General > General Technical Chat

Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW,

<< < (3/4) > >>

jm_araujo:
I've seen the video of the hacking of the KIAs and Hyundais.
It has nothing to do with USB ports in the car. You have to disassemble the steering column and take apart the lock, and the hole where the lock turns the eletrical switch is an exact match in size with an USB type A plug. A screwdriver can also be used, but it doesn't make the headlines as juicy.

What I didn't knew was that cars are still beeing sold without immobilizers! Is that an USA thing?

Benta:

--- Quote from: jm_araujo on January 11, 2023, 05:43:09 pm ---What I didn't knew was that cars are still beeing sold without immobilizers! Is that an USA thing?

--- End quote ---
I wondered about that myself.

Halcyon:

--- Quote from: Benta on January 09, 2023, 09:06:48 pm ---If you read carefully, it's all about gaining access to the company network, not the car itself.
The "hacks" for open/close/start etc. apply to idiot car buyers who think it's cool to start the car using the smartphone. Again, the company network.

Yawn.

--- End quote ---

That being said, it can be used to get live location information about a vehicle (depending on make/model). Ive been involved in this kind of thing in my previous job and I can tell you 100% that via certain manufacturers, law enforcement (and others) can gain access to vehicle location, regardless whether or not the end-user subscribes to any kind of package or service. I know at least one manufacturer won't reveal that they can do this publicly (and most of their dealers don't know), but I have seen and used that data personally myself.

If law enforcement and security agencies can access it, so too can people who exploit poorly written or vulnerable APIs.

Benta:

--- Quote from: Halcyon on January 11, 2023, 10:57:49 pm ---
--- Quote from: Benta on January 09, 2023, 09:06:48 pm ---If you read carefully, it's all about gaining access to the company network, not the car itself.
The "hacks" for open/close/start etc. apply to idiot car buyers who think it's cool to start the car using the smartphone. Again, the company network.

Yawn.

--- End quote ---

That being said, it can be used to get live location information about a vehicle (depending on make/model). Ive been involved in this kind of thing in my previous job and I can tell you 100% that via certain manufacturers, law enforcement (and others) can gain access to vehicle location, regardless whether or not the end-user subscribes to any kind of package or service. I know at least one manufacturer won't reveal that they can do this publicly (and most of their dealers don't know), but I have seen and used that data personally myself.

If law enforcement and security agencies can access it, so too can people who exploit poorly written or vulnerable APIs.

--- End quote ---
Too true, but still doesn't merit the "sensational" OP video. We're still talking Nav/Infotainment info, not crucial car safety system.

But this is why I love my '97 MX-5/Miata: it's all car, zero smartphone :)

Stray Electron:

--- Quote from: DimitriP on January 09, 2023, 06:38:30 pm ---Which will be te first country to add software security testing to their vehicle roadworthiness tests?

--- End quote ---

  None!  It will be left up the consumers to figure out which vehicles are safe and reliable to drive and which ones aren't. But by the time that consumers learn that, the manufacturers will be building new models with new bugs.   Just like the car market today and today's software market.  Tesla and Windows both come to mind.

   Governments, as usual, will be 15 to 20 years behind.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod