          link
          fedilink
          English
          511 months ago

          Brains. Technically that is the most useful device when pentesting. Along with curiosity. Altho on the former, I believe we, as a society, have actually started to…

  • @Fades@lemmy.world
    link
    fedilink
    English
    1311 months ago

    That’s fucking bullshit wtf. This is exactly like bad gun reform that comes from someone who doesn’t know shit about the thing they are trying to reform

    • @ikidd@lemmy.world
      link
      fedilink
      English
      511 months ago

      Welcome to Canada. Turning dials that aren’t connected to anything is the specialty of our “leaders”.

  • @febra@lemmy.world
    link
    fedilink
    English
    1911 months ago

    Next, ban radio waves, because car companies are too damn dense to create a proper product lol

    • sebinspace
      link
      fedilink
      English
      311 months ago

      I’m surprised no fobs use a time-based token to prevent replay attacks. Would make it a bit of a bitch to replace the battery, but hey-ho, tradeoffs.

      • @Chriswild@lemmy.world
        link
        fedilink
        English
        111 months ago

        Instead of a time based token they should have authentication. To start the car you need biometric or passcode or Bluetooth to connect and the fob.

        For the life of me I don’t understand why my phone has better security than my car.

      • @ikidd@lemmy.world
        link
        fedilink
        English
        311 months ago

        They use rolling codes that aren’t susceptible to FlipperZero anyway. This is a dog and pony show.

          • @ikidd@lemmy.world
            link
            fedilink
            English
            411 months ago

            It’s been that way for a long time, it’s just kinda the accepted way. The vehicle builders had seen what garage door systems problems came about from hard-switched or dip-switched codes and just went that way from the start.

            https://en.wikipedia.org/wiki/Remote_keyless_system#Security

            The newer vehicles have these always-on systems now, the owner doesn’t have to press a specific button. So theives can amplify the fob signal that’s constantly being emitted in the house and get the car to open, then program new keys once they’re in the vehicle and drive away. But that has nothing to do with the Flipper, that’s just a radio repeater.

    • @Pyr_Pressure@lemmy.ca
      link
      fedilink
      English
      311 months ago

      The only thing our lawmakers know how to do is ban things to look like they’re doing something when really they have no idea how to actually bring effectual change or fix the problems.

      Flipper zero, foreign buyers, handguns…

  • @golden_zealot@lemmy.ml
    link
    fedilink
    English
    6
    edit-2
    11 months ago

    This is our government in a nutshell. Don’t like guns? Ban them from licensed owners instead of working against smuggling or changing the license requirement from a PAL to an RPAL. Don’t like gas cars? Ban them instead of working on public transit and infrastructure. Don’t like the flipper zero? Ban it instead of either licensing purchase and use like a billion other radio devices that exist, or holding car manufacturers responsible for ass security practices.

    Can’t wait to find out what they don’t like next, I wonder what they’ll do? /s

    • @ilost7489@lemmy.ca
      link
      fedilink
      English
      1811 months ago

      It has a bunch of abilities, but the most important one is that it can recieve and transmit radio signals that can trick devices like remote door locks and garage door openers into thinking that a key was pressed to open them, but only if they don’t have proper security systems set up. It’s built for penetration testing on systems to see how secure they are

    • @moistclump@lemmy.world
      link
      fedilink
      English
      -111 months ago

      I still don’t understand

      The Flipper Zero is a portable and programmable pen-testing tool that helps experiment with and debug various hardware and digital devices over multiple protocols, including RFID, radio, NFC, infrared, and Bluetooth.

      • @wunami@lemmy.world
        link
        fedilink
        English
        4
        edit-2
        11 months ago

        Pen-testing is short for penetration testing. Which is testing if you can break into the things. Like a locked office or a computer system, etc. Legally, it’s done to find flaws that need to be fixed before they get used nefariously.

        Pen testing techniques and tools are essentially break in tools. In this case, a tool for mimicking car key fobs and the wireless signals they send to the car.

      • @Psythik@lemmy.world
        link
        fedilink
        English
        3
        edit-2
        11 months ago

        It’s basically a 2 way radio with tools for those who like to mess with the radio spectrum. That’s the most simple explanation I can make for such a device.

      • @Fondots@lemmy.world
        link
        fedilink
        English
        411 months ago

        Pen-testing: penetration testing, basically good guy hacking to find security vulnerabilities so that they can be fixed, basically finding out how easy a security system is to penetrate.

        Debugging: fixing problems in hardware and software

        RFID (Radio Frequency IDentification), radio, NFC (Near Field Communication,) infrared, Bluetooth: different forms of wireless communication.

        RFID is used for stuff like security tags on merchandise, car key fobs

        NFC is similar (you could probably make an argument that NFC is basically a type of RFID) with a very short range used for things like making payments with your phone

        Bluetooth you’re probably somewhat familiar with, in used for a lot of consumer electronics, wireless headphones, speakers, computer mice, etc.

        All of those use radio waves in some form to pass information from one device to another.

        Infrared uses a infrared light to send information, the most common use you’ve probably seen is for TV remotes, which is why you have to point the remote at the TV to work, you’re basically flashing an invisible flashlight at the sensor on the TV

        This device can basically mimic any of those kinds of signals allowing it access, control, or bypass devices and systems that use those protocols.

        This can be useful for people working on those kinds of systems, you don’t need to have the actual key card, remote, device, etc. to test it out, you can try a bunch of different configurations without needing to reprogram the card a bunch of times, and gives you a lot of options to test for different vulnerabilities and issues.

        But those same capabilities make it attractive to people who would use it maliciously. If they don’t have the right security measures in place, something like this device could be used to gain access to secure areas by spoofing a key card, unlock cars, interfere with cell phones, snoop on wireless communications, gain access to a someone’s devices, etc.

  • @quaddo@lemmy.world
    link
    fedilink
    English
    311 months ago

    “This here’s the Lockpocking Lawyer, and today we’re going to take a closer look at the Flipper Zero….”