- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.
“Flipper Zero can’t be used to hijack any car, specifically the ones produced after the 1990s, since their security systems have rolling codes,” Flipper Devices COO Alex Kulagin told BleepingComputer.
"Also, it’d require actively blocking the signal from the owner to catch the original signal, which Flipper Zero’s hardware is incapable of doing.
Just politicians trying to appear to be doing something so they can keep their jobs.
Yes, but even if the base model hardware is incapable of doing something, someone savvy enough could modify it. It’s the same logic they use to ban AR-15s in some states in the US. By default, all civilian ARs are built to fire in semi-auto only, BUT, a knowledgeable individual can make it fire in full auto if they drill a hole in the lower receiver in just the right spot.
Edit: Okay, I’m getting roasted for pointing out that no system is 100% secure against malicious actors? Perhaps you’re missing my point that I disagree with banning Flipper Zero and fully believe it’s Canadian politicians looking like they’re doing something, regardless of whether or not it will actually work.
Yes, but even if the base model hardware is incapable of doing something, someone savvy enough could modify it.
Which negate the whole point of the discussion.
If someone can modify it, the same someone does not need it.
Good point in general, but, what they’re specifically talking about here (rolling codes), perhaps what they should have said is that no one can (feasibly) do it, not just that their hardware isn’t capable.
Edit: Oh, for the blocking signal, that part might be functionality that could be added, I see what I think you’re saying there. Still, that would be a step towards it, but it would still require serious hardware to crack a private key, as I understand.
Are people downvoting this because you made a fair comparison between something they like (flipper) and something they don’t (guns)? Like are you being downvoted out of cognitive dissonance?
deleted by creator
I bet that car thieves also wear shoes, do something about it!
They probably also drink water
Dihydrogen monoxide?
Monoxide means one oxygen which means free radical, which is basically what car thieves are too. So you’re right, clearly all this wanton consumption of this chemical must be stopped.
And drive cars!!
Lol. You better just ban all programmable boards then, because the Flipper doesn’t have any special proprietary or differential tech in it. It’s just a clever collection of already existing hardware and software. Someone will just make another immediately. Idiots.
I don’t disagree with your point, but the flipper zero for sure lowers the bar of entry. Before the flipper came out the, “You must be this tall to ride” required some pretty good knowledge of microcontrollers, hardware peripherals, and software engineering. The people that had that sort of knowledge tended to actually have paying jobs, which is like the biggest factor in not being a street criminal.
The flipper made the barrier of entry at about the level of being able to operate a TV remote which any dipshit can do. However, the fact that the flipper exists at all means that the cat is out of the bag. As you said, someone else is just going to come along and release a similar product. You can’t just ban the flipper and expect it to have any impact. My concern is they will decided to make certain code illegal, which gets really stupid.
Barrier to entry to do what? They can’t be used for vehicle theft because you can’t replay attack a rolling code, which is what all vehicles use.
The current attack is to use a repeater to amplify a fob that’s close enough to an outside wall to hijack and open these “get close enough and the doors open” locks.
Ask Kia/Hyundai owners how it can’t be used. There’s for sure cars that are susceptible to this attack still driving around, and the barrier to entry for executing the attack was lowered substantially. It’s like if you made an out of the box pentesting tool that was highly effective at breaking into vpns, identifying high value targets, and downloaded those high value database’s data at the click of a button.
https://nvd.nist.gov/vuln/detail/CVE-2022-37418
https://www.caranddriver.com/news/a43941743/hyundai-kia-vehicle-theft-settlement/
https://www.theverge.com/23742425/kia-boys-car-theft-steal-tiktok-hyundai-usb
The Flipper is literally just an ends to a means. An easily accessible action for hardware. Nobody is stopping any random person from buying a number of $3 dongles for their laptop and using it in the exact same way.
Yes but the flipper requires zero base knowledge to use it whereas setting up the hardware, installing the software, and troubleshooting any issues takes about the same amount knowledge as a helpdesk gig in IT. Again, I don’t think making them illegal does shit. I do think it’s rather obstinate to not acknowledge that the barrier for entry to execute those attacks was lowered substantially by the flipper though.
If they knew that, they wouldn’t be banning the device instead of going after the car makers to make the cars more secure
Lmao how are they gonna word that bill? Sorry guys, if you play with electronics you’re a hacker!
Images failing to load
All this guys images are
It seems he’s…
(•_•)
( •_•)>⌐■-■
(⌐■_■)
unreachable.
That’s odd, I can see them.
So many reposts in this community…
hell yea holy shit, i must have read this same headline at least 10 times now
If you can steal a car with a Flipper Zero, then this is definitely not the fault of the Flipper Zero.
Jfc, politicians are idiots.
Yea, I got a drawer full of various programmable boards, I guess I’ll go straight to jail.
Solving the problem forever!
I saw this on Mastodon the other day and started digging into it. Seems like a really cool project although the chip they used appears inferior to the ESP32? I found a few similar projects based on the ESP32 but they seem to be limited to wifi/bluetooth captures only with the possibility of other options if you swap out the firmware. This makes me question why the ESP32 with 4MB of flash cannot do much more than the Flipper Zero with its 1MB of flash and a CPU that runs at 1/3 the speed (or less) and only a single core? Anyone have some ideas, and/or have seen other open projects based on the ESP32 that do all and more that the Flipper Zero can do?
You’re comparing a microcontroller to a purpose built device. Its apples and oranges.
There are add ons to the flipper that incoporate an esp running maurader firmware for wifi tools
Yeah I saw there was the add-on board for wifi testing, but it seemed like this plugs in externally and isn’t a normal part of the toolkit? So if the Flipper itself isn’t performing the wifi test then I guess I don’t see why the ESP32 couldn’t just add in everything else the Flipper does? All the other hardware I saw, for IR, NFC, RFID, and one-wire connections… that could all easily also be added to the ESP32 with pins to spare, so what am I missing?
…the same reason you don’t see Sony releasing every PS5 with a dev board. Of course you can extend the ESP32 or whatever microcontroller to do anything the Flipper can. That’s obvious. Go search around on GitHub there are thousands of projects you can do with the ESP32 that will have the FBI making a personal visit to your house. The whole point of the Flipper is it’s turnkey and makes it easy for people that are less skilled or don’t have the patience to do all that.
Gotcha. Yeah I have plenty of experience with getting circuit boards made and even working with SMD parts (actually working on some boards right now) so I tend to forget that not everybody just has this stuff lying around. Maybe the hardware is the limitation preventing a lot of ESP-based clones of flipper from being available out there.
Meshtastic commes to mind, it allows you to set up an offgrid communications network that can mesh with other devices and allow you to send messages through the netork.
The ESP32s are nice chips, but the STM32s are also really nice to work with and will work fine for this task. Changing to an ESP32 wouldn’t make any real difference to the user so the choice is moot really.
I’ve designed products around both CPUs and they’re both pretty nice. The STM32 has somewhat better documentation, has cleaner low power modes and is a bit simpler when delving into the nitty gritty details. The ESP is more powerful and has some nice if complex features but I don’t like its low power handling as much.
Overall I think I’d choose the STM32 for this task since it’s a little easier to make small, battery powered devices with it.
From the limited reading I’ve done on the subject, it seemed like a lot of power in the Flipper was based around wireless testing (both wifi and bluetooth) although I also saw a number of things based around other bands. I guess I’m just not following why this was considered an add-on when the ESP32 has all that stuff built in already (and you can certainly shut down the radios to save power when you’re not using them)? Plus it also includes native support for other popular busses like I2C, I2S, and CAN so it seems like it could be useful for sniffing out what’s attached to a lot of different types of connections. Maybe I’m just straying outside the realm of basic pentesting, the idea just caught my attention about how handy it might be to have a small device that could work with a lot of different types of electronics.
The STM32WB55 in the flipper has a versatile wireless peripheral built in which can be used to implement various protocols including Bluetooth, zigbee, etc… Support for I2C, I2S and CAN is pretty standard stuff - the ESP32 is nothing special in these respects.
Maybe they chose the STM32WB55 because its wireless support is more flexible than the ESP32 and allows them to implement a wider variety of protocols? Or possibly just better documented, giving them the chance to do things they can’t on the ESP32? I haven’t compared the inner workings of the two chips’ wireless support so I can’t say for sure.
Hmm interesting. I’ll have to dig more into this chip to see what it’s about. I know the ESP32 is usually avoided when battery life is a high consideration, I haven’t really played around with anything other than a few ardunos and the ESP8266 so I don’t have much to compare it with. I guess I’ve just seen so many projects where someone tagged on an ESP chip to an arduino project just to get wireless capabilities with no understanding that the ESP series is quite a lot more powerful than the arduinos (some people I’ve talked to literally had no idea the ESP chips were programmable microcontrollers) so it’s easy to jump the gun and assume that’s what is happening in other projects also.
Probably just a matter of writing the right firmware and building the right hardware. I don’t think anything is stopping you from doing that.
The problem with microcontrollers is that code isn’t easily portable, so this device is stuck with its hardware.
Yeah I wasn’t too concerned about the hardware side of things, I was just curious about finding software because I don’t really know anything about pentesting. Guess I’ll keep looking around.
deleted by creator