- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.
“Flipper Zero can’t be used to hijack any car, specifically the ones produced after the 1990s, since their security systems have rolling codes,” Flipper Devices COO Alex Kulagin told BleepingComputer.
"Also, it’d require actively blocking the signal from the owner to catch the original signal, which Flipper Zero’s hardware is incapable of doing.
Just politicians trying to appear to be doing something so they can keep their jobs.
Yes, but even if the base model hardware is incapable of doing something, someone savvy enough could modify it. It’s the same logic they use to ban AR-15s in some states in the US. By default, all civilian ARs are built to fire in semi-auto only, BUT, a knowledgeable individual can make it fire in full auto if they drill a hole in the lower receiver in just the right spot.
Edit: Okay, I’m getting roasted for pointing out that no system is 100% secure against malicious actors? Perhaps you’re missing my point that I disagree with banning Flipper Zero and fully believe it’s Canadian politicians looking like they’re doing something, regardless of whether or not it will actually work.
Are people downvoting this because you made a fair comparison between something they like (flipper) and something they don’t (guns)? Like are you being downvoted out of cognitive dissonance?
deleted by creator
Good point in general, but, what they’re specifically talking about here (rolling codes), perhaps what they should have said is that no one can (feasibly) do it, not just that their hardware isn’t capable.
Edit: Oh, for the blocking signal, that part might be functionality that could be added, I see what I think you’re saying there. Still, that would be a step towards it, but it would still require serious hardware to crack a private key, as I understand.
Lol. You better just ban all programmable boards then, because the Flipper doesn’t have any special proprietary or differential tech in it. It’s just a clever collection of already existing hardware and software. Someone will just make another immediately. Idiots.
I don’t disagree with your point, but the flipper zero for sure lowers the bar of entry. Before the flipper came out the, “You must be this tall to ride” required some pretty good knowledge of microcontrollers, hardware peripherals, and software engineering. The people that had that sort of knowledge tended to actually have paying jobs, which is like the biggest factor in not being a street criminal.
The flipper made the barrier of entry at about the level of being able to operate a TV remote which any dipshit can do. However, the fact that the flipper exists at all means that the cat is out of the bag. As you said, someone else is just going to come along and release a similar product. You can’t just ban the flipper and expect it to have any impact. My concern is they will decided to make certain code illegal, which gets really stupid.
Barrier to entry to do what? They can’t be used for vehicle theft because you can’t replay attack a rolling code, which is what all vehicles use.
The current attack is to use a repeater to amplify a fob that’s close enough to an outside wall to hijack and open these “get close enough and the doors open” locks.
Ask Kia/Hyundai owners how it can’t be used. There’s for sure cars that are susceptible to this attack still driving around, and the barrier to entry for executing the attack was lowered substantially. It’s like if you made an out of the box pentesting tool that was highly effective at breaking into vpns, identifying high value targets, and downloaded those high value database’s data at the click of a button.
https://nvd.nist.gov/vuln/detail/CVE-2022-37418
https://www.caranddriver.com/news/a43941743/hyundai-kia-vehicle-theft-settlement/
https://www.theverge.com/23742425/kia-boys-car-theft-steal-tiktok-hyundai-usb
The Flipper is literally just an ends to a means. An easily accessible action for hardware. Nobody is stopping any random person from buying a number of $3 dongles for their laptop and using it in the exact same way.
Yes but the flipper requires zero base knowledge to use it whereas setting up the hardware, installing the software, and troubleshooting any issues takes about the same amount knowledge as a helpdesk gig in IT. Again, I don’t think making them illegal does shit. I do think it’s rather obstinate to not acknowledge that the barrier for entry to execute those attacks was lowered substantially by the flipper though.
Bar for entry wasn’t really that high to begin with. There were already a collection of tools that did the same thing, and could be had for a couple thousand bucks. Yeah, a price point 1/10th the older option is more accessible, but it’s not like criminals are hurting for money just because they are criminals.
I’m onboard with that but putting it at the level of operating a tv remote really casts a wider net. You essentially have to be barely literate to use the thing, where before you had to at least be able to read and execute some walkthroughs. Also you had to kind of be in the security/tech scene to even understand that it was an option, where the flipper has, for a lack of a better word, popularized the attack.
There’s a reason that when you go on sites like exploit db well over half of the exploits require some fiddling to make work. Metasploit is similar as well because it requires you to actually be able to use a cli on some level. While that isn’t a huge bar of entry, it’s still keeps the riff raff out for the most part. The flipper pretty much said fuck it, and let not only the skiddies in, but any dipshit with $80 buy a car stealing autopwn.
I get what you’re saying, but it’s like arguing that hammers should be complicated and/or expensive because they can be used by anyone to break a window.
These tools are exposing security issues, that’s not an issue with the tool. That’s an issue with the things using the shit security.
Banning the tool fixes nothing, it’s like painting a rotting fence. The problem is still there, still getting worse, you can just pretend everything’s fine for a short while before it comes crashing down.
Your response really highlights that you do not get what I’m saying. I’m not arguing it should be banned. I’m saying that acknowledging that the barrier of entry was lowered is at least somewhat of an important factor to consider. Doing it the way flipper did is irresponsible at best, and more realistically ethically corrupt. It’s been done though and you can’t put the cat back in the bag.
Now governments are trying to ban them, but when 100s of new clones come out I can almost guarantee governments are going to start doing increasingly silly shit to stop it. Do you think that giving every joker a key to any kia/Hyundai is going to lead to governments cracking down on security on the manufacturing side? Or do you think it’ll just give them a bigger excuse to make invasive laws? I’m pretty sure I know where it’ll lead and I seriously doubt it will be leveling laws against the poor old car manufacturers that donate to campaign funds…
If they knew that, they wouldn’t be banning the device instead of going after the car makers to make the cars more secure
So many reposts in this community…
hell yea holy shit, i must have read this same headline at least 10 times now
If you can steal a car with a Flipper Zero, then this is definitely not the fault of the Flipper Zero.