Let’s ban a product instead of solving the issue at hand… Seriously? I hate my country more and more as each day passes
While this is seems a bit incompetent, it is easier for them to make technology less available than to fix the underlying issues here. They might set out to do both, but solving the underlying issues will take more time.
At least they’re trying to do the right thing, and they’re making an effort to deal with a problem that affects real people. Good on them.
The problem is they are banning a device that doesn’t solve the issue at all except if you have a car from before the 90s. The tools being used for this are custom made with a much larger range. Maybe they should ban smartphones too since people are using them to detect laptops in cars to break into since they are being stupid about it.
How do you use a phone to detect a laptop in a car? If it’s on, sure I get it but if the laptop is asleep or off I can’t see how a phone will detect it?
Most MacBooks keep Bluetooth on when in sleep mode. There isn’t even a setting to stop it, the only option is to manually turn Bluetooth off before closing the lid or to use 3rd party software to automate turning it off.
Article said they were using Bluetooth and a app on play store / app store I assume the app measures the signal strength to determine the proximity to the devices. Maybe some laptops don’t turn off Bluetooth in their sleep state or people just weren’t putting their laptops to sleep? Could pickup tablets or phones forgotten in cars too.
As he said, that only works if the device is on, which would be really odd in a car. I’m not aware of any that keep comms on in sleep, since those are typically high power draw.
There are various sleep modes and it looks like Bluetooth can be active during some of them.
The road to hell is paved with good intentions.
This is like banning usb cables so Hyundai/Kia cars won’t be stolen, instead of forcing the car manufacturer to just install an actual immobilizer on affected vehicles. Seeing Hyundai/Kia do everything but install immobilizers is infuriating as well. They’re rolling out software updates, giving out wheel locks, installing cages on the ignition panel, etc. Literally everything but fix the problem.
This is like banning usb cables
If USB cables were used almost exclusively for illegal and just generally anti social behavior.
I’d never heard of this thing, and it does sound fun, but this was the use case list from the paragraph calling it a “humble hobbyist device” doesn’t come across as very defensible:
People can use them to change the channels of a TV at a bar covertly, clone simple hotel key cards, read the RFID chip implanted in pets, open and close some garage doors, and, until Apple issued a patch, send iPhones into a never-ending DoS loop.
But also agreed on fuck those car companies that just don’t care and would rather weaponize the government than try to fix anything (without a subscription fee of course). Anti social behavior forced Kia to change their shitty grift of a product so 🤷
exclusively for illegal and just generally anti social behavior.
Except they aren’t. These devices are used for various non-illegal purposes and are actually helpful for pentesters so we can learn about potential vulnerabilities on wireless systems before they can be exploited by bad actors. The same way a usb cable is useful for transferring data and at the same time can be used for illegal stuff (like literally any hack where you connect to a device via usb). The worst part (and the article mentions it), is that it doesn’t even work on security systems on cars built since the 90’s. So they’re banning something that isn’t even a problem in the first place.
I totally get and agree this is a dumbfuck response to the problem they allege to be fixing, and hopefully their committee it whatever concludes the same, but the article didn’t mention any redeeming values for the device as you did
So the article is biased, and you swallowed it whole sale.
How so
More like hide the problem so no one knows about it. This is the entire locksmith ideology, security through obscurity and that has been working out great hasn’t it?
I don’t have any faith in our incompetent government to do anything right if it costs corporations money.
It won’t stop theives from being able to obtain them. And it’s a legit tool, should we ban all usb because they can be used to steal Hyundai and Kia cars?
It’s obvious there are flaws to car manufacturers theft protection. Shit watch LPL, lock noob, Bosnian Bill (hope you’re doing well brother) and you will see most locks are a fucking joke.
There are Defcon vids on YouTube that go over how cars can be hacked yet manufacturers are still using these systems
This device is probably not what a professional car thief would use. It may be used sometimes by someone messing around, but it’s a tool made for an introduction into different types of penetration (testing). It doesn’t do anything as well as a more dedicated device would, and it’s also not as customizable. If a car is vulnerable to this then it’s vulnerable to a lot more things. Also, if someone really wants to steal your car they don’t need this device specifically.
What does blackface Trudeau have to say on the matter I wonder.
Who gives a shit? He prob doesn’t know what it is or what it is used for either, and neither does his party apparently
I figure half the purpose of these sorts of devices is to prove just how insecure certain systems are to bring about change. Governments rarely have a good grasp on this sort of thing though. It’s not like banning the device will make anyone more secure.
Pick an issue. Literally any issue. Canada isn’t on the morally right side (with the exception of supporting Ukraine’s war for freedom).
People are fine. Landscape is amazing. Government at all levels needs to be gone. We’d be better off with actual criminal mobs running everything. They’d at least be competentYou should get those brain worms checked out
Ah yes banning the tool will 100% take care of the problem.
That’s the main issue here, the flipper isn’t useful in car theft
I guess it could steal maybe some 90s cars with remote fobs, but I don’t think it can do modern keyless entry cars in any useful way.
Not only that, you can easily buy more advanced car stealing tools that are made for this purpose from Chinese websites.
Clearly criminals who steal cars will DEFINITELY listen to this new law banning their tools.
That said, this is the argument that gun-owning cowards use, so does it fall under the “How do we stop this happening, says only country in the world where this happens regularly” category?
Probably a wise move to nip it in the bud
We just need to make crime illegal 👌
canada just streisanded me into obtaining one of these. i cant wait to play with it
even in its anger, canada helps. thanks!
I have one and I highly recommend the wifi card. I also have a slightly working Carbon Dioxide sensor - I say slightly because it’s readings are consistently off when compared to my Aranet. Supposedly there’s a way to calibrate, but I haven’t had time to dig into it further.
My only issue with the device is that I wish there were more tamagochi elements to the dolphin buddy.
tamagochi elements to the dolphin buddy.
hahaha thanks! i love the idea of the co2 sensor
The Wi-Fi card is a must in my opinion. Learning about EAPOL handshakes, hashing, cracking and list vs masks was an awesome use of some 200 hours. Obviously I only used hardware I own and configured, but boy do I feel like Mr. Robot lol.
I see how that might make sense to lawmakers. It does present itself as a problem. But the fact that it is a symptom of a security issue is the reason it shouldn’t be outright banned. I haven’t used the thing, but it has looked to me like a pretty snazzy multitool.
It’s like banning swiss army knives. I can see why it looks like it makes sense, but it really doesn’t.
The real problem is Flipper Zero is just a nicely packaged tool that can also br easily assembled with other off the shelf parts. And those parts alone can do many other things that should not be made illegal. The real solution should be from car manufacturers and ensuring that they don’t use tech that can be so easily hacked.
It reminds me of a lawmaker in one of the flyover states that wanted to make it illegal to look at the source code of a website.
Think about this for a second.
And realize that this twat is writing laws.
I had not heard of that one. Was it the “internet is full of tubes” guy?
No, it was a few years back when a researcher found that there was a plain text file of county employee social security numbers just sitting inside the JavaScript of a government website.
There are too many Google results from the upcoming election for me to sort through but suffice it to say, the guy was a class A idiot.
What’s wrong with that “a series of tubes” speech? It seems pretty accurate to bandwidth
Edit: Searched it up. The part that was wrong was him blaming email delays on bandwidth.
Happened around 2021-10-15:
Missouri Gov. Mike Parson said that his administration is pursuing the prosecution of a local newspaper reporter who alerted the government to website security flaws.
It’s in the following sources, at least: TechCrunch, NPR, NY Times
I don’t think so, but it was in response to some smart people developing their government website with the database stored basically in the HTML of the website if I remember correctly. A good Samaritan reported it and was basically charged with hacking the state.
The problem with this is that reading the generated HTML behind a page that has been served to your browser does not prove that data was stored in an HTML source file. The data is inserted into the page while it’s being served to the browser. That’s what the JavaScript does after it requests the data from the backend code, which gets the data from the database (or whatever storage is being used) and sends it back to the JavaScript, which puts it in the page.
Saving data in source HTML files would mean every possible combination of data anyone might request must be saved in its own separate file, which is definitely not how web development is done. Laws should not be made by people who don’t know what they’re talking about.
A good Samaritan reported it and was basically charged with hacking the state
Wait, really? What would I search to read more about this? Do you remember which state?
I remember hearing about this, so I tried searching for someone “being charged after reporting personal data exposed on a website”
Turns out, it’s Missouri, 2019, or another article on the same topic
Holy shit, that governor really made an ass of himself. He just kept doubling down lol
Thanks for the links!
It’s like banning swiss army knives
That’s why we went forth and banned everything swiss, army, or knive, altogether
Now I have to put holes in my own cheese using my own secret, illegal methods
Yes, this one right here, Mounties.
I’ve been watching flipper since it was announced. I should probably buy one and play with it.
All this is going to do is increase sales of the thing and probably increase the number of “kids” trying to break into cars. Streisand effect ftw.
I have one.
Its fun.
But on the subject of rolling codes, I was able to get through a security gate that relies on, essentially, a garage door opener.
The exploit relied on the ridiculously low amount of rolling codes it cycled through.
Capture one, and try it a few times to get through.
Cars are more robust. Despite tinkering with it for about 8 hours, I wasn’t successful with defeating it. That being said, I picked up the device, in part, to start messing around with various signals as an educational tool.
I really should get one. I should also grab the latest version of kali (if that’s still around), I haven’t played with that in a long time.
Kali is still around, I last did an install ~6 months ago, I think?
That got put on the back burner though, not because of the flipper, just life.
It is: https://www.kali.org/get-kali/
I should add this and flipper to the list of things to play with at some point soon.
This is the best summary I could come up with:
Presumably, such tools subject to the ban would include HackRF One and LimeSDR, which have become crucial for analyzing and testing the security of all kinds of electronic devices to find vulnerabilities before they’re exploited.
This slim, lightweight device bearing the logo of an adorable dolphin acts as a Swiss Army knife for sending, receiving, and analyzing all kinds of wireless communications.
People can use them to change the channels of a TV at a bar covertly, clone simple hotel key cards, read the RFID chip implanted in pets, open and close some garage doors, and, until Apple issued a patch, send iPhones into a never-ending DoS loop.
The price and ease of use make Flipper Zero ideal for beginners and hobbyists who want to understand how increasingly ubiquitous communications protocols such as NFC and Wi-Fi work.
Lost on the Canadian government, the device isn’t especially useful in stealing cars because it lacks the more advanced capabilities required to bypass anti-theft protections introduced in more than two decades.
The most prevalent form of electronics-assisted car theft these days, for instance, uses what are known as signal amplification relay devices against keyless ignition and entry systems.
The original article contains 617 words, the summary contains 195 words. Saved 68%. I’m a bot and I’m open source!
I can’t be the only person who reads “I’m open source” with the same cadence as “I’m on a horse” then hears the Old Spice jingle in my head, can I?
Well in any case, if you were the only one, you aren’t anymore.
There is nothing this thing can do that a dedicated hobbyist couldn’t replicate with parts bought off the shelf at a RadioShack, so where does the line get drawn
Clearly they should ban RadioShack… Wait…
We don’t have any Radio Shacks anymore 😞
I miss Radio Shack, but also I feel like toward the end there the workers wouldn’t even let me breathe.
Because they were desperate to cell cellular plans a d credit cards because nothing else in the store made money.
Ya but, you can’t steal cars with this unit.
If our politicians are not the laughing stock, they should be.
They’re too busy profiting from all of the illegal activity in this country. Organized crime is absolutely thriving in Canada because the people in charge are allowing it to occur.
Read everyone, this is hype, and Canada is being dumb on this one.
The Flipper Zero is also incapable of defeating keyless systems that rely on rolling codes, a protection that’s been in place since the 1990s that essentially transmits a different electronic key signal each time a key is pressed to lock or unlock a door.
Most of this reaction is due to staged videos on TikTok and politicians not understanding technology. Maybe they’ll stop a few joyriding kids, but car thiefs aren’t using F0s.
Isn’t it possible for someone to code a code-roller onto the flipper zero app store?
Probably possible but the thing would be running for hours or days to crack the code. That’s not really useful for a quick hack.
If so I’m sure someone can find this app and show its been done?
Politicians passing laws based on things they don’t understand?
Quelle surprise.
But also:
a protection that’s been in place since the 1990s
That’s not necessarily a guarantee, c.f. Hyundai and Kia’s lack of ignition locks.
Politicians passing laws based on things they don’t understand?
aka virtue signaling
Another way of saying that is moral grandstanding, which I kind of like better. I like the imagery of grandstanding, especially when describing politicians.
The lack of arrestors is the issue there and the company should be liable.
That’s not a thing in Canada. Our motor vehicle standards require immobilizers.
That’s because you all up there in America Lite hate capitalism, freedom, democracy, eagles, and baby Jesus.
With a jammer it’s definitely possible to bypass rolling codes with Flipper, but it’s only temporary and has limited usefulness
That isn’t bypassing rolling codes, that’s capturing a single code while preventing it from reaching the car.
And once the code is used once, or the fob gets a new code to the car, the previously captured code is useless.
This isn’t the same thing as bypassing rolling codes.
Hmm, I don’t know the precise terminology, I meant bypass as a way to temporarily get around the rolling code system without actually breaking the code itself. You’re probably right though
It’s pretty difficult, you need to get the rolling code from the fob, but you also need to jam it so it doesn’t reach the car.
Then you have one opportunity to replay the code before the holder of the fob hits the button in range and rolls the code over.
So even if you manage to set that up that only gets you in the car, it doesn’t get it started.
Yes correct, just pointing out that it is technically possible to get around the system
Can you even buy these without ending up on a list somewhere? Since its only sold online this feels like the kind of thing that gets you on a list
Ok I see why you guys might think this guy is being dumb, but having spent some time on Agora with all the honey pots, it’s not too crazy.
That said, it’s probably much less likely here my dude.
I know of a mattress company that you can only purchase from online.
The only list it gets you on is a mailing list about their mattresses.
Mattresses vs Contraband. I wonder if the government monitors web traffic to the contraband website.
“It’s really easy to duplicate keys for this car, let’s ban key makers.”
While we’re at it, let’s make theft illegal
How do you ban a device built with open source hardware and software anyway?
Tyrannically.
It’s hardly tyrannical. It’s a device meant to be used to steal cars. Not banning it would be seen as willfully ignoring part of the problem. They’re still ignoring the root cause of the problem, but they have to be seen attempting to govern. If they’re not banning the open source hardware, then we’re not living under the thumb of a tyrant.
Bro what are you talking about
It’s a device meant to be used to steal cars.
No, that’s a lie. It’s no different than saying that a VCR is “a device meant to steal movies.”
It’s called pretending to do something about the problem.
The way they get access is by amplifying a signal of a car key near the entrance to trick the car into thinking the key is nearby. Others do just pick the driver’s side lock. Then once inside, they connect to the vehicle and pair new keys so they can drive away in less than 10 minutes.
I’ve never understood the way modern cars just unlock without any button press, that seems really insecure. Some organized thieves probably aren’t even bothering with lock-picking and ignition hot-wiring these days as older cars would be low value to them. Oh and if a random crackhead really wanted something in the car they would probably just smash the window or pry the door anyway.
Cars that unlock without pressing anything or by pressing a button on the door look for the key that is bound to them. It is secure in that only a key programmed to the car can tell the car it is ok to unlock. They keys are authenticated with a rolling code that is synced between a car and key when the key is programmed to the car. Thieves clone the key’s signal and then the car has no idea that the fake key is not the real key.
You can’t hotwire a modern car. On a modern pushbutton ignition car the starting function is allowed through a security module that makes sure the key is there before starting. Pushing the button only asks permission to start the car and then the module is the one that tells the car to start.
Lock-picking a modern car can be done, but it is far easier to use a wedge and inflatable air bag to pry the door open enough to use a hooked tool to open the door from the inside. Nobody picks automotive locks anymore, a lot of the door locks can be ripped out and bypassed anyways. You can of course just break the glass, but it may sound an alarm. The F150 has a massive theft issue Ford won’t bother to address, the alarm can be disabled from outside the car using no tools whatsoever.
Once a thief has access to the inside of the car, they can program a new fake key using specialized software which is usually dealer level software but it can be done using 3rd party software. You can’t just ban all non-dealers from having the capability to reprogram keys, that is user-repair hostile and would mean you have to pay whatever the dealer wants to replace a lost or damaged key. Not to mention that thieves will still find a way to access dealer tools and keep on stealing anyways.
A lockout period wouldn’t accomplish anything, the original key still gets cloned and can be used to drive the car away. Once the stolen car is taken, the thieves have all the time they want to reprogram a key.
Enhancing security measures by using a more secure key authentication method will only go so far as to preventing theft and will add considerable costs to cars and key replacement. Thieves will catch up to any means of securing cars. A better solution is to improve economic prospects and enforce the current laws effectively to remove incentive to steal cars.
Your points are all valid and I agree with your suggestions. I still think every hour of delay is important to try to track down the car before it gets out of the country…
So compare an easy to steal car with a keyed ignition, with a modern push to start car. I don’t drive now but I used to drive the former. It wouldn’t sell for much in a used market or criminal market. Being stolen for use in a crime it may be more useful on the other hand. I don’t know if thieves looking for easy marks would go for that car over one with more modern tech…
Auto theft for sale in a foreign market or domestic is uncommon and mostly dealing with valuable or rare cars and typically happens within a gas tank of a international boarder. More common is for breaking down and selling parts, but that is still not that typical. Most auto theft is for personal use and to commit crime. The breakdown of types of thefts changes with area, so in America personal use or crime is more common than Europe where chopping or foreign sale is more common.
Most turn-key ignition cars can’t be hotwired either, they have immobilizers that require a security chip authentication within the key. Most of the cars that can be hotwired are from before 2005, after that they get rarer. If it has an all metal key, those definitely can be hotwired.
When it comes to tracking, by the time the car is located it is done being used. Most cars do not have any form of tracking that is accessible to law enforcement with cooperation from manufacturers. Modern cars with tracking can have their GPS or cell network disabled by pulling the right fuse with no impact on the drivability of the car. Aftermarket trackers are harder to disable if they are installed correctly and can lead to a faster recovery if the police move fast enough. Once the car is taken and the GPS fuse is pulled, they can keep the car indefinitely without fear of getting caught via tracking. If an aftermarket tracker is used, they just need to have the car in a place that will block the signal for long enough to disable it and then move the car again fast enough. Cops move slow, you can tell the cops where it is right now and they may not attempt recovery for hours.
Since the majority of auto theft is just looking for a car to ditch, in America, the easier to steal the better and it doesn’t matter what the car is. F150s and Kia/Hyundai are the most popular now because they are easy to steal and common as dirt but grabbing a 2022 Honda that is left running or grabbing the keys from a driver are popular options.
I call it virtue signaling. It’s the same idea, just a clearer term for it.
Do those mythical organized thieves really exist? I think 80+% of crimes are crimes of opportunity done by vulnerable people like crackheads, mentally ill, or other low income people.
Some of the initial carjackings may be opportunistic, but the people shipping the stolen cars out of the country are definitely organized.
Well you can address drug addiction and vulnerability to an extent but this is about autotheft? What do drug addicts or vulnerable low income people need 6497 stolen cars for? Those will probably be caught relatively easily anyway if they just drive in the area.
The thing is that they ship these cars overseas as quick as possible and for big money and nearly impossible to recover. You can’t do that as some lone Joe looking for your next blow, it’s a profitable criminal enterprise with multiple people taking part, to steal the cars, schmooze through the paperwork, get the cars in containers to ship, then receive payment at the other end.
Crimes of opportunity are not need based, they are want based. People take something because they want it and are unconcerned with the potential consequences of taking it. Even the cop quoted in your linked article admitted that 'Cars stolen for the purpose of committing another crime are not what’s behind the majority of thefts. ’
Nah, flip that around. What’s a random crackhead going to do with a stolen car? Vs an already-organized and knowledgeable business like a towing company who wants to add a lucrative side gig. That’s who’s doing catalytic converter theft, too.
I would say my OC at least applies to the people who get caught. Maybe not always to those who actually do the crime.
Some cars have that already and have had it since like 98 iirc.
Then what’s the manufacturer’s excuse for not having them on current models? It would prevent the “one and done” type of attacks, there’s at least a chance that any setup gets caught on camera before the car is stolen later?
Ford still does have program timeout, like I said some cars have had it some haven’t and I can’t and moreover won’t try to explain anyone else’s feelings.
Sounds like buying a bunch of Flipper Zero devices and selling them on the street corner is a great investment opportunity
WTB.
I’m in the US. PM me with your scalper prices.
The truth of the matter is, Canadian laws are intentionally non-sensical and intentionally don’t address the root cause of crime. Our country’s leaders are openly engaging in numerous large scale scams not the least of which is the stolen car market. How do you think alllllll of these stolen cars wind up in Africa and SE Asia? Shipping manifests, inspections, public awareness of the string of thefts. How does the government manage to always miss these blind spots do you think?
I’m no expert, but wouldn’t it be very expensive to ship a bunch of cars to a different continent? Particularly stolen ones?
Yea but not as expensive as shipping a bunch of cars and also paying full price.
A quick google tells me 90% of the legal trade is shipped by boat, so you are paying for the boat regardless.
Not really. Those don’t go on specialized car freighters, they’re just packed into a shipping container.
There is a good CBC Marketplace video where they went to Africa somewhere and found all these cars for sale, checked the gloveboxes and found the insurance papers, then called the people who’s cars were stolen.
Here it is: https://youtu.be/gshyozP-GY8?si=oSVlA9MqVq8NVlo-
At least the article did a good job of calling this ban the bullshit it is.
