On February 8, François-Philippe Champagne, the Canadian Minister of
  Innovation, Science and Industry, [1]announced Canada would ban devices
  used in keyless car theft. The only device mentioned by name was the
  Flipper Zero—the multitool device that can be used to test, explore,
  and debug different wireless protocols such as RFID, NFC, infrared, and
  Bluetooth.

  EFF explores toilet hacking

  While it is useful as a penetration testing device, Flipper Zero is
  [2]impractical in comparison to other, more specialized devices for car
  theft. It’s possible social media hype around the Flipper Zero has led
  people to believe that this device offers easier hacking opportunities
  for car thieves*. But government officials are also consuming such
  hype. That leads to policies that don’t secure systems, but rather
  impedes important research that exposes potential vulnerabilities the
  industry should fix. Even with Canada [3]walking back on the original
  statement outright banning the devices, restricting devices and sales
  to “move forward with measures to restrict the use of such devices to
  legitimate actors only” is troublesome for security researchers.

  This is not the first government seeking to limit access to Flipper
  Zero, and we have [4]explained before why this approach is not only
  harmful to security researchers but also leaves the general population
  more vulnerable to attacks. Security researchers may not have the
  specialized tools car thieves use at their disposal, so more general
  tools come in handy for catching and protecting against
  vulnerabilities. Broad purpose devices such as the Flipper have a wide
  range of uses: penetration testing to facilitate hardening of a home
  network or organizational infrastructure, hardware research, security
  research, protocol development, use by radio hobbyists, and many more.
  Restricting access to these devices will hamper development of strong,
  secure technologies.

  When Brazil’s national telecoms regulator [5]Anatel refused to certify
  the Flipper Zero and as a result prevented the national postal service
  from delivering the devices, they were responding to media hype. With a
  display and controls reminiscent of portable video game consoles, the
  compact form-factor and range of hardware (including an infrared
  transceiver, RFID reader/emulator, SDR and Bluetooth LE module) made
  the device an easy target to demonize. While conjuring imagery of
  point-and-click car theft was easy, citing examples of this actually
  occurring proved impossible. Over a year later, you’d be hard-pressed
  to find a single instance of a car being stolen with the device. The
  number of cars stolen with the Flipper seems to amount to, well, zero
  (pun intended). It is the same media hype and pure speculation that has
  led Canadian regulators to err in their judgment to ban these devices.

  Still worse, law enforcement in other countries have signaled their own
  intentions to place owners of the device under greater scrutiny. The
  Brisbane Times [6]quotes police in Queensland, Australia: “We’re aware
  it can be used for criminal means, so if you’re caught with this device
  we’ll be asking some serious questions about why you have this device
  and what you are using it for.” We assume other tools with similar
  capabilities, as well as Swiss Army Knives and Sharpie markers, all of
  which “can be used for criminal means,” will not face this same level
  of scrutiny. Just owning this device, whether as a hobbyist or
  professional—or even just as a curious customer—should not make one the
  subject of overzealous police suspicions.

  It wasn’t too long ago that proficiency with the command line was seen
  as a dangerous skill that warranted intervention by authorities. And
  just as with those fears of decades past, the small grain of truth
  embedded in the hype and fears gives it an outsized power. Can the
  command line be used to do bad things? Of course. Can the Flipper Zero
  assist criminal activity? Yes. Can it be used to steal cars? Not nearly
  as well as many other (and better, from the criminals’ perspective)
  tools. Does that mean it should be banned, and that those with this
  device should be placed under criminal suspicion? Absolutely not.

  We hope Canada wises up to this logic, and comes to view the device as
  just one of many in the toolbox that can be used for good or evil, but
  mostly for good.

  *Though concerns have been raised about Flipper Devices' connection to
  the [7]Russian state apparatus, no unexpected data has been observed
  escaping to Flipper Devices' servers, and much of the dedicated
  security and pen-testing hardware which hasn't been banned also suffers
  from similar problems.

References

  1. https://www.canada.ca/en/public-safety-canada/news/2024/02/government-of-canada-hosts-national-summit-on-combatting-auto-theft.html?ref=blog.flipper.net
  2. https://blog.flipper.net/response-to-canadian-government/
  3. https://www.pcmag.com/news/canada-walks-back-ban-of-flipper-zero-targets-illegitimate-use-cases
  4. https://www.eff.org/deeplinks/2023/03/flipper-zero-devices-being-seized-brazils-telecom-agency
  5. https://www.gov.br/anatel/pt-br
  6. https://www.brisbanetimes.com.au/national/queensland/police-email-warns-new-device-can-emulate-car-fobs-garage-door-remotes-20240325-p5ff1e.html
  7. https://simovits.com/wp-content/uploads/2023/09/Flipper-Zero-Zero-Trust-or-Beware-of-Geek-Bearing-Gifts-2023.pdf

You are viewing proxied material from 1436.ninja. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.