Canadian Prime Minister Justin Trudeau has identified an unlikely public enemy No. 1 in his new crackdown on car theft: the Flipper Zero, a $200 piece of open source hardware used to capture, analyze and interact with simple radio communications.
On Thursday, the Innovation, Science and Economic Development Canada agency said it will “pursue all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with law enforcement agencies.” A social media post by François-Philippe Champagne, the minister of that agency, said that as part of the push “we are banning the importation, sale and use of consumer hacking devices, like flippers, used to commit these crimes.”
In remarks made the same day, Trudeau said the push will target similar tools that he said can be used to defeat anti-theft protections built into virtually all new cars.
“In reality, it has become too easy for criminals to obtain sophisticated electronic devices that make their jobs easier,” he said. “For example, to copy car keys. It is unacceptable that it is possible to buy tools that help car theft on major online shopping platforms.”
Presumably, such tools subject to the ban would include HackRF One and LimeSDR, which have become crucial for analyzing and testing the security of all kinds of electronic devices to find vulnerabilities before they’re exploited. None of the government officials identified any of these tools, but in an email, a representative of the Canadian government reiterated the use of the phrase “pursuing all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry.”
A humble hobbyist device
The push to ban any of these tools has been met with fierce criticism from hobbyists and security professionals. Their case has only been strengthened by Trudeau’s focus on Flipper Zero. This slim, lightweight device bearing the logo of an adorable dolphin acts as a Swiss Army knife for sending, receiving, and analyzing all kinds of wireless communications. It can interact with radio signals, including RFID, NFC, Bluetooth, Wi-Fi, or standard radio. People can use them to change the channels of a TV at a bar covertly, clone simple hotel key cards, read the RFID chip implanted in pets, open and close some garage doors, and, until Apple issued a patch, send iPhones into a never-ending DoS loop.
The price and ease of use make Flipper Zero ideal for beginners and hobbyists who want to understand how increasingly ubiquitous communications protocols such as NFC and Wi-Fi work. It bundles various open source hardware and software into a portable form factor that sells for an affordable price. Lost on the Canadian government, the device isn’t especially useful in stealing cars because it lacks the more advanced capabilities required to bypass anti-theft protections introduced in more than two decades.
One thing the Flipper Zero is exceedingly ill-equipped for is defeating modern antihack protections built into cars, smartcards, phones, and other electronic devices.
The most prevalent form of electronics-assisted car theft these days, for instance, uses what are known as signal amplification relay devices against keyless ignition and entry systems. This form of hack works by holding one device near a key fob and a second device near the vehicle the fob works with. In the most typical scenario, the fob is located on a shelf near a locked front door, and the car is several dozen feet away in a driveway. By placing one device near the front door and another one next to the car, the hack beams the radio signals necessary to unlock and start the device.
This attack requires a high-power transceiver that’s not capable with the Flipper Zero. These attacks are carried out using pricy off-the-shelf equipment and modifying it using a fair amount of expertise in radio frequency communications.
The Flipper Zero is also incapable of defeating keyless systems that rely on rolling codes, a protection that’s been in place since the 1990s that essentially transmits a different electronic key signal each time a key is pressed to lock or unlock a door. An attack technique known as a RollJam, known since at least 2015, can bypass rolling code systems, but it works using two radios and a larger processor and higher-powered radio than is available in the Flipper Zero.
“You can’t perform a rolljam attack with a single Flipper Zero, and you sure as hell can’t use a 64 MHz, 32-bit ARM processor to crack rolling codes,” Rob Stumpf, a journalist who covers the intersection of cars and cybersecurity. At most, he said, a Flipper Zero can perform limited attacks on select modern cars, mostly from Honda and Acura, that can unlock and start a vehicle. These sorts of attacks, however, require the thief to be within close proximity of the owner while actively unlocking the car.
Stumpf touched on a newer technique for stealing cars using what’s known as a CAN-injection attack. It uses a cable that patches into a vehicle’s CAN (controller area network), usually through the electronic control unit of a headlight. Criminals are already selling what they call “emergency start” devices that perform the attack. Some of them have been disguised as Bluetooth JBL speakers.
“The more common relay attacks used in vehicle thefts are from sophisticated purpose-built tools,” Stumpf said. “Those devices are the real threat—not some kid opening a Tesla charging port with their Flipper Zero.”
Yet another form of attack that is not possible with the Flipper Zero is homing in on laptops or other electronics stashed in the trunks of cars by searching for Bluetooth signals. In recent years, police departments around the world have said there has been an increase in criminals roaming parking lots using this technique to identify which cars to break into. The devices used are simple smartphones running apps available in the App Store and Play.
Alex Kulagin, COO of Flipper Devices, said in an interview that his company received no communication from the Canadian government ahead of Thursday’s statements.
“We’re quite frustrated,” he said. “Flipper is actually very underpowered to actually run any modern exploits for taking cars.” He said that defeating protections built into vehicles manufactured after 1990 “requires more hardware and software and quite a bit of social engineering, so we don’t see Flipper as the cause.”
It’s not the first time the hobbyist device has been portrayed as a tool for sophisticated crime. That impression is likely the result of a flood of videos on YouTube and TikTok showing the device used to empty ATMs and unlock cars. In reality, most of those videos were faked, likely by people attempting to drive sales to websites impersonating Flipper Zero vendors. Several months after the appearance of those videos, Amazon stopped selling the product, which it labeled as a “card skimming device.” (It’s still available here.)
Kulagin said that governments in jurisdictions other than Canada have been much more open-minded about the Flipper Zero. One such body was the New Jersey Cybersecurity & Communications Integration Cell, which contacted the device maker directly following the rash of misleading videos. After investigating, the agency in January 2023 said the Flipper Zero “can be used as a positive, legitimate, and convenient way for pentesters and curious minds to learn about, access, and dissect signals and protocols.”
While Kulagin criticized the Canadian government for exaggerating the capabilities of the Flipper Zero, he said it would be equally misguided for Trudeau to take action against more advanced tools, such as HackRF One and LimeSDR.
“These tools are more sophisticated, but it’s much more complicated to use them,” he said. “Still, you cannot do a one-button hack nowadays. In the long run, you just make pentesters’ lives harder, and the systems around you are not as secure as they could be. If you hack a bank account using your laptop and nothing else, should we ban all the laptops?”