The Flipper Zero is a general-purpose tool and STEM educational device. By banning the device, a country would be setting back their workforce of engineers and scientists a bit.
How can you use a Flipper Zero to steal a car? Flipper Zero can't crack hard encryption.
Is the real problem that cars were made with security that they already knew was negligently weak at the time? If so, is a recall of those cars more appropriate?
The Flipper Zero is a general-purpose tool for engineering and information security research. By banning the device, we will be doing a disservice to our country’s practitioners in these fields, while doing little to thwart car thefts.
If possession of a device like Flipper Zero is the enabler for car theft, then it leads me to believe that such cars had negligently insecure encryption from the day they were manufactured, and a recall of such cars would be more appropriate.
A lot of vehicles - my wife’s 2015 Kia included - have a very flawed implementation of rolling key encryption. Basically, you need to capture three consecutive keys. The receiver is programmed to allow any future key (in case the fob was pressed away from the car), and will happily reset to past keys when you send three consecutive keys in sequence.
Ostensibly this is to avoid people’s fobs from becoming “unpaired” somehow if the car receives a future key. You just hit the button a few times and it works. In practice, it’s trivially easy to exploit.
Can a FZ assist in enrolling a new key in the ECU immobilizer’s list of approved keys, or does it just facilitate a relatively quiet way of unlocking the doors?
Because honestly there are lots of ways of gaining access to the inside of a vehicle, and if it can’t enroll a new key it’s neither necessary nor sufficient for stealing a vehicle.
> How can you use a Flipper Zero to steal a car? Flipper Zero can't crack hard encryption.
It’s impossible, you can’t even use it against garage doors rolling keys without accessing the garage unit and program it like a new remote. The ban has nothing to do with car theft.
Someone on the plane I was on kept triggering it to do bluetooth attacks ('not your airpods') while I was trying to read (and have my earphones on connected via bluetooth so fuck me right?).
There's hacked firmware's you can install [0]. I understand that there are probably tons of other devices like this out there but this one was SO fucking popular and easily accessible.
I've already seen this thing abused and used in a super obnoxious way. Frankly I think you should be arrested for having it on in the passenger cabin of an airplane.
This is typical. All this stuff about people knowing where their cars are and the police, CBSA etc not doing anything about it*, the complicity of all the port and shipping people, but the government pretends banning some electronics will change something. I don't know what people expected from a "summit" or whatever they did, there are lots of clear steps we could take, but instead we get this.
In the grand scheme, these are remarkably unsophisticated devices. It's almost a meme in RF circles to excitedly buy one and then immediately realize it's just a Girl Tech IM-me with NFC.
If you want to do real damage there are portable SDRs that can jam GPS and transmit just about any arbitrary radio signal from DC to 6GHz for less than $500. This is a mildly powerful toy that has a large, intelligent and curious community around it.
The reality is RF stuff is wildly under-explored right now outside of military spaces. On the consumer side I'd guess we're somewhere around the early 2000s internet in terms of security posture. It's probably best to consider the flipper community to be a gift of minimally destructive pentesters relative to what they could be if someone wanted to actually dish out real electronic warfare.
Canada has totally lost its way.
Housing is a massive issue. Healthcare is under constant attack. Immigration is used to prop up a failing economy. We don’t really make anything. Wages are lower than the US just because. There’s no negotiating power. The dollar is weak. We can’t extract most of the available resources because of the weather and environmental concerns. The praries are being sold off to foreign investors. The smartest and most educated leave. Starting to feel like a fool for sticking around.
Never cared much about the Flipper Zero personally, but now that governments are banning them I guess it's time to buy one. Great unintentional marketing campaign, Canada!
That's how I feel; I'm confident that if I had one it would end up in a drawer alongside raspberry pi's and ESP32s and the like, but hearing it may be banned is a compelling argument to get one.
That said, this is the most popular one, I'm sure there's clones out there already that fly under the radar.
Exactly this. It is unfortunately above my budget for items with certain near 100% shelf time, because this is a pretty exciting device to boast about owning. Especially after this news from the Canadians.
Car thefts have increased by a significant amount outside of their normal fluctuations, but they are still much much lower than they were before 2010. To call it a crisis is hyperbole. Canada's car thefts are the approximately the same rates as the US.
Flipper zero is a casualty of poor security practices, and the insurance companies need to be going after the car manufacturers for making it so easy. I would even say if it's so easy to bypass, then buttonless start should never have even been legal.
You can ban the flipper zero, but it does not seem that difficult to get them into the country nor does it seem difficult for criminals to make their own.
I wouldn't trust that data at all without associated data on reporting rates over time. There's absolutely a crisis, and it's bad enough that people have stopped bothering to report thefts to the police since they know nothing will come of it.
Canadian government once again proving it is stupid. These are the same groups that had moral panics and tried to ban video games and rock and roll without any actual information.
Just root a phone and you have a far more powerful hacking platform.
> Innovation, Science and Economic Development Canada (ISED)
Innovation, Science and Economic Development Canada will work with Canadian companies, and the automotive industry, to develop new solutions to protect vehicles against theft and to assist with recovery of stolen vehicles.
> ISED will pursue all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with law enforcement agencies.
The actual solution would be to force auto makers to have better security that can't be cracked by script kiddies. Banning a tool like the F0 is like banning hairpins or paperclips because they can be used to pick locks. Their primary "purpose" isn't that at all. What would be okay is to ban the use of an F0 to steal a car. Not ownership of an F0, or a screwdriver.
> What would be okay is to ban the use of an F0 to steal a car.
Ban carrying them. If it's truly an educational tool you don't need to carry it around with you. Same as (in the UK) carrying a set of lockpicks is grounds to be arrested for 'going equipped' unless you're a locksmith.
Like every other wide-spanning law the Canadian Government has passed lately (including the one on firearms and the soon-to-pass adult-content on the internet), I imagine they will ban swathes of legal products that use RF and do nothing to actually prevent crimes from occurring.
Sort of like banning foreign buyers of homes to cover up the fact that they’ve given into NIMBYs for four decades and not built enough housing to keep pace with the population!
This is so misguided. If I can in any way steal a car with a Flipper Zero (regardless of firmware), that car should be recalled and fixed by the manufacturer.
This just means that only criminals will use Flipper Zero. And they were already stealing cars. I don’t think they will mind one additional illegal activity.
But how many previously law abiding citizens will be hurt by not having this technology, or becoming criminals now?
Snail mail tends to work better for reaching out to Members of Parliament just out of the blue, though still no guarantee since it's still an intern that's opening and reading it.
Emails seem to work fine if they already know you.
It appears that Flipper Zero is virtually useless in almost all car thefts and is just being unfairly targeted by Trudeau. Also, the company didn't even get a heads up about being falsely blamed:
> Alex Kulagin, COO of Flipper Devices, said in an interview that his company received no communication from the Canadian government ahead of Thursday’s statements.
So if I'm reading this right, they're banning something that is too underpowered to run the exploits people are using to steal cars (which are only possible in the first place because car companies' threat model is mostly about their customers rather than thieves) in order to pretend to do something about car theft
I've been pretty happy on balance with measures introduced through direct democracy in recent years (mostly happens at the municipal and state levels in the US), and it seems like most people are unhappy with measures introduced by the normal "democratic" means of governance in rich nations, where we elect people, who then make laws
Maybe we should do more of the former and less of the latter
The main problem with direct democracy as performed in the US is that it's trivial to manipulate with sufficiently large ad campaigns, because the average voter is not super well informed on most topics and is usually not motivated to dig deeply when i.e. a ride-sharing company spends a cool hundred million to get the legal outcome they want.
This is not to say that the alternative is immune to these problems, but as a former long time california resident direct democracy was directly responsible for many of the state's problems, i.e. prop 13.
In many cases any special interest or sufficiently motivated rich person can also just keep putting their pet issue on the ballot over and over until it passes.
Swiss here, curiously interested, what does direct democracy in the US look like?
Direct democracy means a lot around here, like not having a single party long term in some control positions who could block or manipulate bills. Voting on topics instead of politians is only a small aspect of this all working.
FTA: "ISED will pursue all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero"
Text uses the flipper zero as an example, not as the specific target of the ban.
They don’t need to. Banning the easy method will stop the majority of cases. Most people won’t bother with a slightly less easy method requiring the most basic of technical skills or more research than the first Google result.
Similar to how moving ssh to a non-standard port stops most attacks.
The issue isn't devices like the Flipper Zero as much as the weak standards of security (and perceived obscurity) being used to not use actual security to secure cars.
Auto manufacturers could .. create more secure devices for cars. Of course existing vehicles are a different problem. That was avoidable to some degree.
[+] [-] dang|2 years ago|reply
https://arstechnica.com/security/2024/02/canada-vows-to-ban-...
https://www.bleepingcomputer.com/news/security/canada-to-ban...
[+] [-] neilv|2 years ago|reply
How can you use a Flipper Zero to steal a car? Flipper Zero can't crack hard encryption.
Is the real problem that cars were made with security that they already knew was negligently weak at the time? If so, is a recall of those cars more appropriate?
[+] [-] ireflect|2 years ago|reply
Here's my template:
I am a Canadian citizen in your riding (A1B 2C3) and multiple business owner in the technology sector.
As an expert in the field of electronics and information security, I am concerned about the ISED’s initiative to ban Flipper Zero and similar devices, announced at: https://www.canada.ca/en/public-safety-canada/news/2024/02/f...
The Flipper Zero is a general-purpose tool for engineering and information security research. By banning the device, we will be doing a disservice to our country’s practitioners in these fields, while doing little to thwart car thefts.
If possession of a device like Flipper Zero is the enabler for car theft, then it leads me to believe that such cars had negligently insecure encryption from the day they were manufactured, and a recall of such cars would be more appropriate.
[+] [-] Ancapistani|2 years ago|reply
A lot of vehicles - my wife’s 2015 Kia included - have a very flawed implementation of rolling key encryption. Basically, you need to capture three consecutive keys. The receiver is programmed to allow any future key (in case the fob was pressed away from the car), and will happily reset to past keys when you send three consecutive keys in sequence.
Ostensibly this is to avoid people’s fobs from becoming “unpaired” somehow if the car receives a future key. You just hit the button a few times and it works. In practice, it’s trivially easy to exploit.
[+] [-] barbazoo|2 years ago|reply
[+] [-] frankus|2 years ago|reply
Because honestly there are lots of ways of gaining access to the inside of a vehicle, and if it can’t enroll a new key it’s neither necessary nor sufficient for stealing a vehicle.
[+] [-] tamimio|2 years ago|reply
It’s impossible, you can’t even use it against garage doors rolling keys without accessing the garage unit and program it like a new remote. The ban has nothing to do with car theft.
[+] [-] virtue3|2 years ago|reply
Someone on the plane I was on kept triggering it to do bluetooth attacks ('not your airpods') while I was trying to read (and have my earphones on connected via bluetooth so fuck me right?).
There's hacked firmware's you can install [0]. I understand that there are probably tons of other devices like this out there but this one was SO fucking popular and easily accessible.
I've already seen this thing abused and used in a super obnoxious way. Frankly I think you should be arrested for having it on in the passenger cabin of an airplane.
[0] https://github.com/DarkFlippers/unleashed-firmware
[+] [-] 2OEH8eoCRo0|2 years ago|reply
[+] [-] andy99|2 years ago|reply
*see https://www.cbc.ca/news/canada/toronto-man-finds-stolen-truc...
[+] [-] AnarchismIsCool|2 years ago|reply
If you want to do real damage there are portable SDRs that can jam GPS and transmit just about any arbitrary radio signal from DC to 6GHz for less than $500. This is a mildly powerful toy that has a large, intelligent and curious community around it.
The reality is RF stuff is wildly under-explored right now outside of military spaces. On the consumer side I'd guess we're somewhere around the early 2000s internet in terms of security posture. It's probably best to consider the flipper community to be a gift of minimally destructive pentesters relative to what they could be if someone wanted to actually dish out real electronic warfare.
[+] [-] Thaxll|2 years ago|reply
You can't import / use devices that have jamming capabilities.
[+] [-] joshuakogut|2 years ago|reply
[+] [-] meiuqer|2 years ago|reply
[+] [-] thinkingkong|2 years ago|reply
[+] [-] bhaney|2 years ago|reply
[+] [-] Cthulhu_|2 years ago|reply
That said, this is the most popular one, I'm sure there's clones out there already that fly under the radar.
[+] [-] finnjohnsen2|2 years ago|reply
[+] [-] fransje26|2 years ago|reply
[+] [-] tucnak|2 years ago|reply
[+] [-] data-ottawa|2 years ago|reply
None of the articles on this are actually showing the numbers. https://www150.statcan.gc.ca/n1/daily-quotidien/230727/cg-b0...
Car thefts have increased by a significant amount outside of their normal fluctuations, but they are still much much lower than they were before 2010. To call it a crisis is hyperbole. Canada's car thefts are the approximately the same rates as the US.
Flipper zero is a casualty of poor security practices, and the insurance companies need to be going after the car manufacturers for making it so easy. I would even say if it's so easy to bypass, then buttonless start should never have even been legal.
You can ban the flipper zero, but it does not seem that difficult to get them into the country nor does it seem difficult for criminals to make their own.
[+] [-] soerxpso|2 years ago|reply
[+] [-] pixl97|2 years ago|reply
Just root a phone and you have a far more powerful hacking platform.
[+] [-] user_7832|2 years ago|reply
> Innovation, Science and Economic Development Canada (ISED) Innovation, Science and Economic Development Canada will work with Canadian companies, and the automotive industry, to develop new solutions to protect vehicles against theft and to assist with recovery of stolen vehicles.
> ISED will pursue all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with law enforcement agencies.
The actual solution would be to force auto makers to have better security that can't be cracked by script kiddies. Banning a tool like the F0 is like banning hairpins or paperclips because they can be used to pick locks. Their primary "purpose" isn't that at all. What would be okay is to ban the use of an F0 to steal a car. Not ownership of an F0, or a screwdriver.
[+] [-] 15457345234|2 years ago|reply
Ban carrying them. If it's truly an educational tool you don't need to carry it around with you. Same as (in the UK) carrying a set of lockpicks is grounds to be arrested for 'going equipped' unless you're a locksmith.
[+] [-] dcan|2 years ago|reply
Thanks to our Parliament!
[+] [-] voisin|2 years ago|reply
[+] [-] bawolff|2 years ago|reply
[+] [-] amatecha|2 years ago|reply
[+] [-] Nifty3929|2 years ago|reply
But how many previously law abiding citizens will be hurt by not having this technology, or becoming criminals now?
[+] [-] maerF0x0|2 years ago|reply
[+] [-] nonethewiser|2 years ago|reply
[+] [-] barbazoo|2 years ago|reply
> Office of the Honourable Dominic LeBlanc Minister of Public Safety, Democratic Institutions and Intergovernmental Affairs
[+] [-] evandale|2 years ago|reply
[email protected]
An error occurred. Your message was not sent.
[+] [-] ireflect|2 years ago|reply
A better contact is Dominic LeBlanc, and your local MP.
https://www.ourcommons.ca/Members/en/dominic-leblanc(1813)
[+] [-] somerandomqaguy|2 years ago|reply
Emails seem to work fine if they already know you.
[+] [-] ndsipa_pomu|2 years ago|reply
> Alex Kulagin, COO of Flipper Devices, said in an interview that his company received no communication from the Canadian government ahead of Thursday’s statements.
[+] [-] OldSchool|2 years ago|reply
[+] [-] advael|2 years ago|reply
I've been pretty happy on balance with measures introduced through direct democracy in recent years (mostly happens at the municipal and state levels in the US), and it seems like most people are unhappy with measures introduced by the normal "democratic" means of governance in rich nations, where we elect people, who then make laws
Maybe we should do more of the former and less of the latter
[+] [-] kevingadd|2 years ago|reply
This is not to say that the alternative is immune to these problems, but as a former long time california resident direct democracy was directly responsible for many of the state's problems, i.e. prop 13.
In many cases any special interest or sufficiently motivated rich person can also just keep putting their pet issue on the ballot over and over until it passes.
[+] [-] herbst|2 years ago|reply
Direct democracy means a lot around here, like not having a single party long term in some control positions who could block or manipulate bills. Voting on topics instead of politians is only a small aspect of this all working.
[+] [-] gloryjulio|2 years ago|reply
That basically summaries the Canadian government's history, and how we end up in multiple crisis and negative gdp per capita situation now.
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] tim333|2 years ago|reply
[+] [-] hasty_pudding|2 years ago|reply
I think the real problem is that the system is rigged.
Your vote only matters if youre in a non-gerrymandered swing state.
Even if your vote did matter you have to choose from a a small amount of candidates selected and vetted by the RNC and DNC.
So its less an issue with representation democracy and more an issue with how rigged and pointless the system has become in my opinion.
[+] [-] jacoblambda|2 years ago|reply
[+] [-] laserbeam|2 years ago|reply
Text uses the flipper zero as an example, not as the specific target of the ban.
[+] [-] kayodelycaon|2 years ago|reply
Similar to how moving ssh to a non-standard port stops most attacks.
[+] [-] j45|2 years ago|reply
Auto manufacturers could .. create more secure devices for cars. Of course existing vehicles are a different problem. That was avoidable to some degree.
[+] [-] type_Ben_struct|2 years ago|reply