Because the alternative would be to make some annoying demands of the auto industry, of various police services, and of CP Rail and the ports.

That's a lot of political capital to spend (or burn) on a lot of different groups, and would likely anger a lot of bases of power and financial support, for some citizen benefits that won't really pay off in the short term.

By contrast, banning a scary foreign hacker device with existing vague pop culture presence is a far more effective way of seeming like you're doing something with the average voter while not causing issues with any important groups and not having to spend much time or money.

The efficacy for stopping car thefts is not really the goal.

Because they think it's easier to ban this device than to require auto manufacturers to produce secure locks. Also, people keep voting for them so they don't think they're doing anything wrong.

Adding a clock to a key, so the code is only valid for a few seconds + keyless entry respond only active if the key was moved in the last 30 seconds, would solve most of the problems. That's like $5 per key?

Any dollars more than none is too many for auto companies and for dealerships. Even subsidizing it would still require them to spend time on the problem and that's quite unacceptable.

That's assuming that the technical problem, testing, rollout, etc. wouldn't run into any issues.

That all said, not all thefts are the kind that the Flipper team are describing (/the kind that the government is falsely blaming on the Zero). Lots of them are a lot simpler than that, even before getting to the Kia/Hyundai mess.

Actually making the mass car theft problem better would require a more in depth approach across several boundaries, and that's a lot more effort than just banning this tool.

A clock + challenge response is likely one of only a couple solutions to this problem, but the challenge is the "valid time" would need to be on the order of nanoseconds, not seconds to beat the relay attack mentioned in the article.

This might be doable but the authentication path would need entirely separate and dedicated circuitry.

Or maybe a cryptographic stream that is like a cumulative handshake (incremental streamed challenge/response?) that can offset some of the processing delay.

Any solution would need to be faster than nanoseconds because that's how long it takes light to travel a meter or two.

AFAIK Apple's UWB CarKeys solved this. Tesla until recently used BLE which is more susceptible (read: works at greater distance) to relaying.

I think you are right. Without knowing more detail, the claims of the protocol seem very cool. They are doing more than just Time of Flight calculations.

Looks like they do channel impulse response analysis with really high data rates.

Very interesting stuff, thanks for sharing.

For a quick fix, how about:

1. Competent police agency reverse engineer how relaying hardware works and how can such devices can be detected IRL.

2. Police sell relay device themselves and catch thieves red handed.

I doubt they're actually flustered. It seems like they didn't even care enough to learn about what it is.

They just needed something to shove into the scapegoat-shaped hole, and Flipper Zero happened to fit.

Because it's easier that actually catching and punishing the thieves.