Flipper Zero has been under increasing scrutiny since Canadian officials last month claimed it was responsible for a rise in car theft in the country and proposed a ban on the popular (and inexpensive) penetration testing device.
This week, multitool developers issued a statement They claim they have been unfairly singled out as the hacker boogeyman behind Canada’s car theft problem. They also urge web users to: sign the petition We condemn the proposed flipper ban. “We believe proposals like this are detrimental to security and retard technological advancement,” it reads. “They are usually created by people who don’t really understand how security works and are doing nothing to solve the car theft problem.”
Last February, the Office of the Minister of Public Safety and Security of Canada said he would pursue “Any method that would ban devices used to steal vehicles by copying radio signals for remote keyless entry, such as Flipper Zero.” The statement came on the heels of a summit focused on “finding solutions to the growing problem of auto theft in Canada.” Canadian officials have claimed Flipper is one of the leading offenders in trainless theft cases in the country.
Meanwhile, Alex Kulagin, COO of Flipper Devices, claimed the device “cannot be used to hijack any vehicle.” Flipper’s developers note on their blog that there is a tool specifically built to break into keyless car systems (called a “signal repeater”), and that it can be purchased for free online. These tools intercept signals sent from a car key fob and relay them to the hacker’s device, allowing them to remotely enter and activate the vehicle. Conversely, Flipper doesn’t have the same kind of computing power as those devices and is a less practical choice of tool for such an endeavor, its developers argue.
The developers also doubled down on their previously made claims. In other words, government officials should be more interested in regulating the tech industry to make widely used software more secure rather than punishing those who poke holes in the industry’s defenses.
“Instead of banning cybersecurity tools that can find vulnerabilities in security systems, we should fix these vulnerabilities,” the statement said. “The cybersecurity industry has long recognized that rather than fixing insecure systems, bans will only create more problems by creating the false impression that appropriate action has been taken.”