PETALING JAYA: Hacking devices which can duplicate car keys, near field communication ( C) access cards, radio frequency identification (RFID) tags, and automatic gate or garage door remote controls and pose security risks should not be sold on public platforms without proper regulation.
Tech experts, while raising concerns about the device, said it should not be banned but instead, regulated by the Malaysian Communications and Multimedia Commission (MCMC).
Cybersecurity expert Fong Choong Fook said, like any other radio equipment, this device should not be sold without a licence, and its use should be regulated by the authorities.
ALSO READ: Security’s new pocket enemy
“I think it should not be sold online without a licence, so like any other radio equipment, it should be regulated by MCMC.
“Right now, I don’t think it’s being regulated; anyone can buy from online shopping websites. So whether it’s safe or not, it depends. If it is something that is used by hobbyists to analyse radio and clone RFID and all that, it should be regulated by MCMC,” he said.
Agreeing with Fong, cybersecurity specialist Chuah Kee Man explained that while the device serves as a learning tool for cybersecurity purposes, it should come under the regulatory purview of the authorities.
“Treat it as radio frequency equipment subject to approval by the authorities. This actually requires Sirim and MCMC compliance and self-labelling, so its transmit functions operate only within permitted bands.
“This mirrors how Malaysia regulates radios and IoT (internet of things) gear,” he said.
Chuah also said the government could make it compulsory for vendors to display the necessary labels of the device on advertisements.
“The government can mandate marketplaces to list the model’s approval status, show spectrum warnings and prohibit the sale of preloaded ‘attack configurations’. In short, focus enforcement on misuse and not possession,” said Chuah.
He also said the device serves as a hobbyist tool for learning and is useful to teach how wireless systems work.
“Of course, like many tools, it can be misused, but that misuse usually targets weak or legacy systems rather than exploiting something unique about the device.
Under the device’s current firmware, key fobs of cars below 20 years old cannot be copied, as newer car models use “rolling codes”, where new and single- use codes are generated in electronic key fobs for each transmission.
But, according to news reports, third-party firmware installed on the device can enable newer car key fobs to be copied.
