Canada is signaling that it won’t fully ban the Flipper Zero. Instead, the aim is to crack down on “illegitimate actors” from exploiting the devices to steal cars. On Wednesday, the Innovation, Science and Economic Development Canada (ISED) department clarified its stance on the issue, telling PCMag the intention is “to ban the illegitimate use of wireless devices used during car thefts.”“The intent is to move forward with measures to restrict the use of such devices to legitimate actors only, and therefore the importation, possession, sale, and use by illegitimate actors will not be permitted,” the department said in an email. “Innovation, Science and Economic Development Canada is already working with Canadian companies, online retailers and the automotive industry to address this issue and will be announcing its specific plans in the near future,” the agency added. The statement comes as the makers of the Flipper Zero launched a petition, urging the country to drop the ban. “Such proposals are usually made by those who do not really understand how security works and will do nothing to solve the car theft problem,” Flipper Devices CEO Pavlo Zhovner wrote. A month ago, Canada’s Minister of Minister Innovation, Science, and Industry François-Philippe Champagne publicly announced the ban to crack down on car thefts. “We are banning the importation, sale and use of consumer hacking devices, like flippers, used to commit these crimes,” he wrote on Twitter. It now looks like his department, ISED, is walking back a full ban, following some backlash from the security community. But it remains unclear how authorities will try to stop the flow of Flipper Zero devices to illegitimate actors without impacting retail sales, although Canada is reportedly considering a licensing approach. Flipper Devices didn’t immediately respond to a request for comment. But the company says it’s found no evidence that the Flipper Zero has ever been used for a real car theft. Instead, the $169 device has been featured in social media videos, showing that a Flipper Zero can indeed copy the wireless signal from a key fob. But the company says the “rolling codes” on today’s key fobs can thwart a copied wireless signal from unlocking a car door.
Recommended by Our Editors
“A rolling code is a changing set of numbers. This means that whenever the user presses a button on a remote, it generates a unique code based on a sequence known only by the access control system,” Flipper Devices said in a blog post. “Simply capturing a signal and replaying it wouldn’t provide access since this set of numbers has already been used.”Still, some security researchers have discovered a way to bypass the rolling codes on today’s key fobs to initiate what’s called a “Rollback” attack. This involves capturing consecutive radio signals from a key fob, although Flipper Devices contends pulling off this kind of attack is harder in practice. The company also argues that Canada should focus on forcing car makers to fix security flaws, rather than outlawing tools that can be used to uncover rather basic vulnerabilities. In the meantime, Flipper Devices says the real culprit behind car thefts has been the use of more powerful radio repeaters, which usually cost thousands of dollars. These thieves have been targeting vehicles with keyless entry systems, which can activate the vehicle’s engine if the key fob is nearby. “To steal a car with a keyless entry system, thieves work in pairs and use radio repeaters to trick the car into believing the key fob is nearby when it’s actually inside the victim’s house,” the company said.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
