In his new crackdown on car theft, Canadian Prime Minister Justin Trudeau has identified an unlikely public enemy No. 1: Flipper Zero, a $200 piece of open-source hardware used to intercept, analyze, and interact with simple radio communications.
Innovation, Science and Economic Development Canada agency on Thursday he said will “pursue all means to disable devices used to steal vehicles by copying wireless signals for remote keyless entry, such as the Flipper Zero, which would allow these devices to be removed from the Canadian market through cooperation with law enforcement.” A social media post by François-Philippe Champagne, the agency’s minister, said that as part of the crackdown, “we are banning the importation, sale and use of consumer hacking devices such as flippers used to commit these crimes.”
In remarks made the same day, Trudeau said the push would focus on similar tools, which he said could be used to defeat the anti-theft protections built into virtually all new cars.
“In reality, it’s too easy for criminals to get hold of sophisticated electronic devices that make their jobs easier,” he says he said. “For example, copying car keys. It is unacceptable that tools that assist car theft can be purchased on major online shopping platforms.”
Such prohibited instruments would likely include HackRF One and LimeSDR, which have become essential for analyzing and testing the security of all kinds of electronic devices in order to find vulnerabilities before they are exploited. None of the government officials identified any of the tools, but in an email, a representative of the Canadian government repeated the use of the phrase “We are utilizing all available avenues to prohibit devices used for stealing vehicles by replicating wireless signals for remote keyless entry.”
Modest hobby equipment
Efforts to ban any of these tools have been met with heavy criticism from hobbyists and security professionals. Trudeau’s focus on Flipper Zero only strengthened their case. This thin, lightweight device with an adorable dolphin logo works like a Swiss army knife for sending, receiving, and analyzing all kinds of wireless communications. It can communicate using various radio signals, including RFID, NFC, Bluetooth, Wi-Fi, or standard radio. People can covertly use them to change bar TV channels, clone simple hotel keys, read an RFID chip implanted in pets, open and close some garage doors, and until Apple releases a patch send iPhones to an endless DoS loop.
The price and ease of use make the Flipper Zero ideal for beginners and hobbyists who want to understand how increasingly ubiquitous communication protocols such as NFC and Wi-Fi work. It combines various open-source hardware and software into a portable format that is sold at an affordable price. The device, lost to the Canadian government, isn’t particularly useful in car thefts because it lacks the more advanced capabilities needed to bypass the anti-theft protections that have been in place for more than two decades.
One thing Flipper Zero is extremely ill-equipped to do is defeat the modern anti-hacking protections built into cars, smart cards, phones, and other electronic devices.
The most widespread form of car theft using electronics today, for example, uses the so-called relay devices for signal amplification against keyless ignition and entry systems. This form of hack works by holding one device near the key fob and the other device near the vehicle the fob works with. In the most typical scenario, the tag is placed on a shelf near the locked front door and the car is several dozen feet away in the driveway. By placing one device near the front door and another next to the car, the hack transmits the radio signals necessary to unlock and start the device.