• jadero@lemmy.ca
    link
    fedilink
    arrow-up
    83
    arrow-down
    3
    ·
    11 months ago

    Sure, let’s ban everything we don’t understand and every tool that can be used to break into something. Next we’ll be banning rocks because they break windows and crowbars because they can be used to jimmy locks.

    • Nik282000@lemmy.ca
      link
      fedilink
      arrow-up
      44
      ·
      11 months ago

      I think this is the first shot in the open war on technology, there has been a quiet push for years.

      Automakers blame an RF toy for their own disgustingly poor security measures, and the government jumps to ban the toy. What happens when Bell declares that only criminals need a VPN to hide their traffic, or Rogers decides that only a hacker would ever need to have server in their home? How about a more general case, cordless angle grinders and sawzalls are the fastest way to steal catalytic converters from cars, how long before they are subject to a ban or can only be sold to “approved” persons?

        • CanadaPlus@lemmy.sdf.org
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          10 months ago

          I know! Clearly the UK is on a level of stranger paranoia that I can’t really fathom. Over here that still sounds like the hyperbole someone would use to argue against restrictions on more complex weapons, not a serious suggestion.

  • xmunk
    link
    fedilink
    arrow-up
    62
    ·
    11 months ago

    Let’s instead declare public enemy number one as the asshat marketers that took away our physical keys and forced us to use poorly secured dongles.

    • saigot@lemmy.ca
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      10 months ago

      Its really no worse than it was with keys. The flipper zero only works on very cheap, corner cutting simple systems. A lot of cars (and all cars should) use non-repeating codes so a simple interception is useless. That doesn’t make them invincible of course.

      Those cars would, back in the day, use simple corner cutting keys to be secured. There were quite a few cars back in the day that would have only a very small number of keys meaning there was a mon-trivial chance of you running into a car that you could open that wasn’t your own. There are countless stories of people accidentally unlocking and getting into cars that are not there’s.

      Here’s a concrete example, there are only about 5000 different keys for some brands of Toyota. A car thief could get 10keys and try 10cars a day (and remember this would take a minute or 2 and not really look suspicious) and successfully steal a car every 2 months or so. A dongle pretty decisively kills this avenue of attack. But like all things shitty engineering opens up new attacks, although on the whole it’s a lot harder to steal a car today than before dongles.

    • CanadaPlus@lemmy.sdf.org
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      edit-2
      10 months ago

      Agreed! It’s actually pretty easy to make a car not start - that is in fact the default behavior for a large chunk of metal. The fact they will start given whatever fixed input is incredibly unnecessary.

      Edit: Apparently they don’t? It’s in the article. This announcement is just totally misaimed.

    • delirious_owl@discuss.online
      link
      fedilink
      arrow-up
      1
      arrow-down
      2
      ·
      10 months ago

      Dont all cars still have physical keys (necessary for dead batteries)?

      And don’t all cars have a switch to turn off wireless keys?

      • Killer57@lemmy.ca
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        10 months ago

        I can most assuredly tell you that that is not the case, my vehicle does have a physical key hidden away in the fob, it however only unlocks the driver side door, that’s it.

          • Killer57@lemmy.ca
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            edit-2
            10 months ago

            Ok cool, I have entered my vehicle with the key alone, there is no possible way to start it without the fob. Save possibly a flipper,

              • Killer57@lemmy.ca
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                10 months ago

                Well for me it does not, hell my car doesn’t even have a oil or transmission dipstick, they have taken those away and run the info through the infotainment console.

    • LostWon@lemmy.ca
      link
      fedilink
      arrow-up
      9
      arrow-down
      3
      ·
      edit-2
      11 months ago

      Seems more to me like vulnerabilities are widespread in everything, and this thing ended up being made to exploit them?

      *edit
      Wait, did you mean the same thing I said? Phrasing wasn’t clear to me.

      • PlzGivHugs
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        11 months ago

        This is made to exploit them in the same way a knife is made to cut. It can be used for harm (although is a very weak, outdated tool for it that intentionally knee-caps this use) or it can be used for good, where it is a basic, unspecialized option that anyone can make or aquire. Like if the government tried to stop violence by banning knives, a ban would have little impact except on the least committed individuals (IE not organized crime) while being an annoyance to normal people by focing them to sharpen their own metal plates rather than buying them pre-made.

        If they actually want to stop these crimes, more reasonable courses of action might be tracking what is shipped, acting on reports of stolen property, trying to impede large-scale organized crime when it is found, or requiring that vehicles maintain security protocols that take into account the existance of computers outside the vehicle.

        • LostWon@lemmy.ca
          link
          fedilink
          arrow-up
          1
          ·
          11 months ago

          OK, sure. I appreciate that explanation but I wasn’t unsure about how ways the Flipper Zero or devices like it might be used (just as I’m aware there are reasons for and against the existence of backdoors in software). Based on your response, did you think I was in favour of banning it? I never intended any value judgments about how it might be used, but perhaps some people are reading into my use of the term “exploit” even though it’s not always a negative term.

          I added the edit above because I was trying to figure out the intended meaning of the comment I was replying to, since it didn’t make sense to me. Probably it’s just awkwardly worded and that threw me off, since it doesn’t make sense otherwise.

          • PlzGivHugs
            link
            fedilink
            English
            arrow-up
            6
            ·
            edit-2
            11 months ago

            Pretty sure he’s saying they’re ignoring the vulnerabilities entirely, and instead trying to push the blame onto pen-testing tools. Like saying that a disease is spreading because of all the testing, rather than because they stopped treating the drinking water.

            • LostWon@lemmy.ca
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              10 months ago

              Cool, if that’s the case then it actually was the same thing I was saying. If someone had just made harmless fun of the misunderstanding I would have laughed right along. Too bad the atmosphere got weirdly ugly for some reason. Anyway, thanks for taking the time.

      • LostWon@lemmy.ca
        link
        fedilink
        arrow-up
        5
        arrow-down
        2
        ·
        11 months ago

        Wow, I check back to see if clarification is available and now I have downvotes? People really are getting meanspirited on here.

        • Evkob@lemmy.ca
          link
          fedilink
          arrow-up
          6
          ·
          11 months ago

          Yeah I’ve started to notice people are engaging in less good-faith conversation than when I first joined Lemmy last summer.

          I think a lot of ex-reddit users, after the initial excitement and novelty of the migration to Lemmy, eventually slipped back into their bad habits from reddit. Reminds me of this this blog post denouncing the unhealthy behaviours that are all too common of online discourse.

          • xmunk
            link
            fedilink
            arrow-up
            6
            ·
            11 months ago

            There’s a reason hackernews just straight up denies you from downvoting direct replies… and it’s to discourage a knee jerk reaction to downvote anyone who disagrees with you.

    • CanadaPlus@lemmy.sdf.org
      link
      fedilink
      arrow-up
      4
      ·
      10 months ago

      Yeah, that’s the bright side here. If they try to control everyone by banning science, bitch, I’ve already got it!

  • PlzGivHugs
    link
    fedilink
    English
    arrow-up
    37
    ·
    11 months ago

    So basically, the government doesn’t care about the issues and doesn’t plan to do anything about it.

    • j4k3@lemmy.world
      link
      fedilink
      English
      arrow-up
      22
      ·
      11 months ago

      Nah, the politicians asked around, the automaker lobbyists blamed the device, some intern-slave wrote a halfass bill, and no one cared to stop fundraising as little power prostitutes long enough to question it.

      • PlzGivHugs
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        11 months ago

        Thats just what I said, but with more words

        • CanadaPlus@lemmy.sdf.org
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          10 months ago

          I mean, you could argue they still care about the issues, just not enough to do something more effective and difficult.

  • ikidd@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    ·
    11 months ago

    Of course, they don’t work on vehicles with rolling codes like, you know, all of them since the 90s. But don’t let the facts get in the way of a good do-nothing press opportunity.

    • CanadaPlus@lemmy.sdf.org
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      10 months ago

      How are people even stealing cars by fob, then?

      Edit: It’s in the article. By using the fob + an amp or cracking the codes like big boys, neither of which this can do. Flipper Zero should sue the government for defamation.

      • ikidd@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        Yah, they just repeat the signal from a fob near a wall to hit the vehicle, which is now set to always open if the key is near enough. It’s a stupid setup that’s ripe for abuse like this, instead of just having the user press a button like they did before. That would have been impossible to exploit, but convenience always trumps security.

  • Nik282000@lemmy.ca
    link
    fedilink
    arrow-up
    20
    arrow-down
    6
    ·
    11 months ago

    Canadian Prime Minister Justin Trudeau has identified an unlikely public enemy No. 1 in his new crackdown on car theft: the Flipper Zero

    What a fucking ignorant, dickless, corporate cock-sucking, asshat.

    The flipper is no different than any laptop or phone + an SDR, it just has an extra spicy collection of software available by default. Literally anyone can assemble the hardware and software needed to duplicate the functionality of the Flipper for a fraction of the price using off the shelf parts.

    • NeonKnight52@lemmy.ca
      link
      fedilink
      arrow-up
      14
      arrow-down
      1
      ·
      11 months ago

      Honestly they just need an enemy to distract from real potential solutions because solutions are hard. They did the same thing with firearms.

      What an asshat indeed.

      • i_love_FFT@lemmy.ml
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        10 months ago

        Yeah, they should definitely have targeted vulnerabilities instead. Human skin should not be so easy to pierce with bullets…

    • CanadaPlus@lemmy.sdf.org
      link
      fedilink
      arrow-up
      4
      ·
      10 months ago

      I mean, that’s typical politician behavior. let’s not pretend the other options are different. This is the shit you have to do to get morons to vote for you.

  • CazRaX@lemmy.world
    link
    fedilink
    arrow-up
    11
    ·
    11 months ago

    So they are saying I need to invest in one of these devices? I didn’t even know it existed but after seeing what it can do I want one, thanks Canadian government.

    • HikingVet@lemmy.ca
      link
      fedilink
      arrow-up
      7
      ·
      11 months ago

      As far as I can tell, it hasn’t been banned yet. So go get one and then don’t get caught with it once the toothless ban comes into force.

    • 🇰 🌀 🇱 🇦 🇳 🇦 🇰 ℹ️@yiffit.net
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      11 months ago

      The price is what kept me from having one already. I always wanted a device like this since I was a kid and the idea was still science fiction.

      Ironically, I first heard about it from a video review showing it doesn’t actually do some of these hacks well or at all, such as opening a garage door by duplicating the code of the remote for the garage door.

      • Cyborganism@lemmy.ca
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        Yeah lol. You can’t do much unless you have the original device you want to clone or are lucky enough to be within range and time it right when it’s used to capture any signal.

  • AnotherDirtyAnglo@lemmy.ca
    link
    fedilink
    arrow-up
    7
    ·
    10 months ago

    If a car can be stolen with a battery-powered toy of off-the-shelf electronic parts assembled into a cute box, maybe automakers need to modernize their security.

  • CanadaPlus@lemmy.sdf.org
    link
    fedilink
    arrow-up
    6
    ·
    10 months ago

    So it’s just a small radio? Lol, how the fuck are they going to manage this? Even if they went full North Korea you can make a little SDR from e-waste.

    There’s a chance they’ll take the approach they did with guns and just pick an arbitrary collection of specific products. And if they do, it’ll be just as much of a a “dog and pony show”. You’ll still be able to buy and use radios, including ones that can tune to whatever frequency (probably 13.56Mhz).

    • brax
      link
      fedilink
      arrow-up
      4
      ·
      10 months ago

      It’s a bunch of antennas. Low GHZ radio, RFID, NFC, Bluetooth. It will also read/write those button-cell keys. There’s also GPIO for you to create your own add-on hardware.

      I have no clue how they plan on outlawing them, but it’s going to be some reactionary knee-jerk law that does more harm than good.

      If the concern is car theft, go after the vehicle manufacturers that aren’t using rolling codes and properly securing their vehicles.

      • Xtallll@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        Other than the one wire connector and the IR, most phones have all the same hardware and much more compute power, there is nothing stopping a rooted phone from doing the same thing. The Flipper is just an easy UI on a cool form factor.

        • brax
          link
          fedilink
          arrow-up
          2
          ·
          10 months ago

          My S5 still works and has an IR blaster.

      • CanadaPlus@lemmy.sdf.org
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        10 months ago

        It sounds like a lot of the thefts work based on the principle of amplifying the fob so it seems close to the car even when it’s not. Because all reasonable EM radiation can be amplified, there’s no simple way to beat that short of going back to requiring a fob button push, so it’s basically convenience vs. security.

        They could try fobs that are smart enough to guess whether they’re being handled normally when activated, but that will 100% annoy consumers any time they try and do something the software doesn’t expect. It could even get as bad as the consumer putting the fob on a flat surface in another vehicle, and gently driving it up to the vehicle they want to move into.

        • brax
          link
          fedilink
          arrow-up
          1
          ·
          10 months ago

          I’m not sure how they’re pulling that kind of attack off with a flipper, unless they’re relying on the gpio and/or custom firmware

          • CanadaPlus@lemmy.sdf.org
            link
            fedilink
            arrow-up
            2
            ·
            10 months ago

            Yeah, flippers are completely irrelevant to the whole problem as far as I can tell, beyond also being a cheap radio.

  • Powerpoint@lemmy.ca
    link
    fedilink
    arrow-up
    6
    ·
    11 months ago

    Shouldn’t it be the Ontario Conservatives privatizing service Ontario that’s enabling all these thefts?

  • andrewth09@lemmy.world
    link
    fedilink
    arrow-up
    5
    ·
    10 months ago

    “California declares new illicit super material called ‘porcelain’ public enemy No. 1 for car break in crackdown.”

  • Swordgeek@lemmy.ca
    link
    fedilink
    arrow-up
    5
    ·
    10 months ago

    Now about public enemy no. 1 for car theft being car thieves?
    After that, negligent manufacturers.

    Nah, let’s attack tools instead.