Bottom line: The popularity of the Flipper Zero has Canadian officials on edge. While the tool’s capabilities do raise concerns, the knee-jerk prohibition highlights the tricky balance between empowering white-hat hackers and preventing malicious misuse of technology.
Canada is on the path to prohibiting the sale and use of the Flipper Zero, a popular hacking tool used by tech enthusiasts. The ban was announced last Thursday by Canada’s Minister of Innovation, Science and Industry, François-Philippe Champagne, who stated that the action is in response to rising car thefts.
“Criminals have been using sophisticated tools to steal cars. And Canadians are rightfully worried. Today, I announced we are banning the importation, sale and use of consumer hacking devices, like flippers, used to commit these crimes,” he tweeted.
It’s understandable why the Canadian government is concerned about the spike in auto thefts. Around 90,000 vehicles are reported stolen annually in the country, costing approximately $1 billion a year when factoring in insurance claims and replacement costs. That equates to about one car being taken every six minutes.
The $169 Flipper Zero is essentially a penetration-testing device (when used virtuously) that can scan for vulnerabilities in wireless networks, RFID/NFC devices, and infrared devices. But the real fun lies in its various radio frequency hacking capabilities. YouTube is filled with videos of users deploying the device to disrupt smart home gadgets, traffic lights, gates, department store announcements, and even gas station signs. There have even been cases of iPhones being overwhelmed with rogue pop-up messages after interfacing with a modified Flipper – although that vulnerability was thankfully patched by Apple in December.
However, many experts agree that the Flipper Zero itself does not pose a real threat when it comes to stealing today’s cars. Most vehicles now use rolling codes rather than fixed codes for keyless entry. This means the code from a key fob can only be used once, rendering captured codes useless. A thief would have to simultaneously jam the key fob signal while recording the code with a Flipper, a difficult feat.
But the device does raise some real concerns. The Flipper Zero packs a lot of power into a small, innocuous package. It could be used by a knowledgeable user to wreak havoc on insecure smart home systems and connected devices.
Some argue this is a good thing as it exposes weaknesses in products so they can be improved. If a relatively inexpensive toy can hack a device, that’s a sign it needs better security.
Regardless of the pros and cons, the writing has been on the wall for the Flipper Zero for a while now. Early last year, Amazon banned the device from its platform, instructing sellers to remove or delete any listings associated with it. The Flipper Zero has also drawn increasing scrutiny from law enforcement in multiple countries. Devices have been seized in the US and Brazil – the latter actually has an effective ban in place.
A US ban seemed unlikely before, but with Canada moving ahead, some kind of regulation may indeed happen.