• jonw
    link
    fedilink
    English
    14 months ago

    The problem, of course, is distinguishing between harmless and harmful use. There are painfully few things that are objectively good or bad.

    • InEnduringGrowStrong@sh.itjust.works
      link
      fedilink
      English
      14 months ago

      Hey, I’ve seen your deleted post about trying to seed your instance.
      You seem to be the admin of a new instance.
      By default, your instance won’t see any remote communities content until someone subscribes.
      Which is kind of a catch 22, because you kinda have to know about it to subscribe.
      To browse for communities:
      https://lemmyverse.net/communities
      You can then use your instance’s search bar to fetch it initially in order to subscribe to it yourself.
      Which you’ve likely already done for this one.

      There’s also a tool that can do this for you:
      https://lemmy-federate.com/ (which was formerly known as communityboost)
      Then again it may subscribe to things you aren’t interested in, so that may or may not be for you.

      Cheers, welcome and good luck.

  • @cheet@infosec.pub
    link
    fedilink
    English
    1401 year ago

    Im a security professional who works to harden medical devices. I use the flipper zero to easily test many different protocols that would be a pain in the ass to do “manually”.

    The flipper makes it easy for me to verify IR, sub GHz, USB, SPI, and many other protocols while being able to walk around the devices I test.

    Without the flipper I could totally do these checks with homebrew tools, a pi and an rtlsdr (unless thats gonna be illegal too?) But it would take me writing new tools and procedures rather than the ease of the flipper.

    Anybody in the know can tell you that the hardware isn’t anything special, and like many others have said, its like making a swiss army knife illegal cause the toothpick can be used to pick a lock.

    This isn’t gonna stop anybody, if pentest tools are showing flaws in your product, maybe we should send flippers to the car manufacturers and tell them to fix their shit. You shouldn’t be allowed to sell a car that can be wirelessly hacked like this, just like how the FDA doesn’t let you sell medical devices that can be hacked like that.

    You don’t just put the cat back in the bag…

      • @go_go_gadget@lemmy.world
        link
        fedilink
        English
        471 year ago

        I remember when they had the same conversations about packet sniffers.

        Turned out the answer was to use encryption and switches.

    • sebinspace
      link
      fedilink
      English
      31 year ago

      My girlfriend has a medical implant for her gastroparresis. How concerned should we be? If that device shuts off, she can’t eat, and there’s only a handful of doctors in the country that can work on it, and the one that sees her is often booked two weeks out

      • @cheet@infosec.pub
        link
        fedilink
        English
        101 year ago

        The thing is, if there’s a wireless exploit/hack that can cause “patient harm” the FDA+Health Canada would force a recall the sec its publicly known.

        The flipper wouldn’t be the only thing able to exploit it, anybody with a radio and some software would be able to. It just so happens the flipper can also do it cause its a swiss army knife and has a general purpose radio.

        Generally by the time an attack exists on the flipper, its already been mastered on laptops and raspberry pis and stuff, putting it on the flipper is more to make it available to test easily without having to lug out the laptop. Nobody is inventing new exploits for such underpowered hardware as the flipper. People are porting known exploits to it.

        I can’t say how concerned you should be, but this won’t make her any safer than before, equal risk. Just as likely someone with a laptop in a backpack doing that. We don’t make laptops illegal tho.

        What I would be concerned about is the idea that the company that makes the implant would not be able to easily test for issues in the implant with such an “illegal” device. Yes they could use a laptop, but you don’t use an xray machine to find a stud, you use a handheld studfinder cause its cheap and easy.

        Hope that helps explain a bit

        • sebinspace
          link
          fedilink
          English
          01 year ago

          the flipper wouldn’t be the only thing able to exploit it

          No, and I never once thought these capabilities were unique to the Flipper. My concern is how much it lowers the barrier of entry to potentially dangerous behavior. When people say they got one “just to be evil”, it’s deeply concerning. If someone said the same thing about a gun, something else that can be dangerous and needs to be handled responsibly, I’d be notifying someone. It’s not the capabilities themselves, it’s how accessible it makes those capabilities to the otherwise-inept

  • fmstrat
    link
    fedilink
    English
    1811 year ago

    Read everyone, this is hype, and Canada is being dumb on this one.

    The Flipper Zero is also incapable of defeating keyless systems that rely on rolling codes, a protection that’s been in place since the 1990s that essentially transmits a different electronic key signal each time a key is pressed to lock or unlock a door.

    Most of this reaction is due to staged videos on TikTok and politicians not understanding technology. Maybe they’ll stop a few joyriding kids, but car thiefs aren’t using F0s.

    • Billiam
      link
      fedilink
      English
      741 year ago

      Politicians passing laws based on things they don’t understand?

      Quelle surprise.

      But also:

      a protection that’s been in place since the 1990s

      That’s not necessarily a guarantee, c.f. Hyundai and Kia’s lack of ignition locks.

      • @centof@lemm.ee
        link
        fedilink
        English
        181 year ago

        Politicians passing laws based on things they don’t understand?

        aka virtue signaling

        • @BearOfaTime@lemm.ee
          link
          fedilink
          English
          81 year ago

          Another way of saying that is moral grandstanding, which I kind of like better. I like the imagery of grandstanding, especially when describing politicians.

      • Baggins [he/him]
        link
        fedilink
        English
        61 year ago

        That’s not a thing in Canada. Our motor vehicle standards require immobilizers.

        • Billiam
          link
          fedilink
          English
          41 year ago

          That’s because you all up there in America Lite hate capitalism, freedom, democracy, eagles, and baby Jesus.

    • @Player2@lemm.ee
      link
      fedilink
      English
      61 year ago

      With a jammer it’s definitely possible to bypass rolling codes with Flipper, but it’s only temporary and has limited usefulness

      • @KairuByte@lemmy.dbzer0.com
        link
        fedilink
        English
        151 year ago

        That isn’t bypassing rolling codes, that’s capturing a single code while preventing it from reaching the car.

        And once the code is used once, or the fob gets a new code to the car, the previously captured code is useless.

        This isn’t the same thing as bypassing rolling codes.

        • @Player2@lemm.ee
          link
          fedilink
          English
          11 year ago

          Hmm, I don’t know the precise terminology, I meant bypass as a way to temporarily get around the rolling code system without actually breaking the code itself. You’re probably right though

      • @Takumidesh@lemmy.world
        link
        fedilink
        English
        61 year ago

        It’s pretty difficult, you need to get the rolling code from the fob, but you also need to jam it so it doesn’t reach the car.

        Then you have one opportunity to replay the code before the holder of the fob hits the button in range and rolls the code over.

        So even if you manage to set that up that only gets you in the car, it doesn’t get it started.

        • @Player2@lemm.ee
          link
          fedilink
          English
          21 year ago

          Yes correct, just pointing out that it is technically possible to get around the system

    • Aatube
      link
      fedilink
      7
      edit-2
      1 year ago

      Isn’t it possible for someone to code a code-roller onto the flipper zero app store?

  • @n3m37h@lemmy.world
    link
    fedilink
    English
    2111 year ago

    Let’s ban a product instead of solving the issue at hand… Seriously? I hate my country more and more as each day passes

    • sab
      link
      fedilink
      251 year ago

      While this is seems a bit incompetent, it is easier for them to make technology less available than to fix the underlying issues here. They might set out to do both, but solving the underlying issues will take more time.

      At least they’re trying to do the right thing, and they’re making an effort to deal with a problem that affects real people. Good on them.

      • edric
        link
        fedilink
        English
        1021 year ago

        This is like banning usb cables so Hyundai/Kia cars won’t be stolen, instead of forcing the car manufacturer to just install an actual immobilizer on affected vehicles. Seeing Hyundai/Kia do everything but install immobilizers is infuriating as well. They’re rolling out software updates, giving out wheel locks, installing cages on the ignition panel, etc. Literally everything but fix the problem.

        • @BossDj@lemm.ee
          link
          fedilink
          English
          -491 year ago

          This is like banning usb cables

          If USB cables were used almost exclusively for illegal and just generally anti social behavior.

          I’d never heard of this thing, and it does sound fun, but this was the use case list from the paragraph calling it a “humble hobbyist device” doesn’t come across as very defensible:

          People can use them to change the channels of a TV at a bar covertly, clone simple hotel key cards, read the RFID chip implanted in pets, open and close some garage doors, and, until Apple issued a patch, send iPhones into a never-ending DoS loop.

          But also agreed on fuck those car companies that just don’t care and would rather weaponize the government than try to fix anything (without a subscription fee of course). Anti social behavior forced Kia to change their shitty grift of a product so 🤷

          • edric
            link
            fedilink
            English
            541 year ago

            exclusively for illegal and just generally anti social behavior.

            Except they aren’t. These devices are used for various non-illegal purposes and are actually helpful for pentesters so we can learn about potential vulnerabilities on wireless systems before they can be exploited by bad actors. The same way a usb cable is useful for transferring data and at the same time can be used for illegal stuff (like literally any hack where you connect to a device via usb). The worst part (and the article mentions it), is that it doesn’t even work on security systems on cars built since the 90’s. So they’re banning something that isn’t even a problem in the first place.

            • @BossDj@lemm.ee
              link
              fedilink
              English
              -201 year ago

              I totally get and agree this is a dumbfuck response to the problem they allege to be fixing, and hopefully their committee it whatever concludes the same, but the article didn’t mention any redeeming values for the device as you did

      • @n3m37h@lemmy.world
        link
        fedilink
        English
        161 year ago

        It won’t stop theives from being able to obtain them. And it’s a legit tool, should we ban all usb because they can be used to steal Hyundai and Kia cars?

        It’s obvious there are flaws to car manufacturers theft protection. Shit watch LPL, lock noob, Bosnian Bill (hope you’re doing well brother) and you will see most locks are a fucking joke.

        There are Defcon vids on YouTube that go over how cars can be hacked yet manufacturers are still using these systems

      • @seang96@spgrn.com
        link
        fedilink
        English
        311 year ago

        The problem is they are banning a device that doesn’t solve the issue at all except if you have a car from before the 90s. The tools being used for this are custom made with a much larger range. Maybe they should ban smartphones too since people are using them to detect laptops in cars to break into since they are being stupid about it.

      • Cethin
        link
        fedilink
        English
        3
        edit-2
        1 year ago

        This device is probably not what a professional car thief would use. It may be used sometimes by someone messing around, but it’s a tool made for an introduction into different types of penetration (testing). It doesn’t do anything as well as a more dedicated device would, and it’s also not as customizable. If a car is vulnerable to this then it’s vulnerable to a lot more things. Also, if someone really wants to steal your car they don’t need this device specifically.

      • Kalcifer
        link
        fedilink
        English
        41 year ago

        The road to hell is paved with good intentions.

      • @n3m37h@lemmy.world
        link
        fedilink
        English
        21 year ago

        More like hide the problem so no one knows about it. This is the entire locksmith ideology, security through obscurity and that has been working out great hasn’t it?

        I don’t have any faith in our incompetent government to do anything right if it costs corporations money.

    • Jaytreeman
      link
      fedilink
      -371 year ago

      Pick an issue. Literally any issue. Canada isn’t on the morally right side (with the exception of supporting Ukraine’s war for freedom).
      People are fine. Landscape is amazing. Government at all levels needs to be gone. We’d be better off with actual criminal mobs running everything. They’d at least be competent

    • @Toribor@corndog.social
      link
      fedilink
      English
      21 year ago

      I figure half the purpose of these sorts of devices is to prove just how insecure certain systems are to bring about change. Governments rarely have a good grasp on this sort of thing though. It’s not like banning the device will make anyone more secure.

      • @n3m37h@lemmy.world
        link
        fedilink
        English
        31 year ago

        Who gives a shit? He prob doesn’t know what it is or what it is used for either, and neither does his party apparently

  • TherouxSonfeir
    link
    fedilink
    English
    151 year ago

    I’ve got one and it’s a lot of fun. Can’t lock me out of anything now.

  • @Xavier@lemmy.ca
    link
    fedilink
    English
    341 year ago

    Honestly, I am embarrassed with the whole “look like were doing something” shtick by my government. An expensive gathering of decision makers from various sectors, a National Summit, just to say: we are now gonna be soooo tough on crime and let’s ban the toy we just saw on TikTok.

    Car theft was a major problem before 2010 until engine immobilizers became mandatory since 2007 on all vehicles made in Canada

    Then everyone got too comfortable. The regulatory bodies and car manufacturers were too focused pretending doing some work and publishing all the buzzword-of-the-day “accomplishments” they were doing while patting each others backs without explicitely requiring manufacturers to comply/implement immediately anything. Meanwhile, manufacturers were happy to integrate almost off-the-shelf “children’s RC” car starter pack obfuscated through invisible/non-existent security and protected under dubious industrial secrets.

    Obviously, criminals smelled the easy money. Starting around 2013 — mystery car unlocking device | 2015 — signal repeater car burglary, car thefts by relay attacks were known by automakers but ignored as one-offs, too technical, already dealt with by law enforcement to lets pretent it’s not that big of a problem or leave it to the police. Meanwhile, insurance claim replacement vehicles are selling like hotcakes and it is “convenient” to ignore the problem.

    The following years various reprogramming theft become known and finally CAN bus injection — new form of keyless car theft that works in under 2 minutes or in depth investigation by Dr. Ken Tindell, becomes so easy, so cheap and widely available that even kids uses them to gain Youtube/TikTok followers.

    Car hacking was a becoming serious concern during the pandemic, but now it’s simply ridiculous and as if current automaker included/provided anti-theft/GPS tracking were (un)knowingly made “defective”.

    Hence, everyone is playing catch up and blaming left and right on who is responsible for this in-slow-motion public safety disaster.

    Brian Kingston, president and CEO of the Canadian Vehicle Manufacturers’ Association, which includes Ford Motor Company of Canada, General Motors of Canada and Stellantis, said increasing the risk of prosecution is the most effective way to deter vehicle theft.

    “And at the same time, providing more outbound inspection controls at the ports to prevent the flow of stolen vehicles to foreign markets by organized criminal organizations,” he added.

    New vehicle safety standards have been published (rushed?) recently. We will see if all the panic settles down like after 2007.

    Moreover, the exponential prevalence of car theft also laid bare the incredibly poor and ineffective security at the various ports of Canada. Unsurprisingly, it has been a known constant devolution:

    The devolution of port authorities in Canada has not been without debate over the past 70 years. This paper provides a brief introduction to the role of ports in Canada and then examines the history of port policy and devolution, concluding that past policies were considered to have failed due to their inability to respond to changing circumstances.

  • @Rediphile@lemmy.ca
    link
    fedilink
    English
    451 year ago

    Just ordered one. I had no real interest, but once you tell me I can’t have one…I must have one.

  • @TheObviousSolution@lemm.ee
    link
    fedilink
    English
    221 year ago

    I think people need more visibility over the electromagnetic spectrum, not less, to catch car thieves. This needs to be white hat into a car theft attempt detection kit.

  • modifier
    link
    fedilink
    English
    231 year ago

    I don’t even know how to use this thing but I bought one reflexively when I got the sense it would likely be outlawed in the future.

    • Herbal Gamer
      link
      fedilink
      English
      51 year ago

      I want to do the same but at $165 it’s a bit steep for something I probably won’t understand enough to use.

  • @banneryear1868@lemmy.world
    link
    fedilink
    English
    391 year ago

    RollJam and RollBack are the exploits for bypassing rolling codes. These exploits are possible because you can replay captured codes at a later time.

    What’s happening in most cases is the proximity-based fobs are simply amplified with a device to reach the person’s car in the driveway, since most people keep their keys by the door, and in some cases even within reach of the car without a device. It’s this low hanging fruit where the theft happens, or just a tow truck…

    The Flipper is more of an enthusiast and pranking device. The devices used in actual thefts are like disposable $50 alibaba pieces of shit. Canada is effectively creating a clandestine market for simple radio amplifiers made from the most basic electronic components. As someone in Canada who used to build the classic cmoy Altoid-tin headphone amps to sell on etsy, this is tempting…

  • @trackcharlie@lemmynsfw.com
    link
    fedilink
    English
    931 year ago

    So, rather than hold automakers accountable for not having proper and effective security practices you focus on a tool designed for security professionals.

    This take is so unbelievably brain dead I’m surprised these people are able to breathe without machine assistance

    • @dRail@lemmy.dbzer0.com
      link
      fedilink
      English
      241 year ago

      Auto makers are really bad about it. CAN Injection has been a thing for a while now. Cars are going IoT, and a flipper will be the least of the vulnerabilities as things progress.

      • @arin@lemmy.world
        link
        fedilink
        English
        11 year ago

        As things progress, security should improve. Keyword SHOULD. But they don’t because good security ain’t cheap.

      • @Custoslibera@lemmy.world
        link
        fedilink
        English
        51 year ago

        I’ve just had premonitions of cars crashing into each other in car parks when the ‘self parking’ mode is hacked…

      • @trackcharlie@lemmynsfw.com
        link
        fedilink
        English
        91 year ago

        Direct quote from https://flipperzero.one/:

        Flipper Zero Multi-tool Device for Geeks Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware, and more. It’s fully open-source and customizable, so you can extend it in whatever way you like.

        Flipper Zero is a portable multi-tool for pentesters and geeks

        multi-tool for pentesters

        pentesters

        Pentester or penetration tester is a cybersecurity professional that can be located on red team (offence) or blue team (defence) and works to determine potential vectors for attack that need to be rectified or exploited, depending on who they’re working for and what their goals are for their employer.

        • DrMango
          link
          fedilink
          English
          -21 year ago

          I mean of course the official website isn’t going to say “it’s a great tool for hackers and car thieves”

          • @trackcharlie@lemmynsfw.com
            link
            fedilink
            English
            41 year ago

            A tool is just that, a tool.

            Just because what you consider immoral or moral individuals use it doesn’t change the inherent nature of the tool to be used for specific circumstances. You’ll also notice I didn’t put any deterministic language when describing a penetration tester, because regardless of what side of the law they’re on they’re still cybersecurity professionals, it’s just that one side happens to pay better.

            A knife can be used to dissect as well as it can be used to mutilate or even vivisect. How a tool is used is determined by the user not the creator.

            Complaining that a few people use the item for nefarious purposes when the majority of problematic cases are issues at the developer level for the items being affected (i.e. vehicles) is extremely short sighted. Are you going to restrict all PC’s because they can be used for network intrusion?

            Are you going to limit access to the internet because the freely available information can teach anyone to create a dirty bomb?

            The premise of your outlook is inherently erroneous in my opinion.

            • DrMango
              link
              fedilink
              English
              11 year ago

              I’m not talking about the uses for the tool, I’m talking about how you used the company’s own website as a point of reference for the tool’s capabilities. They have a profit motive so of course they’re not going to advertise unsavory uses for their product, just like your knife companies aren’t going to advertise that their product can be used for mutilation.

              But go on with your pedantry I guess.

              • @trackcharlie@lemmynsfw.com
                link
                fedilink
                English
                0
                edit-2
                1 year ago

                The irony of you saying I am the one being pedantic is seriously hilarious.

                You should probably work on your reading comprehension and critical thinking skills.

                The entire premise of your argument is ‘only criminals use this tool’ or ‘the majority of users of this tool are criminals’ when that is fundamentally and objectively incorrect.

                You clearly lack any serious experience in computer science, let alone cybersecurity, and it shows.

  • @dangblingus@lemmy.dbzer0.com
    link
    fedilink
    English
    81 year ago

    The truth of the matter is, Canadian laws are intentionally non-sensical and intentionally don’t address the root cause of crime. Our country’s leaders are openly engaging in numerous large scale scams not the least of which is the stolen car market. How do you think alllllll of these stolen cars wind up in Africa and SE Asia? Shipping manifests, inspections, public awareness of the string of thefts. How does the government manage to always miss these blind spots do you think?

  • Uriel238 [all pronouns]
    link
    fedilink
    English
    241 year ago

    This reminds me of IMSI catchers, which governors and mayors don’t mind if law enforcement has them, but when your neighbor makes one out of a mail-order kit and a soldering gun then suddenly it’s an instrument of terror.

    Oh and police aren’t supposed to have them in the US, but no one punishes them for using one. It’s inadmissible in court, so they have to parallel construct (id est, lie ) about how they got your location from an informant or through detection dogs or something.

    In fact, a lot of security is lax, and we don’t bother until it’s private interests rather than law enforcement that are using them with malicious intent.