[HN Gopher] Remotely unlock/start/locate/flash/honk any remotely...
___________________________________________________________________
Remotely unlock/start/locate/flash/honk any remotely connected
Honda/Nissan
Author : zdw
Score : 315 points
Date : 2022-12-02 14:48 UTC (8 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| gottebp wrote:
| The automotive firmware industry has had a strong preference
| historically for stable, old dependencies. With the advent of
| connected firmware, arises a strong force pushing in the other
| direction -- towards frequent updates, built from latest and
| greatest dependencies. How they balance verification and
| validation for safety purposes with frequent and more volatile
| updates, will be interesting to watch.
| bri3d wrote:
| The linked vulnerabilities don't even have anything to do with
| firmware (although it is certainly littered with issues too),
| but rather just basic web/application security issues on the
| "cloud" side of "cloud" services.
|
| This is less of a directional shift IMO as the classic
| "hardware companies are bad at software" issue. There's no
| unsolved or novel problem in this SiriusXM vulnerability (or
| one from the same researcher in Hyundai/Genesis systems where
| they compared a JWT subject with a subject passed in the
| request, but stripped whitespace). There's no update-frequency
| or validation issue. It's just basic web application security
| getting neglected.
| AlexandrB wrote:
| I wish they gave customers an off switch for remote access so
| at least older cars aren't rolling honeypots for hackers.
| kevin_thibedeau wrote:
| That would take away the government's ability to track
| vehicles. They look the other way on consumer protection and
| the manufacturers get to coerce you into subscription
| services. Win win right?
| vorpalhex wrote:
| Supposedly removing the sharkfin whokesale will do it, at the
| cost of also losing fm radio.
| Arrath wrote:
| How available are full vehicle wiring diagrams these days?
| Not any good for radios built into computers like the
| bluetooth antenna in the head unit, but it might be nice to
| snip the wires to the sharkfin or other remote comm modules
| without having to tear at body work or computer modules.
| AlotOfReading wrote:
| The sharkfin is usually only for external comms. There's
| still other comms on separate antennas like Bluetooth that
| can be potential entry points to the vehicle.
|
| Worse, even the external comms systems are moving to more
| redundant setups to mitigate signal loss scenarios.
| vorpalhex wrote:
| I'll have to dig up the post but a gentleman with a
| relatively new Subaru was kind enough to share his
| explorations and found significant logic parts integrated
| into the sharkfin, not just the antenna bundle. Likely a
| cost measure.
|
| How well does this extend to other vehicles? No clue.
| AlotOfReading wrote:
| All of that comms stuff has its own logic associated with
| it that usually lives up there in my experience. In the
| past, manufacturers have tried to avoid putting much
| stuff above the headliner beyond roof windows and
| speakers. It's hot, narrow, and vibrates a lot
| (especially in the center). Frankly, the antennas are
| only up there because antenna placement is very expensive
| magic that doesn't deign to obey the whims of mere
| "designers".
|
| Things are changing though. Autonomous vehicles need
| large numbers of sensors up there anyways and you can't
| keep shoving everything under the cabin.
| [deleted]
| magicalhippo wrote:
| Awesome, maybe this can work better than the provided app for my
| Leaf. The car never responds to remote commands to start the
| heater etc, no matter what the app says.
| cgb223 wrote:
| Am I correct in understanding that Nissan was using vehicle VINs
| as customer IDs and that's why this worked?
|
| Or is he saying in addition to customer IDs that the auth API
| also accepted VINs?
| brk wrote:
| This is super interesting, but why are people posting this kind
| of thing to tweet streams? Twitter is just absolute shit for
| trying to document this kind of research, IMO.
| Encrust6221 wrote:
| My sole motivation for wanting twitter to die is that this
| format dies with it.
| IshKebab wrote:
| I hadn't thought about that but you're right that would be
| amazing.
| Spivak wrote:
| Eh I've already seen people posting links to Mastadon
| instances with the same format. Unless "Twitter style social"
| dies the format will live on.
| hamburglar wrote:
| I think the difference is that Mastodon doesn't make the
| format one of their defining characteristics. And maybe
| eventually everyone will eventually see that a longer
| format post is an option, and that it makes sense for
| certain content. And Automattic will register
| macrotweets.com and make it a redirect to wordpress and
| everything will go full circle.
| netsharc wrote:
| Fully agree.. 9/10 for the research, but 1/10 for the lazy
| presentation. People are saying "It's easier to go viral", oh
| please, is everyone that pathetic, chasing after their 5
| minutes of Internet fame?
| dfee wrote:
| Obviously the reach is better and that's what they've optimized
| for.
| layer8 wrote:
| They could tweet with a link to a blog post for the details.
| I guess some followers would still be too lazy to follow the
| link, but that's not a valid argument anymore IMO.
| jeffbee wrote:
| There are so many reasons to do it this way. You reach a huge
| audience. You don't have to how your own assets. If your post
| is popular, it won't get DDoSed off the air. Search engines
| will index it immediately. Etc. People get many benefits from
| posting this way.
| gist wrote:
| > You reach a huge audience.
|
| You would reach the same huge audience by putting in a
| summary and link to a website with the detailed info.
|
| > If your post is popular, it won't get DDoSed off the air
|
| So someone who is capable enough (or a team) to pull off and
| uncover this exploit can't be troubled to run a website
| (server whatever) that can handle ddos or traffic?
| dnadler wrote:
| > can't be troubled to run a website
|
| Yes, that's right. They have more important things to do
| than worry about hosting a website. They rightly use third
| party applications to disseminate information.
| gist wrote:
| More important things? You mean getting more publicity
| and attention for their efforts as well as praise for
| what they discovered?
|
| Separate point do people really 'worry' about hosting a
| website where all it has to do is display static
| information?
| dnadler wrote:
| I'll just address your last point, which I think is
| actually fairly important to think about. It's easy to
| assume that other people have the same knowledge/skillset
| as you do, or to think that things that are trivial for
| you are similarly easy for others.
|
| This is simply not the case, and it's important to try to
| put yourself in others shoes. (As an aside - this is what
| I think leads to the best products.)
|
| I've met _many_ programmers who are absolutely brilliant
| in their field who do not know, nor care to learn, how to
| stand up even the most simple website.
|
| Is twitter the _best_ place for long form articles?
| Probably not. But as the original commenter pointed out,
| there are many benefits to it as well.
| layer8 wrote:
| They could use GitHub Pages or whatever. There are enough
| ways that don't require much additional effort.
| dnadler wrote:
| Yeah, I don't personally think twitter is the best place
| either, but it's unambiguously easier to type a few
| sentances and click "post" than it is to make a webpage
| of any kind.
| Osiris wrote:
| medium.com works fine for blogs like this.
| fckgw wrote:
| It says right in the tweet thread that will publish their full
| findings soon. Twitter is a great way to get a summary out to a
| large audience quickly.
| tomp wrote:
| Where would you post it?
|
| At least Twitter threads have no ads, in contrast to Reddit,
| Medium etc.
| dpkirchner wrote:
| One downside to using Twitter is it's not possible to know if
| the posts are authentic. Other platforms have similar
| problems but ideally this content would be posted on user's
| (and governments and so on) own sites and then linked to from
| sites like Twitter.
| Osiris wrote:
| I was hoping that the first tweet would link to a blog with all
| the details. Oh well.
| gigel82 wrote:
| I have a Nissan Leaf and it always bothered me there was no
| software way to fully disable telematics.
|
| I looked into how to disable the hardware but it's a very
| involved procedure and the car is leased so I dropped it, but
| maybe I need to revisit.
| bombcar wrote:
| If you can find the radio antenna you may be able to wrap it in
| enough foil and lead to stop transmission.
| ynniv wrote:
| https://www.wikihow.com/Deactivate-OnStar
| mdorazio wrote:
| It's typically in the shark fin above the rear windshield,
| which is not easy or convenient to RF isolate.
| mikestew wrote:
| Your Leaf is too new. We've got an OG Leaf (2011) that had the
| old GPRS radio. When AT&T dropped that, Nissan generously
| offered a more modern cell radio for something like $300. Or
| they would take out the radio for free. Given the utter
| uselessness of Nissan's "remote" platform[0], guess which
| option we went for?
|
| But it's right behind the glove box, and unless the design has
| changed (it _has_ been eleven years), a couple of screws should
| get you in the neighborhood of the antenna.
|
| [0] Seriously, what a slow-ass piece of shit. It was literally
| faster to walk out to the garage and turn the heat on than it
| was to do it through the app. And that assumes that Nissan's
| server could see its way clear to turn the heat on at all,
| which it frequently didn't.
| anotheracctfo wrote:
| A couple weeks ago my block was hit by thieves who got remote
| entry into a bunch of Toyotas and Hondas. I wonder if that's how
| they did it.
| neoncontrails wrote:
| I simply can't take a Twitter account with a blue checkmark
| seriously anymore.
| cmckn wrote:
| As if I needed one more reason to hate SiriusXM.
| kbrackbill wrote:
| Is it possible to buy a new car these days without the
| remote/cell connection stuff? Or if not, can it be disabled? My
| car is 15 years old so I haven't had to think about it yet, but
| I'm worried about what I'll do when it finally gives up. Maybe
| just buy another older used one or something.
|
| Alternatively, are there any killer features that make having an
| always connected car desirable? I understand why car
| manufacturers would want it for telemetry and updates and such
| but I'm not sure what the value is for me.
| dangrossman wrote:
| I use an app to turn on climate control in my car a few minutes
| before I'm ready to leave, so it's already warmed up in winter,
| or cooled down in summer, by the time I get in. My last few
| cars have been electric, so this doesn't involve starting up a
| noisy engine, and can safely be done if the car's parked in a
| garage too.
| dmlekrng093 wrote:
| mjh2539 wrote:
| It makes it a lot harder to have it stolen. Or rather, in light
| of the OP, it makes it a lot harder to have it stolen and not
| be able to find it.
| vlucas wrote:
| They can't start my car if it's a manual! :)
| burnt_toast wrote:
| Lol, manuals can be equipped with remote start too. Hopefully
| it wasn't left in gear.
| jaywcarman wrote:
| I was intrigued by this statement and did some searching.
| Sure enough it does exist:
| https://www.compustar.com/blog/can-you-remote-start-a-
| manual...
|
| > This is accomplished via clutch bypass, reservation mode,
| and built-in safety features.
|
| I still would never want it... but it's an interesting
| system.
| itslennysfault wrote:
| I had a manual Acura Integra when I was younger and I
| installed a remote start on it because shops refused to
| (because it's dangerous af).
|
| Anyways, the clutch pedal simply presses a little button
| when it is all the way up. All I had to do is bridge the
| two wires going into that button and it would start without
| the clutch pressed.
|
| Amazingly I only ever tried to remote start it while in
| gear once. It retries 3 times so it jumped forward 3 times.
| About a foot each time, but didn't hit anything thankfully.
|
| I always wanted to add a sensor to the shifter so it'd only
| bypass the clutch sensor when in neutral, but I never got
| around to doing it.
| ClarityJones wrote:
| When someone is believed to have "committed suicide" or
| "accidentally" left their car running in the garage, is it
| routine for investigators to audit the manufacturer's remote-
| start logs? Do those logs even exist?
| TylerE wrote:
| It's actually more or less impossible with modern cars.
|
| Hell, in a lot of cities what comes out of the tailpipe is
| cleaner than what goes in the intake.
| bombcar wrote:
| Cleaner on noxious chemicals but not on carbon dioxide which
| is what gets humans.
|
| I'm kind of surprised garage doors don't have co2 monitors
| built in but I suppose it could be used as a security bypass.
| FateOfNations wrote:
| Carbon Monoxide alarms are being required in more and more
| places, though typically only enforced in situations where
| you are getting a building inspection (new construction,
| extensive remodels, etc.) or where it's a rental property.
|
| You can pick one up at the hardware/big box store.
| bombcar wrote:
| I'm thinking more of something that causes the garage
| opener to open if it detects a running car in the garage
| or CO2 limits approaching unhealthy.
|
| I do have a very nice CO alarm that I keep in the kitchen
| (portable pilot very sensitive one from CO Experts).
| snotrockets wrote:
| [citation needed]
|
| But until you find one, let's do some math:
|
| Let's only look at CO2 and disregard the even nastier NO
| gasses emitted by a gasoline engine. EPA data suggests a car
| produces 2,345 grams CO2 for every liter gas. And a modern,
| but without shut-at-stop, idling car burns about 0.75 l/hour.
|
| So 1758 g/hour CO2 for an idling car in your garage, which is
| roughly 63 m^3, and CO2 is 44.01 g/mol, so after an hour
| idling in a closed garage, you'd have 14,440 PPM CO2. That is
| enough to cause drowsiness in most, and some illness in
| sensitive populations. The OHSA standard for allowed exposure
| is 5,000ppm averaged over 8-hour workday.
| dmlekrng093 wrote:
| .. and assumes an airtight garage.
| mschuster91 wrote:
| You can still die from carbon dioxide exposure/oxygen
| inefficiency. It will just take longer, now that carbon
| monoxide emissions are down because of catalytic converters
| eliminating a lot of them. And yet, a lot of people still die
| or get seriously injured, particularly because their
| "keyless" crap acts up [1].
|
| [1] https://www.nytimes.com/2018/05/13/business/deadly-
| convenien...
| philsnow wrote:
| I agree that carbon dioxide exposure is dangerous, but it
| is probably less dangerous because (TIL) there's a specific
| brain mechanism that wakes you up when your blood has
| elevated CO2[0].
|
| On the other hand, carbon monoxide poisoning will only wake
| you up if its symptoms (among which headache,
| nausea/vomiting, elevated heart rate, and cardiac arrest
| seem likely) do so.
|
| [0] https://medicine.uiowa.edu/content/specific-neurons-
| trigger-...
| cortesoft wrote:
| Are you suggesting you could kill someone by remotely starting
| their car? Is the person sleeping in their car in the garage?
| exhilaration wrote:
| My garage is right below my kids' room so leaving the car on
| would definitely be dangerous. Most remote starters
| automatically turn after 10 minutes so I'd like to think that
| mitigates that particular threat. Also we have carbon
| monoxide detectors in every room (after one of my neighbors'
| HVAC exhaust got blocked by snow after a particularly bad
| storm).
| ClarityJones wrote:
| I don't personally know whether it's possible, but the NYT
| has reported that every year a couple of people die from
| leaving a running car in the garage:
|
| https://www.nytimes.com/2018/05/13/business/deadly-
| convenien...
|
| If it is possible to do accidentally, then it's also possible
| to do on purpose.
|
| With that said, I would expect more 28 false positives 12
| years. Those very low numbers may indicate that - contrary to
| their reporting - it is not actually possible (barring weird
| circumstances).
| Neil44 wrote:
| It's a thing - more accidents these days with hybrid and
| keyless, so if you get distracted it's not immediately
| obvious that you've left the car on and the engine might kick
| in randomly later.
|
| https://www.nytimes.com/2018/05/13/business/deadly-
| convenien...
| sc00ty wrote:
| https://threadreaderapp.com/thread/1597792097175674880.html
| sawyna wrote:
| I think this must have been buried in years old docs and layers
| of design that nobody understands what's going on under the hood.
|
| I wouldn't blame either parties, I suppose the process can be
| improved but it's very subjective. There'll be a new missing
| piece tomorrow and you'll have to "improve" the process again.
|
| I think this is simply a side effect of fast moving software
| design. Things will settle down in a couple of decades when the
| AI lord takes over.
| stainablesteel wrote:
| i just want a car that doesn't need firmware updates
| ffgh wrote:
| When something like this happens, is the development team to
| blame? Or maybe even the QA team? Wouldn't it be customary to
| test for things like this
| ilyt wrote:
| Manufacturers for even allowing that to exist (why the fuck
| telemetry app made by company _making radio channels_ would
| have permissions to unlock the car in the first place) and
| company for woeful errors in security and data protection.
| zuppy wrote:
| most probably, because of CAN bus, which is the system that
| most of the cars use to connect their systems.
|
| https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7219335/
|
| how CAN bus works:
| https://payatu.com/blog/kartheek.lade/automotive-security-
| pa...
|
| i'm aware that on this case there was something even dumber,
| an unsecured api endpoint, but as far as i know, if you've
| managed to reach the system you can do anything with any
| other connected device. there should not be a way to be able
| to do whatever you want just because you have access to the
| network.
| nicholasjarnold wrote:
| I recall reading that some cars are now using TCP/IP for
| connecting some of their systems. A _super_ quick search on
| this topic yields some results speaking to this [0].
|
| [0] - https://www.techrepublic.com/resource-
| library/whitepapers/tc...
| jaywalk wrote:
| SiriusXM is a company that does a lot more than just "making
| radio channels." This is an egregious security issue, but SXM
| offering the service makes sense. They also offer an aviation
| weather service.
| joezydeco wrote:
| I've worked on software for SXM receivers.
|
| When you look at the physical layer it's just a 1.5 mbit
| data stream carrying whatever you want, pointed at most of
| North America. Over time some of that bandwidth was carved
| out for data services at the expense of audio quality.
| snotrockets wrote:
| Because that "radio channels" company already have expensive
| infrastructure in place to transmit to cars in most of North
| America, and an established relationships with car
| manufacturers, and thus are already integrated into their
| supply chain.
|
| iow, it's not a "radio channels" company.
| totally wrote:
| What good is blame?
| ilyt wrote:
| "We must take security seriously or we got sued out of
| existence" is good motivator for management.
| CoastalCoder wrote:
| I'd say it depends on how far out you're willing to zoom.
|
| For example, legislators and regulators allowed this kind of
| laxity to be commercially advantageous.
|
| Voters allowed legislators and regulators to ignore the issue.
|
| To some extent, parents failed to instill in their children the
| civic virtue of voting wisely.
|
| Etc.
| ElijahLynn wrote:
| Title is misleading. The vulnerability was patched after they
| reported it. One cannot use this vulnerability today.
| toast0 wrote:
| My vehicle is safe, thanks to Ford. Telematics goes over
| terrestrial phone networks, and when 2g shutdown months after the
| car was made, they replaced the modem with a 3g modem that was
| alreadt obsolete and now that 3g is shutdown, there's no more
| internet access to the car. Thanks Ford!
| webmobdev wrote:
| Your comment is insightful and made me realise something I was
| quite unaware of in India - that allowing your automobile to
| track, collect and share data has become so mainstreamed in the
| US / west that it is considered "normal"! I guess I shouldn't
| be surprised - most people are unaware that Ford (and some
| others) collect a lot of personal data when you take your car
| to the service centre (for e.g. they download your contact list
| and call logs from your car when they run the diagnostic
| software)
|
| More info here - _Data could be what Ford sells next as it
| looks for new revenue_ -
| https://www.freep.com/story/money/cars/2018/11/13/ford-motor...
| and _Ford Eyes Use of Customers' Personal Data to Boost
| Profits_ - https://threatpost.com/ford-eyes-use-of-customers-
| personal-d... ).
| philsnow wrote:
| > they download your contact list and call logs from your car
| when they run the diagnostic software
|
| I'm inclined to believe you because I don't give cars access
| to my contacts and in general treat in-car software as
| already-compromised (I see the car manufacturer as more of an
| adversary than a partner), but do you have a source for this
| claim?
| webmobdev wrote:
| I remember reading about this a long time ago (5+ years ago
| I think) - it was Ford doing this and it did cause some
| mild outrage in the internet. Unfortunately I cannot find
| that particular article - Google has become shitty for
| finding old stuffs and possibly Ford PR has scrubbed the
| internet so that the public can't find it easily (a common
| practice in the evolving online marketing industry). I've
| added two sources to my earlier comment that disclose the
| gist of what I have claimed.
| philsnow wrote:
| > Google has become shitty for finding old stuffs
|
| yes, but in their defense, the Internet has become (or
| has always been) shitty at keeping old stuffs around, so
| even if Google indexed it the link would be dead or empty
| by the time you go to look at it. Google used to surface
| links to their cached copy that they used for indexing
| more prominently but I hardly ever see them anymore.
| reaperducer wrote:
| _I don 't give cars access to my contacts_
|
| It seems that many people are less smart than you are.
|
| Every rental car I've driven in the last six or seven years
| has had some previous renter's entire contact list synced
| to the info-tainment system.
|
| People are just too used to pressing "yes" buttons to get
| on with their lives.
| Arrath wrote:
| We're finally seeing things like guest or hotel login
| modes for smart tvs/netflix/hulu etc where it wipes your
| credentials every time you turn the tv off. I wonder why
| phones don't have a "Connecting to rental" kind of option
| in their bluetooth configs. Like you I see rental cars
| with all kinds of crap in the pairing history.
| hunter2_ wrote:
| Or car infotainment systems with rental mode would be
| awesome. Like if every time you pair a phone, the car
| asks if you want it paired indefinitely, or for N days.
| User sets N based on rental duration, and the car wipes
| the data after that.
|
| Granted, it's much better for the phone to not send
| contacts to a rental car at all, but either solution
| would be a significant improvement.
| nradov wrote:
| Ford does sell 4G cellular hardware updates for certain
| vehicles. One of my relatives bought one for her Fusion sedan.
| toast0 wrote:
| Yeah, There's an upgrade available, but it costs money (even
| when they were offering to pay the labor for some people),
| and the functionality isn't worth it for me, especially once
| they changed the power tradeoff and the car doesn't get the
| messages in a reasonable amount of time. It's nice that it
| doesn't kill the battery, and I understand the tradeoff, but
| if I don't know how many hours it will take for internet
| based remote unlocking to get to the car, it's not useful.
| js2 wrote:
| My 2016 Mazda was never connected in the first place, but I've
| left my wife's 2017 Volt connected because I do actually find
| the monthly OnStar report that's emailed to me to be useful. I
| also like notifications of low-tire pressure, engine-oil life,
| etc.
| shortstuffsushi wrote:
| For something like low tire pressure, won't a monthly report
| be too late?
| saghm wrote:
| It sounds like the monthly report and the notifications for
| tire pressure and the like are separate things
| Symbiote wrote:
| Can't this just be shown on the dashboard?
|
| I had a similar warning come up on a hire car last month.
| crooked-v wrote:
| I have a 2012 Mini with no connectivity at all that has
| tire pressure warnings.
| Eleison23 wrote:
| Soon the car will just purchase its own new tires, or
| drive itself around town in search of a working air pump.
| tremon wrote:
| Or it will just auto-dial the nearest tow service and
| leave the bill to you.
| ipaddr wrote:
| Low gas should come in a monthly report you can pickup it
| up on your way walking your empty car home. Or a door is
| open report that you can receive as you lay on the side
| of the road.
| js2 wrote:
| Unless a tire is punctured, it only loses air slowly over
| time, but not enough you'd really notice looking at them,
| but still enough that it's bad for tire wear. It's a nice
| reminder to me I need to add air to the tires.
|
| The car's dashboard display also shows the tire pressures,
| but:
|
| a) My wife, for whatever reason, seems blind to anything
| the car shows her on the dashboard. :-(
|
| b) She'd have to put the dashboard to the screen which
| shows tire pressure. The TPMS doesn't alert till pressure
| is quite low. They are supposed to be 36 PSI. The TPMS
| won't alert till they are below 25 PSI or some such.
| shortstuffsushi wrote:
| I have also had your experience, but my resolution was
| just to swap cars for a day every couple weeks. The
| threshold on her car was higher though, I believe 29
| (same ~35-36 normal range), so if they dropped she'd at
| least be alerted sooner if I didn't see it.
| reaperducer wrote:
| _I also like notifications of low-tire pressure, engine-oil
| life, etc._
|
| Both things that have been done with non-connected cars for
| decades.
| jreese wrote:
| Sometimes the person driving the car does not (want to?)
| pay attention or has "ceded responsibility" for car
| maintenance, and it's nice to get these reports without
| needing to periodically remember to check the car manually.
| js2 wrote:
| Though my wife and I just celebrated 26 years of marriage
| and have open lines of communication, her telling me
| anything about the car she's driving is very hit or miss.
| So the monthly email is helpful. :-)
| all2 wrote:
| Hardware
|
| - VoCore Lite
|
| - USB to ODB2 cable
|
| - Murata 1" x 1" DC-DC converter
|
| Software
|
| - Your choice of Linux flavor
|
| - FreeDiag, looks like it is still under active
| development: https://github.com /fenugrec/freediag/
|
| - Your own glue code to consume data, munge, and send
| updates.
|
| I think I might do this. :D
| insane_dreamer wrote:
| Congratulations. You might be one of the few to survive the
| Cylon attack.
| colechristensen wrote:
| I love my 09 Jetta being one of the last years available
| without all of this nonsense.
| vardump wrote:
| The Cylons will probably start their attack with some fake 2G
| cell towers, taking over all of the old IoT stuff.
| munk-a wrote:
| I'm not certain - assuming their goals are consistent with
| other depictions they'll probably come armed with pre-
| wireless technology spoofing devices and a serial or
| parallel port so they can actually interact with and take
| over missile control systems.
|
| Some day we might find an uneasy peace with the machines
| when we desperately admit we need their advanced
| technological capabilities to bridge PS/2 to USB-c so we
| can keep using our clicky IBM Model-M keyboards.
| doctor_eval wrote:
| They'll probably need to start with a blue box to get
| remote access, and then we can blame everything on Steve.
| Litost wrote:
| Does this explain the plot to Independence Day ;)?
| Gordonjcp wrote:
| Minor nitpick - 2G hasn't shut down, and the way things are it
| probably never will.
| reaperducer wrote:
| _Minor nitpick - 2G hasn 't shut down, and the way things are
| it probably never will._
|
| AT&T's 2G network shut down January 1, 2017.
|
| The old Sprint 2G network shut down at the end of May.
|
| T-Mobile's 2G GSM and Verizon's 2G network shut down at the
| end of this month.
| Gordonjcp wrote:
| What do they use for 2G M2M links?
| toast0 wrote:
| I think it is in the US? At least carriers wouldn't let my 2G
| devices online anymore.
| zootboy wrote:
| In a large number of places, it's either already shut down or
| will be shut down soon:
|
| https://en.wikipedia.org/wiki/2G#Past_2G_networks
| skorpeon87 wrote:
| How do these cell systems respond to the network no longer
| existing? Do they continue trying to ping towers that no longer
| exist? Do they give up eventually and turn themselves off
| forever?
| dangrossman wrote:
| When the 2G networks were sunset, Nissan offered a voluntary
| service campaign for some of their cars with 2G modems:
| either pay $200 to get a replacement telematics unit with a
| 3G modem, or they'll disable the 2G modem for free so it
| doesn't drain your battery trying to connect to a non-
| existent network 24/7.
| mikestew wrote:
| But did Nissan disable the "we're collecting data and
| sending it off to the homeland: OK/Cancel" startup screen?
| No. So now every time I drive the thing, I have to push a
| button that does nothing so that I can see the screen.
|
| One of but many little duck bites that has us firmly in the
| "never buy another Nissan" camp.
| hunter2_ wrote:
| On Volkswagens, nag screens like that (and "menu disabled
| while vehicle is in motion" lockouts, and a million other
| things) can be tweaked with cheap dongles that let you
| change settings using your phone or laptop. Maybe there's
| something similar for Nissan?
| mikestew wrote:
| Ya know, now that you mention it, there are apparently
| dongles of some sort (perhaps OBDC? It's been a while...)
| that give all kinds of extra info, maybe there's
| something like you mention. It's been a while since I've
| been over to mynissanleaf.com, perhaps it's time to go
| pay a visit for a search.
|
| Thanks for the prompting.
| mikeryan wrote:
| My Volvo has had this happen. I have no idea if it still
| pings anything but the app access has been shut down.
|
| Annoyingly every so often the car gives me a warning that the
| Volvo service has expired. I'd love to turn that off. But it
| must still be trying to connect to something.
| toast0 wrote:
| Yeah, I still get the warning every so often that Ford has
| access to my GPS for trip tracking... I think if I factory
| reset the headunit, that'll go away, but then I lose my
| presets. If I had thought about it, I could have
| deassociated while the modem was online. :(
| toast0 wrote:
| Probably try forever. The last head unit firmware added a
| deep sleep so it doesn't drain the battery and polled much
| less frequently (this was before 3g shut down and made the
| telematics much less useful anyway). Might have just been
| parked in an underground garage or driving through tunnels
| everywhere. I really should pull the fuse though.
| Arrath wrote:
| The classic "my phone just munched 35% of its battery on a
| short subway ride frantically thrashing the radio in a
| search for signal" scenario.
| phonescreen_man wrote:
| Sales of flipper going up!
| avel wrote:
| This is not related to radio hacks, it is just a poorly secured
| web API.
| twojacobtwo wrote:
| >At this point, we identified that it was also possible to access
| customer information and run vehicle commands on Honda, Infiniti,
| and Acura vehicles in addition to Nissan.
|
| >We reported the issue to SiriusXM who fixed it immediately and
| validated their patch.
|
| Nice to see that it was addressed quickly, but it's frightening
| that such a shoddy system design was accepted by auto
| manufacturers with seemingly no oversight.
| hackernewds wrote:
| Imagine the risk when cars can also drive themselves, as 6 ton
| battering rams that can also self implode the evidence.
| endtime wrote:
| Why would they spend money on that? This severe vulnerability
| isn't going to hurt their bottom line, even if it "should".
|
| (I'm not endorsing this perspective, to be clear, just
| recognizing that it exists.)
| ticviking wrote:
| Isn't doing that math and seeing how heartless corporations
| the opening premise of "Fight Club"?
| spookthesunset wrote:
| If Fight Club was filmed today, I'm pretty sure the final
| scenes would be blowing up the media buildings and not the
| banks/credit card buildings...
| Retric wrote:
| As in Twitter/Facebook/Google or CNN/Fox News?
| philsnow wrote:
| > This severe vulnerability isn't going to hurt their bottom
| line, even if it "should".
|
| When there's damnable, devastating security news for some
| publicly-traded company that makes it to the big news
| sources, the stock takes a 0-10% dive and then completely
| recovers within a couple weeks. Even if the company's
| response is completely bungled, mismanaged, or
| miscommunicated, the market doesn't understand security
| issues and it seems like the company just benefits from the
| news exposure.
|
| I wish I kept notes on the last few times I've seen this
| happen so that I could cite examples.
| mughinn wrote:
| It's not the market, the customers don't care. They won't
| stop buying the product because of security issues, it's
| because of THAT that the price recovers, not because "the
| market" doesn't understand security
|
| If the customers cared, there would be significant drop in
| the price of the stock because a vulnerability like this
| would result in lower sales
| kube-system wrote:
| Well, some traders are selling on the news, which is what
| causes the dip. Most investors don't really have a deep
| technical grasp of the situation and don't fully realize
| how common software vulns are, don't understand their
| impact, or don't understand the effort to remediate them.
| hamburglar wrote:
| I scooped up a bunch of SolarWinds stock on this theory but
| just barely made my money back a year later, and wouldn't
| have if I'd held it until now...
| kahrl wrote:
| Idiotic claim with no proof. SiriusXM is a publicly traded
| company. If they were found responsible for vulnerabilities
| that lead to stolen cars, the lawsuits and public sentiment
| ABSOLUTELY would affect their bottom line. Just look at Kia
| and Hyundai right now.
|
| What are you even talking about?
| sofixa wrote:
| Wouldn't the same argument apply to Equifax?
| mschuster91 wrote:
| > Nice to see that it was addressed quickly, but it's
| frightening that such a shoddy system design was accepted by
| auto manufacturers with seemingly no oversight.
|
| That's thanks to the old tale of "outsourcing what is not a
| core business". I get it, it's fine when you have the capacity
| and capability to do oversight - but in most cases, the
| beancounters eventually decide that this capacity is not
| needed, and then shit like this happens.
| Fej wrote:
| How does one disable the telematics system(s) on a Honda or
| Nissan?
| dangrossman wrote:
| Unplug the antenna from the telematics unit. In my last Nissan,
| that was located right behind the glove box, not hard to get
| to.
| rglover wrote:
| So from what I gathered, they weren't running any validation on
| the server aside from that the VIN existed and matched a
| customer's vehicle? No JWT token/cookie validating the logged in
| user or anything else?
| bornfreddy wrote:
| Yup. And I wonder how they fixed it - did they actually find a
| way to distinguish the owner from the hackers? Does anyone know
| how the initial pairing with the app works?
| Firmwarrior wrote:
| Pretty crazy if true
|
| The news is going to be saying "Security issue found, elite
| hackers elitely hacked into SiriusXM" when it should be saying
| "Sirius did not bother to implement _any security at all_ for
| their remote management software "
| Thaxll wrote:
| It's mind blowing that removing a single k/v in an http post
| would lead to unlock any cars... wtf seriously. Like how can you
| not test that, the POST to fetch token should be bulletproof.
| [deleted]
| jiveturkey wrote:
| this sounds useful since i often forget where i parked. i could
| remote flash and honk all hondas in the parking lot when i go
| christmas shopping. then the one not flashing is my car.
|
| or when the guy 3 cars ahead on his phone doesn't move when the
| light changes, i can honk the car in back of him.
| jrsj wrote:
| The good news is my Acura has a manual transmission so the number
| of people who can both hack and drive it is a bit more limited at
| least ;)
| BoorishBears wrote:
| They couldn't drive it with this hack anyways
|
| Manual cars are required to have a clutch lockout for starting
| (so you can't accidentally leave it in gear and have it lurch
| forward)
| chrisseaton wrote:
| I don't get why people thinking driving a manual gearbox is
| such a mystery - it's not much different to automatic driving
| I've never met anyone who wasn't able to do it well enough.
| kube-system wrote:
| In the US they are not common and most people do not know how
| to operate one.
| chrisseaton wrote:
| There's really no magic to it - there's an extra pedal you
| depress when changing gear, and you bring up to re-engage
| the engine. Anyone can figure it out when presented with
| the pedal and the gear lever. People with no no education
| do it all around the world every day - I'm sure an American
| can figure it out.
| ryanianian wrote:
| > no education do it all around the world every day
|
| I taught myself to drive stick on a rental car. It was
| probably extremely obvious to other cars that I had no
| idea what I was doing. Grinding gears, over-revving the
| engine especially in reverse, and stalling at every full
| stop. That would catch any cop's eyes. But to your point,
| after 3-4 hours I got the hang of it and was no longer
| attracting attention.
|
| But to parent's point: A thief who doesn't drive stick is
| almost certainly going to prefer stealing an automatic.
| millzlane wrote:
| Did you teach yourself to drive it without ever seeing
| one driven?
| ryanianian wrote:
| I had ridden in manuals as a passenger. I watched some
| youtubes and understood the general principle, but it was
| sink-or-swim learning. Pretty unsafe to be honest, but
| this was in a pretty remote area, and the car was a very
| forgiving Japanese micro-SUV.
| [deleted]
| kube-system wrote:
| I understand, I drive one, and I have taught nearly a
| dozen others.
|
| If you put someone behind the wheel of a manual
| transmission vehicle and don't give them any pointers,
| they _will_ turn the key and complain that the vehicle
| doesn 't start... even if they understand the general
| idea of a manual transmission. Muscle memory is a
| powerful thing. (In the US clutch interlocks are
| universal)
|
| It is highly unlikely that someone with no prior
| experience with a manual will successfully pull off a
| time sensitive and high pressure task like a car theft.
| They will steal another car instead.
| kelnos wrote:
| I doubt that. Most people in the US getting into a car
| with a third pedal and a stick shift would just not have
| any idea what to do. The more enterprising would think,
| ok, I guess to I need to put it in first gear. So they
| try to move the shifter, and they can't move it. Assuming
| they don't break anything, _maybe_ they figure out they
| need to press the clutch pedal. So they shift, and
| release the clutch pedal, and the car stalls.
|
| Many people would just give up right there.
|
| Those who don't, _might_ get that they need to release
| the clutch slowly. So they try that, but maybe it still
| stalls (maybe they 're on a slight incline, and the car
| won't move without giving it a little gas).
|
| Let's say they do manage to get the car moving. I expect
| that further shifting will be incredibly rough, and there
| will be a lot more stalling. And that's basically the
| best scenario. I don't think most Americans would get
| anywhere near this far.
|
| As an American who learned how to drive manual by
| accident in the Netherlands, but who already understood
| the basic mechanics of it, it was still very difficult.
| It took me over a half hour to get out of the parking
| lot, and then I stalled quite often in embarrassing ways
| over the next day or so (including on the highway during
| stop-and-go traffic, where I rolled back into the front
| of a box truck behind me). By the time I returned the
| rental car, I'd more or less figured it out, but I also
| had the benefit of my dad owning a manual car when I was
| young (though Mom made him get a car she could drive too
| by the time I was 8 years old or so). But someone who'd
| never even thought about a manual transmission before?
| Like, most Americans? Not a chance. (I did end up buying
| a manual car back at home, a few months later, when my
| existing car died. Drove it for 15 years until I finally
| had to get rid of it earlier this year.)
|
| Remember, we're talking about a hypothetical car thief
| here who hops into a car, gets it started, and then
| notices it's not an automatic. We're not talking about
| someone who has actively decided to teach themselves how
| to drive manual, and rents or borrows a manual car for
| that purpose.
| millzlane wrote:
| If they can get the car started.
| chrisseaton wrote:
| You just turn the ignition. You may have to push the
| clutch in for some cars, just like you have to push the
| break in for some automatic cars. Manual cars aren't as
| different as you think they are.
| kube-system wrote:
| Unless you're driving an antique vehicle, every manual
| transmission car in the US has a clutch starter
| interlock.
| chrisseaton wrote:
| That's what I said about pressing the clutch isn't it?
| Just like pressing the brake in many automatic cars.
| kube-system wrote:
| If you put someone who has developed their muscle memory
| driving automatic transmission vehicles behind the wheel
| of a manual transmission car, they will press the brake
| and turn the key.
|
| Successfully starting a manual transmission vehicle has
| two prerequisites:
|
| * knowing that you have to press the clutch in
|
| * identifying the clutch
|
| People without this knowledge lack these prerequisites.
| alanbernstein wrote:
| This is like comparing a microwave meal to one cooked
| from scratch on a stove. Yes, anyone can do it. No,
| experience with the automatic version does not
| meaningfully translate to the manual one.
| Osiris wrote:
| Feathering the clutch to move slowly in first gear can be
| very tricky.
|
| The clutch in my Subaru has a very specific and narrow
| bite point. I've been driving stick for decades and I
| still stall the car on occasion.
|
| Imagine someone that's never driven a manual trying to go
| up hill from a stop.
| AustinDev wrote:
| I now only own automatics as of last month but before then I'd
| never lock my doors for my manual sports cars when around town.
| No one messed with it or tried to steal it. It was pretty
| great.
| itslennysfault wrote:
| It would've been REALLY easy for some kid to pop it in
| neutral and let it roll away, but you do you boo boo.
| at-fates-hands wrote:
| So true.
|
| I remember seeing several videos of people trying to steal
| cars, only to find out its a manual and have to retreat. The
| best was a pair of criminals who robbed a store, got the
| managers keys, loaded up the car and then after several
| attempts of leaving with the loot (popping the clutch to
| hilarious effect) and realizing they couldn't drive a manual,
| just got of the car and took off on foot empty handed.
|
| This must be a generational thing. As soon as I was old enough
| to drive, I was taught how to drive a manual first.
| randcraw wrote:
| This trick works only if keyless services on your Honda were
| enabled. Thus this vulnerability is trivial to avoid, even
| without a patch.
| aksss wrote:
| Interfaces with rotary encoders (physical knobs), buttons, and
| disconnected operation will become premium features.
___________________________________________________________________
(page generated 2022-12-02 23:00 UTC)