Why Stealing A Car With Flipper Zero Is A Silly Idea

In another regular installment of politicians making ridiculous statements about technology, Canada’s Minister of Innovation, Science and Industry, [François-Philippe Champagne], suggested banning Flipper Zero and similar devices from sale in the country, while accusing them of being used for ‘stealing cars’ and similar. This didn’t sit right with [Peter Fairlie] who put together a comprehensive overview video of how car thieves really steal cars. Perhaps unsurprisingly, the main method is CAN bus injection, for which a Flipper Zero is actually a terribly clumsy device. Rather you’d use a custom piece of kit that automates the process.

You can also find these devices being sold all over the internet as so-called ‘Emergency Start’ devices for sale all over the internet, all of which use weaknesses in the car’s CAN bus network. The common problem appears to be that with these days even the lights on the car being part of the CAN network, an attacker can gain access for injection purposes. This way no key fob is needed, and the ignition system can be triggered with the usual safeties and lockouts being circumvented.

Ultimately, although the Flipper Zero is a rather cutesy toy, it doesn’t do anything that cannot be done cheaper and more effectively by anyone with a bit of CAN bus knowledge and a disregard for the law.

Thanks to [Stephen Walters] for the tip.

27 thoughts on “Why Stealing A Car With Flipper Zero Is A Silly Idea

    1. Too late. Mr. Champagne, last I heard, is trying to ban e.g. RTL-SDR and other software-defined radio tools, not just the Flipper Zero, and tools that can be used to capture and/or replay radio communications. It’s not just a careless shotgun approach at taking care of the (imaginary) problem, it’s a god damn artillery barrage.

      1. The fact is lawmakers in Canada are little more than monkeys in suits, and when they get scared the start screaming and flinging feces, and people are the ones who get hit. If you’re going to steal a car in Canada you don’t do it with a flipper, you kick in the door and pistol whip the owner until he gives you the keys, but no one in the government seems to think this is something they should concentrate on so they ban radios and the thefts continue unabated.

    2. Lots of products have great marketing names (e.g. HackRF, AirSPY), that are scary names for people who know nothing about them and have never used them. People with a deep theoretical and practical knowledge of technological devices are rarely are involved in creation of new (knee-jerk) laws.

    3. It’s a very capable tool wrapped in a toy’s skin, and “dickheads on tiktok opening tesla charge ports” is a long way from “marketing as a bad-boy hacker tool”.

      And it’s important to put the blame where it truly belongs – devices that claim to be secure but are so poorly implemented that they’re effectively opened by saying “open sesame” in the right accent.

      My friend had a car whose central locking literally used the same simple protocol as my doorbell. I could have reconfigured my $5 doorbell button to open it, almost trivially. And yet people think the issue is with the flipper.

          1. Remember how politicians work, try as hard as you can to look like you’re doing something while actually doing nothing, when the starting gun goes on run in place as fast as you can.

      1. Actually, I wonder, I saw the Tesla charge port ‘hacks’, Tesla’s do V2L don’t they?

        Could this enable the EV version of syphoning fuel or does V2L need some sort of further authorisation?

        1. Nope. The only thing it does is open the cover over the charge port, which isn’t there for anything other than aerodynamics and keeping crap out of the connector. If you don’t do the correct handshake/auth then the port is completely isolated from the battery.

  1. Flipper is a fun carry tool, but I love the Yardstick One more. Especially from a capability perspective it is better/easier. I learned so much about rolling code rx and decoding, but a fun and easy to do thing with the YS1, is to rapidly increment the rolling code, build the rf packet, send it and repeat until stopped.

    Basically a seeded bruteforce. Doable but hard with good C knowledge and good knowledge of the flipper fw, pretty easy to do with the YS1.

  2. Just another example of paternalistic (parental) leadership of Canada’s Liberal Party. They know best what is good for everyone. And if you don’t agree, they will legislate the matter and you will learn to like it … eventually. Politics is such that the truth doesn’t matter, just that your position is accepted as truth. By banning “something” the gov’t of the day appears to be acting on the matter, even if it is a placebo.

    1. This aint specifically a left/right/liberal/libertarian issue.

      They’ll all rule you that way bcause it suits them, they’ll all play the smoke and mirrors tricks on you to make you think it’s in your best interest to ban those books, remove your right to protest, give billionaires tax breaks on the purchase of a private jet and yacht etc. etc.

      The very fact that you believe it’s a liberal issue should tell you that it works.

        1. Too bad the opposition leader Poilievre is behaving like a 14-year-old making schoolyard taunts. He’s not a stupid person, but if he behaved like a grownup he might be useful for something.

    2. This ban is just to show that the gov’t is doing something NOW; to take some heat off itself for jurisdictional issues between local cops, RCMP, and CBSA. And, the fact that it can’t realistically scan even half of the outbound sea cans.

      The real problem is that the auto mfrs are shipping shit security; whether vulnerable rolling code schemes or allowing easy access to an unsecured CAN bus (on OBD2 or near headlights). This should be a recall issue but that won’t happen due to massive costs to mfrs.

      Hopefully, the new working assumption will be that all CAN networks (and interior space) are insecure and there must be a crypto-channel from key FOB/BT to starter.

  3. Not mentioned in the article, but in order to start a car, the flipper need access to the key so it can so it can read the crypto key and serial number from the key via rfid. I mean if you have the key you don’t really need the flipper, do you? I guess you could steal rental cars after returning them.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.