Update 2/13 2:47 AM PT
We have received a response from noted cyber security expert and author Freakyclown which provides more insight into the impact of Canada's potential ban.
Updated Story
During a recent national summit for combatting car theft, a Canadian government official, François-Philippe Champagne the Minister of Innovation, Science and Industry announced that the country aims to ban devices such as Flipper Zero, due to their use in car theft.
In the press release, the Canadian government states that it is "Pursuing all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with law enforcement agencies."
We reached out to Flipper Devices for comment and the response to the claim that Flipper Zero could be used to steal a car is something that Flipper Devices COO Alex Kulagin denies. “Flipper Zero can’t be used to hijack any car, specifically the ones produced after the 1990s, since their security systems have rolling codes. Also, it’d require actively blocking the signal from the owner to catch the original signal, which Flipper Zero’s hardware is incapable of doing,” said Kulagin. “Flipper Zero is intended for security testing and development and we have taken necessary precautions to ensure the device can’t be used for nefarious purposes.”
We've seen Flipper Zero being used to emulate RFID and NFC devices, but these are "dumb" devices when compared to car security systems. The rolling codes used in modern car security mean that a thief would need to intercept the user pressing the fob, capture the code, and then use it at a later date. Flipper Zero is not able to block the signal. For that you would need a device from a nefarious source.
South of the U.S. / Canadian border, the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) analyzed Flipper Zero's abilities and produced the following statement.
"The popular, in-demand hacking tool went viral on TikTok in late 2022 and can be used as a positive, legitimate, and convenient way for pentesters and curious minds to learn about, access, and dissect signals and protocols. Demand continues to increase, limiting the supply and causing consumers to engage third-party vendors selling the product at higher costs. Threat actors are leveraging the high demand and low supply by impersonating social media accounts and official Flipper Zero vendor websites to interact with and lure potential customers into paying with cryptocurrency without actually sending them the device. Additionally, most of the posted TikTok videos reportedly may have been staged and provided misinformation, as most modern wireless devices are not vulnerable to simple replay attacks."
Will blocking the sale of Flipper Zero and other devices put a significant dent in the number of car thefts in Canada? Probably not. Co-Founder of Cygenta and former head of Cyber Research for Raytheon, Freakyclown, thinks that this will "stop innovation of security research and stem security getting better." Freakyclown also states that banning the devices won't stop criminals from buying them "because… *checks notes* criminals do not care about the law!" We asked Freakyclown for comment and their reply is reproduced in its entirety.
"Recently, there has been a surge of discussions surrounding Canada's potential ban on the Flipper Zero device, with proponents arguing it will curb criminal behavior and enhance security. However, a closer examination reveals that such a ban could have adverse effects on innovation in security research and might not effectively address underlying security challenges.
The Flipper Zero, a versatile hacking tool and educational device, has gained popularity among cybersecurity enthusiasts for its ability to explore and understand various security vulnerabilities. Despite its potential for misuse, advocating for its ban overlooks several crucial aspects.
First and foremost, banning the Flipper Zero would stifle innovation in security research. The device serves as a valuable tool for cybersecurity professionals and enthusiasts alike to analyze and fortify systems against potential threats. By prohibiting its use, we risk hindering the development of essential skills and techniques necessary for combating emerging cyber threats.
Moreover, the notion that banning the Flipper Zero will deter criminal behavior is flawed. Criminals, by their nature, do not adhere to laws and regulations. They are adept at finding alternative methods and tools to achieve their nefarious objectives. Thus, implementing a ban on the device might only serve as a temporary inconvenience rather than a long-term solution to combating cybercrime.
Furthermore, the Flipper Zero ban could inadvertently create a false sense of security. Instead of addressing the root causes of security vulnerabilities, such as inadequate system design or lax cybersecurity protocols, it offers a superficial solution that fails to address underlying issues effectively. True security enhancement requires a multifaceted approach that includes education, collaboration, and the continuous evolution of defensive measures.
Critics argue that focusing on banning specific devices detracts from the real issues at hand, namely the need for comprehensive cybersecurity policies and initiatives. Rather than resorting to knee-jerk reactions such as bans, policymakers should prioritize investing in education, fostering collaboration between industry stakeholders, and promoting responsible use of technology.
In conclusion, while concerns regarding the potential misuse of the Flipper Zero are valid, implementing a ban is not the most effective solution. Such a move risks stifling innovation, failing to deter criminal behavior, and providing a false sense of security. Instead, policymakers should focus on holistic approaches to cybersecurity that address underlying vulnerabilities and promote responsible innovation in the field. Only through collaborative efforts can we achieve meaningful progress in enhancing digital security for all. #CrimsGonnaCrim"
so... flipper zero is now forbidden on hand luggage across uk airports. just got mine seized by security. ffs! pic.twitter.com/m83QWAGnnkSeptember 27, 2023
Thinking of taking your Flipper Zero on your next flight? Then make sure that it is in the hold, and not in your hand luggage. As reported by The Daily Dot, Vitor Domingos's Flipper Zero was seized by security at London Gatwick airport. During a conversation with airport security, which went "downhill", Domingos's Flipper Zero was handed over to the police, who have yet to return it.
Flipper Zero is a "portable multi-tool device for geeks" and has more in common with a Swiss Army knife than a specialized theft tool. If you are into cyber security, as a hobby or as a career, then its abilities and apps will give you the tools to audit your devices, and those of your clients. With the base device one can read RFID, NFC and many other sub 1 GHz radio devices. Bluetooth and Infrared and also well catered for, along with a basic GPIO which is compatible with the Raspberry Pi and Arduino type boards.
