The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.
The Flipper Zero is a portable and programmable pen-testing tool that helps experiment with and debug various hardware and digital devices over multiple protocols, including RFID, radio, NFC, infrared, and Bluetooth.
Users have been demonstrating Flipper Zero's features in videos shared online since its release, showcasing its capacity to conduct replay attacks to unlock cars, open garage doors, activate doorbells, and clone various digital keys.
"Criminals have been using sophisticated tools to steal cars. And Canadians are rightfully worried," Canadian Industry Minister François-Philippe Champagne tweeted on Wednesday.
"Today, I announced we are banning the importation, sale and use of consumer hacking devices, like flippers, used to commit these crimes."
Champagne's announcement comes after a national summit on combatting auto theft hosted this week by the Government of Canada in Ottawa, Ontario.
According to the Canadian government, around 90,000 vehicles (or one car every six minutes) are reported stolen every year, with car theft resulting in $1 billion in annual losses, including insurance costs for fixing and replacing stolen cars.
The figures shared by the Canadian government when describing the car theft surge currently impacting Canada align with the most recent data shared by the Statistics Canada government agency, which shows an increasing number of car theft reports since 2021.
Canadian police also reported that motor vehicle theft had the most significant impact on an increase in the national Crime Severity Index in 2022.
The Canadian government's Innovation, Science and Economic Development (ISED) department (and the country's industry and commerce regulator) says that it will "pursue all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with law enforcement agencies."
Flipper Devices: Cars built after the 1990s are safe
While the Canadian government insists that the Flipper Zero is one of the reasons behind the current surge of car thefts in the country, Flipper Devices, the company behind the devices, says the gadget can't be used to steal vehicles built within the last 24 years.
"Flipper Zero can't be used to hijack any car, specifically the ones produced after the 1990s, since their security systems have rolling codes," Flipper Devices COO Alex Kulagin told BleepingComputer.
"Also, it'd require actively blocking the signal from the owner to catch the original signal, which Flipper Zero's hardware is incapable of doing.
"Flipper Zero is intended for security testing and development and we have taken necessary precautions to ensure the device can't be used for nefarious purposes."
Amazon has also banned the sale of the Flipper Zero since April 2023 for being a card skimming device after the Brazilian National Telecommunications Agency began seizing incoming Flipper Zero purchases in March 2023 due to its alleged use by criminals.
Comments
EndangeredPootisBird - 4 months ago
Classic, a penetration testing tool used more for crime than for legitimate purposes
Jimscard - 4 months ago
Except it can’t do most of the things described in the article. It’s true that people post staged videos on tiktok showing them doing all sorts of things that it can’t do.
PK88 - 4 months ago
After reading the article I looked around for more information on Flipper and it appears that there are versions of custom firmware that can be installed in place of the manufacturer’s firmware. Are the safeguards that prevent bad actor use in the hardware or the firmware, and if the latter, is that the problem? Is there freely available firmware that defeats that safeguards and allows Flipper to easily assist in doing things that are illegal?
h_b_s - 4 months ago
You're quite literally asking the impossible. You can't prevent people taking hardware they own, especially any open hardware platforms INCLUDING laptops, and using it for nefarious purposes. That's like admonishing people that own a hammer not to use it to bash someone's head in or we'll ban all hammers! Then ban rocks cuz they can be used in place of hammers, or axes or crowbars or... IT WON'T WORK, and neither will this ban. You're asking the wrong questions with the skill of a politician yourself because you apparently don't understand how open hardware and software platforms work. The genie never had a bottle to begin with to be put back into.
Canada is being performative. They're talking about banning a tool that has many uses based on hysteria and false information distributed on social media without bothering to inform themselves what it can and can't do. Likewise, they're conveniently ignoring the real problem - car manufacturers that make these vehicles such that they're trivial to break into and steal with minimal skill needed. I don't need a Flipper (mostly because a Flipper can't actually do this as I'm reasonably sure it doesn't have an SDR xcvr) to break into just about any vehicle with a wireless key fob, just a laptop and an SDR transceiver - good luck banning those. Crooks are going to crook. The reason car thefts are up is because the car mfgs ignore basic signals authentication security practices. The fault is theirs, not the people that make Flippers. It's like car mfgs live in a world all their own where everyone can be trusted to be nice and good.
Flipper owners and other hackers are easily demonized by governments because to the common citizen there's an element of mystery surrounding what they do. Mystery is easily turned to fear and loathing. That makes hackers the easy political & social scapegoat they've always been. Car manufacturers, on the other hand, have deep pockets with well funded lobby firms working for them with considerable intelligence on where the politician's skeletons are hiding. Picking a fight with the car manufacturers (and other pseudo-security firms) is considerably more costly both on a political and personal level. Go figure who *politicians* are going after, the ostensibly powerless, or the well moneyed and heavily defended?
cachaca - 4 months ago
"Flipper Zero can't be used to hijack any car, specifically the ones produced after the 1990s, since their security systems have rolling codes...."
quite limited, then....
Jimscard - 4 months ago
It also can’t “skim cards” and the pre-1990 cars have physical key locks and ignitions that can be hot wired. Not that anyone is particularly interested in stealing them.
Maybe Canada should ban screwdrivers and hammers, too, since those are used to smash windows, bypass ignition locks etc. too.
h_b_s - 4 months ago
It's more nuanced than black and white like that. Yes they have rolling codes, but those codes often repeat in predictable patterns. They aren't strong cryptographic hashes that are never reused. This is why certain Kias and Toyotas are trivial to break into. Attackers are just replaying past intercepted signals and they open right up. That's just one example of weaknesses in these vehicle's security systems. You'd think if you're spending $30k+ on a vehicle they'd at least bother to spend $50 on microchips that can manage cryptographic hashes and be able to rotate/revoke the private keys when necessary.
Sgtkeebler - 4 months ago
And just like that everyone who bought a flipper zero in Canada just became rich. Now you are also going to have a surge of people in Canada who are going to rush out to buy them as well.
daymanight - 4 months ago
This is just fear mongering while also just being a token gesture to make it seem like action is being taken. As others have mentioned that you can't use a flipper to steal cars because as soon as you capture a fob code you immediately desync the key and the flipper will immediately be out of sync (as it has the "current" code, and not the next valid one). And anyone knowledgeable enough to implement the proper rolling code algorithm isn't using a flipper. They're using custom hardware to capture the codes and programming new fobs.
Edit: grammar
cachaca - 4 months ago
"This is just fear mongering while also just being a token gesture to make it seem like action is being taken."
or as cops like to say: abundance of caution.
Tizio - 4 months ago
Nice! Now also ban cameras and copy machines since they too are excellent at helping someone break into pre-2000s vehicles! Heck, unlike the Flipper you can also use them to make a key that will let you drive it away! They are a clear and present danger!
Elastoer - 4 months ago
I have an old Edsel in my garage that they are more than welcome to steal. I'd even pay them $50 for the favor.
AutomaticJack - 4 months ago
Reported that so far - there have been zero official reports of a flipper assisting car thefts in Canada.
Sounds like a random banning that won't help end users or something to give them a false sense of hope the gov is doing something about the issue. Vs actually calling the auto industry out for their weak security.