cross-posted from: https://lemmy.world/post/11789263
Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown
Sure, let’s ban everything we don’t understand and every tool that can be used to break into something. Next we’ll be banning rocks because they break windows and crowbars because they can be used to jimmy locks.
I think this is the first shot in the open war on technology, there has been a quiet push for years.
Automakers blame an RF toy for their own disgustingly poor security measures, and the government jumps to ban the toy. What happens when Bell declares that only criminals need a VPN to hide their traffic, or Rogers decides that only a hacker would ever need to have server in their home? How about a more general case, cordless angle grinders and sawzalls are the fastest way to steal catalytic converters from cars, how long before they are subject to a ban or can only be sold to “approved” persons?
There’s unironically been calls to ban pointed knives in the UK because they get used in crimes.
Let’s instead declare public enemy number one as the asshat marketers that took away our physical keys and forced us to use poorly secured dongles.
Its really no worse than it was with keys. The flipper zero only works on very cheap, corner cutting simple systems. A lot of cars (and all cars should) use non-repeating codes so a simple interception is useless. That doesn’t make them invincible of course.
Those cars would, back in the day, use simple corner cutting keys to be secured. There were quite a few cars back in the day that would have only a very small number of keys meaning there was a mon-trivial chance of you running into a car that you could open that wasn’t your own. There are countless stories of people accidentally unlocking and getting into cars that are not there’s.
Here’s a concrete example, there are only about 5000 different keys for some brands of Toyota. A car thief could get 10keys and try 10cars a day (and remember this would take a minute or 2 and not really look suspicious) and successfully steal a car every 2 months or so. A dongle pretty decisively kills this avenue of attack. But like all things shitty engineering opens up new attacks, although on the whole it’s a lot harder to steal a car today than before dongles.
Agreed! It’s actually pretty easy to make a car not start - that is in fact the default behavior for a large chunk of metal. The fact they will start given whatever fixed input is incredibly unnecessary.
Edit: Apparently they don’t? It’s in the article. This announcement is just totally misaimed.
Dont all cars still have physical keys (necessary for dead batteries)?
And don’t all cars have a switch to turn off wireless keys?
I can most assuredly tell you that that is not the case, my vehicle does have a physical key hidden away in the fob, it however only unlocks the driver side door, that’s it.
Smh… Lol this is how you end up with widespread vulnerabilities in everything.
Seems more to me like vulnerabilities are widespread in everything, and this thing ended up being made to exploit them?
*edit
Wait, did you mean the same thing I said? Phrasing wasn’t clear to me.
This is made to exploit them in the same way a knife is made to cut. It can be used for harm (although is a very weak, outdated tool for it that intentionally knee-caps this use) or it can be used for good, where it is a basic, unspecialized option that anyone can make or aquire. Like if the government tried to stop violence by banning knives, a ban would have little impact except on the least committed individuals (IE not organized crime) while being an annoyance to normal people by focing them to sharpen their own metal plates rather than buying them pre-made.
If they actually want to stop these crimes, more reasonable courses of action might be tracking what is shipped, acting on reports of stolen property, trying to impede large-scale organized crime when it is found, or requiring that vehicles maintain security protocols that take into account the existance of computers outside the vehicle.
OK, sure. I appreciate that explanation but I wasn’t unsure about how ways the Flipper Zero or devices like it might be used (just as I’m aware there are reasons for and against the existence of backdoors in software). Based on your response, did you think I was in favour of banning it? I never intended any value judgments about how it might be used, but perhaps some people are reading into my use of the term “exploit” even though it’s not always a negative term.
I added the edit above because I was trying to figure out the intended meaning of the comment I was replying to, since it didn’t make sense to me. Probably it’s just awkwardly worded and that threw me off, since it doesn’t make sense otherwise.
Wow, I check back to see if clarification is available and now I have downvotes? People really are getting meanspirited on here.
Yeah I’ve started to notice people are engaging in less good-faith conversation than when I first joined Lemmy last summer.
I think a lot of ex-reddit users, after the initial excitement and novelty of the migration to Lemmy, eventually slipped back into their bad habits from reddit. Reminds me of this this blog post denouncing the unhealthy behaviours that are all too common of online discourse.
So basically, the government doesn’t care about the issues and doesn’t plan to do anything about it.
Nah, the politicians asked around, the automaker lobbyists blamed the device, some intern-slave wrote a halfass bill, and no one cared to stop fundraising as little power prostitutes long enough to question it.
Of course, they don’t work on vehicles with rolling codes like, you know, all of them since the 90s. But don’t let the facts get in the way of a good do-nothing press opportunity.
How are people even stealing cars by fob, then?
Edit: It’s in the article. By using the fob + an amp or cracking the codes like big boys, neither of which this can do. Flipper Zero should sue the government for defamation.
Yah, they just repeat the signal from a fob near a wall to hit the vehicle, which is now set to always open if the key is near enough. It’s a stupid setup that’s ripe for abuse like this, instead of just having the user press a button like they did before. That would have been impossible to exploit, but convenience always trumps security.
