this post was submitted on 10 Feb 2024
750 points (99.1% liked)
Technology
59647 readers
4230 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is about more than just cars. Anything that uses RFID, NFC, etc, such as an employee badge or even contactless credit/debit card payments, are vulnerable to such an attack.
Jason Thor Hall (ex-Blizzard employee) explains how such things can be used in social engineering attacks. A Proxmark is a similar device to the Flipper Zero.
Regardless of whether it's open source hardware/technology, should we be authorising sales of such prebuilt devices for $170 which can allow the average Joe to break into an office or steal a car?
Yes we should allow them, because the problem isn't that this tool is available. The problem is that cars and other devices aren't more secure.
If you broke into a bank vault with a screwdriver, you don't ban screwdrivers; you get mad at the bank.
did you read the article? the flipper can essentially "break into" next-to no cars produced after 1990
Should 'we' be 'authorizing sales' is an interesting choice of words imo also, nothing negative just saying it made me question who the "we" part really is, and if something being sold has thus been authorized by some all powerful body
I'd argue that these devices are so cheap and so capable that it exposes the poor security that is rampant everywhere. Banning them wont stop similar devices from being made and used criminally. Instead this should be a wake up call to everyone about which forms of communication or authentication are largely ineffective.
Here is an alternative Piped link(s):
Jason Thor Hall (ex-Blizzard employee) explains how such things can be used in social engineering attacks.
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.