The Canadian government wants to ban Flipper Zero-type hacker tools to combat car theft

During a recent national summit for combatting car theft, a Canadian government official, François-Philippe Champagne the Minister of Innovation, Science and Industry announced that the country aims to ban devices such as Flipper Zero, due to their use in car theft. 

In the press release, the Canadian government states that it is “Pursuing all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with law enforcement agencies.”

We reached out to Flipper Devices for comment and the response to the claim that Flipper Zero could be used to steal a car is something that Flipper Devices COO Alex Kulagin denies. “Flipper Zero can’t be used to hijack any car, specifically the ones produced after the 1990s, since their security systems have rolling codes. Also, it’d require actively blocking the signal from the owner to catch the original signal, which Flipper Zero’s hardware is incapable of doing,” said Kulagin. “Flipper Zero is intended for security testing and development and we have taken necessary precautions to ensure the device can’t be used for nefarious purposes.”

We’ve seen Flipper Zero being used to emulate RFID and NFC devices, but these are “dumb” devices when compared to car security systems. The rolling codes used in modern car security mean that a thief would need to intercept the user pressing the fob, capture the code, and then use it at a later date.  Flipper Zero is not able to block the signal. For that you would need a device from a nefarious source.

South of the U.S. / Canadian border, the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) analyzed Flipper Zero’s abilities and produced the following statement.

“The popular, in-demand hacking tool went viral on TikTok in late 2022 and can be used as a positive, legitimate, and convenient way for pentesters and curious minds to learn about, access, and dissect signals and protocols. Demand continues to increase, limiting the supply and causing consumers to engage third-party vendors selling the product at higher costs. Threat actors are leveraging the high demand and low supply by impersonating social media accounts and official Flipper Zero vendor websites to interact with and lure potential customers into paying with cryptocurrency without actually sending them the device. Additionally, most of the posted TikTok videos reportedly may have been staged and provided misinformation, as most modern wireless devices are not vulnerable to simple replay attacks.”

Will blocking the sale of Flipper Zero and other devices put a significant dent in the number of car thefts in Canada? Probably not. Co-Founder of Cygenta and former head of Cyber Research for Raythen, Freakyclown, thinks that this will “stop innovation of security research and stem security getting better.” Freakyclown also states that banning the devices won’t stop criminals from buying them “because… *checks notes* criminals do not care about the law!” We’ve reached out to Freakyclown for further comment and this story will be updated once we have it.

See more

Thinking of taking your Flipper Zero on your next flight? Then make sure that it is in the hold, and not in your hand luggage. As reported by The Daily Dot, Vitor Domingos’s Flipper Zero was seized by security at London Gatwick airport. During a conversation with airport security, which went “downhill”, Domingos’s Flipper Zero was handed over to the police, who have yet to return it.

Flipper Zero is a “portable multi-tool device for geeks” and has more in common with a Swiss Army knife than a specialized theft tool. If you are into cyber security, as a hobby or as a career, then its abilities and apps will give you the tools to audit your devices, and those of your clients. With the base device one can read RFID, NFC and many other sub 1 GHz radio devices. Bluetooth and Infrared and also well catered for, along with a basic GPIO which is compatible with the Raspberry Pi and Arduino type boards.

This post was originally published on this site