this post was submitted on 10 Feb 2024
379 points (96.3% liked)

Technology

59534 readers
3223 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Canada to ban the Flipper Zero to stop surge in car thefts::The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.

you are viewing a single comment's thread
view the rest of the comments
[–] febra@lemmy.world 43 points 9 months ago (1 children)

Next, ban radio waves, because car companies are too damn dense to create a proper product lol

[–] sebinspace@lemmy.world 6 points 9 months ago (4 children)

I’m surprised no fobs use a time-based token to prevent replay attacks. Would make it a bit of a bitch to replace the battery, but hey-ho, tradeoffs.

[–] ikidd@lemmy.world 5 points 9 months ago (1 children)

They use rolling codes that aren't susceptible to FlipperZero anyway. This is a dog and pony show.

[–] sebinspace@lemmy.world 1 points 9 months ago (1 children)

they use rolling codes

All of them? Source?

[–] ikidd@lemmy.world 4 points 9 months ago

It's been that way for a long time, it's just kinda the accepted way. The vehicle builders had seen what garage door systems problems came about from hard-switched or dip-switched codes and just went that way from the start.

https://en.wikipedia.org/wiki/Remote_keyless_system#Security

The newer vehicles have these always-on systems now, the owner doesn't have to press a specific button. So theives can amplify the fob signal that's constantly being emitted in the house and get the car to open, then program new keys once they're in the vehicle and drive away. But that has nothing to do with the Flipper, that's just a radio repeater.

[–] KairuByte@lemmy.dbzer0.com 3 points 9 months ago (1 children)

More of an issue with the fob being to connect to a service to get the current time. Technically possible, but would add cost. And if that time is ever out of sync it just won’t work.

[–] sebinspace@lemmy.world 5 points 9 months ago (1 children)

I can put an RTC in an Arduino for about $8. It keeps time accurately. If it gets out of sync, maybe a Bluetooth connection to let it do an NTP request through another device.

Cellular connectivity is not required.

[–] KairuByte@lemmy.dbzer0.com 1 points 9 months ago

RTC’s are not inherently accurate. You have an RTC in your computer, but disconnect it from the internet for a year and it’s extremely unlikely it will be able to pass an OTP check.

Add to that the fact that RTCs run off power, means that the fob would need to actively pull from the battery 24/7. What happens when that battery voltage drops below the required power level? The time goes out of sync. Not to mention you need to change the battery at some point.

Adding Bluetooth would be a terrible idea. You’d then need to make sure the device can receive firmware updates, and we all know the reputation car companies have for updates to things.

Better option would be to receive the date and time from a transmission, be it FM or cell. And no, you wouldn’t have to pay for cell.

The problem comes when you’re in an area that doesn’t have these available, which is still quite possible in the US.

So we loop back to these not really being that viable. They will work most of the time, in most instances. But they’d be shooting themselves in the foot in certain places and with certain users.

[–] Natanael@slrpnk.net 2 points 9 months ago

Challenges-reponse protocols are what's needed

[–] Chriswild@lemmy.world 2 points 9 months ago (1 children)

Instead of a time based token they should have authentication. To start the car you need biometric or passcode or Bluetooth to connect and the fob.

For the life of me I don't understand why my phone has better security than my car.

[–] rottingleaf@lemmy.zip 2 points 9 months ago

Cause what's in the title is normal news. That's why. Dumbasses having power to decide for us that it's the tools to blame.