A little over a month ago, the Government of Canada announced that they were considering banning the sale and even possession of the Flipper Zero device, because vehicle theft using this device had increased exponentially. Now the Flipper Zero team has published a complete article on its official blog, which explains in great detail how cars are being stolen today, highlighting the complete lack of knowledge that the Government of Canada has on this issue. They explain in very detail that it is not technically possible to do so with this device, unless it is a car from more than 25 years ago that had a fixed code to open them, however, in this case a Flipper is not even necessary. Zero to steal it, there are much cheaper methods to do it.
Since the release of the Flipper Zero, there are many videos on the Internet showing how this device can be used to open car doors, garages, clone keys, credit cards and much more. There is some of this information that is true, but under certain conditions that the videos do not detail in order to obtain more views. It seems that the Government of Canada is watching these videos, instead of investigating the real origin of the car theft problem, and the problem is not Flipper Zero, it is the lack of security of the fixed codes that old cars used.
To give an example that we have done ourselves. There are codes that are “rolling code” that can also be decrypted because they do not have good security, such as some Nice engines, as we have demonstrated in the following video. But you need to be close to the original controller to capture the signal, decipher it, and then use it. There are engines that use rolling code that cannot be decoded, however, in this example it can:
In this case, we also indicate some solutions to prevent someone from duplicating the command and opening the door for us. For example, in our personal case with home automation and Home Assistant we have a Shelly Plus 1 “closing” the door locking ports, so it cannot be opened without previously unlocking, not even we with the original remote control will be able to open the door. door if we don’t unlock it. You can see in detail how to configure your garage door with Home Assistant and a Shelly 1 in our complete tutorial.
Flipper exposes the Government of Canada
The Canadian Minister of Innovation, Science and Industry, François-Philippe Champagne, has announced measures to combat the increase in car theft in the country. He has stated that they will outright ban the sale and possession of Flipper Zero, as it is used for criminal purposes to steal cars with keyless systems. Nothing could be further from the truth, this device is not capable of performing this action due to the built-in hardware. In fact, the systems that are capable of cloning these keyless systems cost thousands of euros and have very complex hardware and software.
The Minister posted a message on insecure security systems. Currently, this device is not capable of deciphering security systems used by current cars, it is only capable of cloning and replicating security systems with a fixed code, as is also the case with garage doors that use this technology, which is insecure by nature. .
He Flipper Zero team on their blog has explained in detail how the car theft that is taking place in Canada, and in many other countries, works. And they have made it clear that the device they intend to ban is not capable of doing this. In fact, there are quite simple methods that we can do at home with a computer with a headphone jack and microphone, and the following materials:
- Headphones with integrated microphone.
- Diode
- Electrical capacitor
- Audio recording program like Audacity
In the following video you can see how this signal can be captured and decoded for later use:
Flipper Zero
@flipper_zero
Btw, you don’t need a Flipper Zero to “hack” dumb radio protocols. The piece of wire is enough.
Check out how to receive and decode 433MHz radio signal just with a PC sound card. https://t.co/9zLN2pMnoY
March 21, 2024 • 13:06
2.5K
66
This example shows that it is totally absurd to block the sale and possession of the Flipper Zero, with the aim of preventing thefts of old cars that use totally insecure security systems. To protect themselves from radio signal interception, they would have to ban even wired headphones, which is not realistic at all.
What the industry must do is improve the security of its systems, since security by obscurity is not recommended. For example, over time we have replaced the HTTP protocol (without encryption) with HTTPS that incorporates encryption, and which solves many security problems. In addition, we have also seen how the TLS 1.0 or TLS 1.1 protocols had certain vulnerabilities, and have been replaced by secure versions. The same thing happens with debit and credit cards, they have gone from having a magnetic stripe, which was completely insecure, to a chip or NFC with the private key encrypted.
