[HN Gopher] Remotely unlock/start/locate/flash/honk any remotely... ___________________________________________________________________ Remotely unlock/start/locate/flash/honk any remotely connected Honda/Nissan Author : zdw Score : 315 points Date : 2022-12-02 14:48 UTC (8 hours ago) (HTM) web link (twitter.com) (TXT) w3m dump (twitter.com) | gottebp wrote: | The automotive firmware industry has had a strong preference | historically for stable, old dependencies. With the advent of | connected firmware, arises a strong force pushing in the other | direction -- towards frequent updates, built from latest and | greatest dependencies. How they balance verification and | validation for safety purposes with frequent and more volatile | updates, will be interesting to watch. | bri3d wrote: | The linked vulnerabilities don't even have anything to do with | firmware (although it is certainly littered with issues too), | but rather just basic web/application security issues on the | "cloud" side of "cloud" services. | | This is less of a directional shift IMO as the classic | "hardware companies are bad at software" issue. There's no | unsolved or novel problem in this SiriusXM vulnerability (or | one from the same researcher in Hyundai/Genesis systems where | they compared a JWT subject with a subject passed in the | request, but stripped whitespace). There's no update-frequency | or validation issue. It's just basic web application security | getting neglected. | AlexandrB wrote: | I wish they gave customers an off switch for remote access so | at least older cars aren't rolling honeypots for hackers. | kevin_thibedeau wrote: | That would take away the government's ability to track | vehicles. They look the other way on consumer protection and | the manufacturers get to coerce you into subscription | services. Win win right? | vorpalhex wrote: | Supposedly removing the sharkfin whokesale will do it, at the | cost of also losing fm radio. | Arrath wrote: | How available are full vehicle wiring diagrams these days? | Not any good for radios built into computers like the | bluetooth antenna in the head unit, but it might be nice to | snip the wires to the sharkfin or other remote comm modules | without having to tear at body work or computer modules. | AlotOfReading wrote: | The sharkfin is usually only for external comms. There's | still other comms on separate antennas like Bluetooth that | can be potential entry points to the vehicle. | | Worse, even the external comms systems are moving to more | redundant setups to mitigate signal loss scenarios. | vorpalhex wrote: | I'll have to dig up the post but a gentleman with a | relatively new Subaru was kind enough to share his | explorations and found significant logic parts integrated | into the sharkfin, not just the antenna bundle. Likely a | cost measure. | | How well does this extend to other vehicles? No clue. | AlotOfReading wrote: | All of that comms stuff has its own logic associated with | it that usually lives up there in my experience. In the | past, manufacturers have tried to avoid putting much | stuff above the headliner beyond roof windows and | speakers. It's hot, narrow, and vibrates a lot | (especially in the center). Frankly, the antennas are | only up there because antenna placement is very expensive | magic that doesn't deign to obey the whims of mere | "designers". | | Things are changing though. Autonomous vehicles need | large numbers of sensors up there anyways and you can't | keep shoving everything under the cabin. | [deleted] | magicalhippo wrote: | Awesome, maybe this can work better than the provided app for my | Leaf. The car never responds to remote commands to start the | heater etc, no matter what the app says. | cgb223 wrote: | Am I correct in understanding that Nissan was using vehicle VINs | as customer IDs and that's why this worked? | | Or is he saying in addition to customer IDs that the auth API | also accepted VINs? | brk wrote: | This is super interesting, but why are people posting this kind | of thing to tweet streams? Twitter is just absolute shit for | trying to document this kind of research, IMO. | Encrust6221 wrote: | My sole motivation for wanting twitter to die is that this | format dies with it. | IshKebab wrote: | I hadn't thought about that but you're right that would be | amazing. | Spivak wrote: | Eh I've already seen people posting links to Mastadon | instances with the same format. Unless "Twitter style social" | dies the format will live on. | hamburglar wrote: | I think the difference is that Mastodon doesn't make the | format one of their defining characteristics. And maybe | eventually everyone will eventually see that a longer | format post is an option, and that it makes sense for | certain content. And Automattic will register | macrotweets.com and make it a redirect to wordpress and | everything will go full circle. | netsharc wrote: | Fully agree.. 9/10 for the research, but 1/10 for the lazy | presentation. People are saying "It's easier to go viral", oh | please, is everyone that pathetic, chasing after their 5 | minutes of Internet fame? | dfee wrote: | Obviously the reach is better and that's what they've optimized | for. | layer8 wrote: | They could tweet with a link to a blog post for the details. | I guess some followers would still be too lazy to follow the | link, but that's not a valid argument anymore IMO. | jeffbee wrote: | There are so many reasons to do it this way. You reach a huge | audience. You don't have to how your own assets. If your post | is popular, it won't get DDoSed off the air. Search engines | will index it immediately. Etc. People get many benefits from | posting this way. | gist wrote: | > You reach a huge audience. | | You would reach the same huge audience by putting in a | summary and link to a website with the detailed info. | | > If your post is popular, it won't get DDoSed off the air | | So someone who is capable enough (or a team) to pull off and | uncover this exploit can't be troubled to run a website | (server whatever) that can handle ddos or traffic? | dnadler wrote: | > can't be troubled to run a website | | Yes, that's right. They have more important things to do | than worry about hosting a website. They rightly use third | party applications to disseminate information. | gist wrote: | More important things? You mean getting more publicity | and attention for their efforts as well as praise for | what they discovered? | | Separate point do people really 'worry' about hosting a | website where all it has to do is display static | information? | dnadler wrote: | I'll just address your last point, which I think is | actually fairly important to think about. It's easy to | assume that other people have the same knowledge/skillset | as you do, or to think that things that are trivial for | you are similarly easy for others. | | This is simply not the case, and it's important to try to | put yourself in others shoes. (As an aside - this is what | I think leads to the best products.) | | I've met _many_ programmers who are absolutely brilliant | in their field who do not know, nor care to learn, how to | stand up even the most simple website. | | Is twitter the _best_ place for long form articles? | Probably not. But as the original commenter pointed out, | there are many benefits to it as well. | layer8 wrote: | They could use GitHub Pages or whatever. There are enough | ways that don't require much additional effort. | dnadler wrote: | Yeah, I don't personally think twitter is the best place | either, but it's unambiguously easier to type a few | sentances and click "post" than it is to make a webpage | of any kind. | Osiris wrote: | medium.com works fine for blogs like this. | fckgw wrote: | It says right in the tweet thread that will publish their full | findings soon. Twitter is a great way to get a summary out to a | large audience quickly. | tomp wrote: | Where would you post it? | | At least Twitter threads have no ads, in contrast to Reddit, | Medium etc. | dpkirchner wrote: | One downside to using Twitter is it's not possible to know if | the posts are authentic. Other platforms have similar | problems but ideally this content would be posted on user's | (and governments and so on) own sites and then linked to from | sites like Twitter. | Osiris wrote: | I was hoping that the first tweet would link to a blog with all | the details. Oh well. | gigel82 wrote: | I have a Nissan Leaf and it always bothered me there was no | software way to fully disable telematics. | | I looked into how to disable the hardware but it's a very | involved procedure and the car is leased so I dropped it, but | maybe I need to revisit. | bombcar wrote: | If you can find the radio antenna you may be able to wrap it in | enough foil and lead to stop transmission. | ynniv wrote: | https://www.wikihow.com/Deactivate-OnStar | mdorazio wrote: | It's typically in the shark fin above the rear windshield, | which is not easy or convenient to RF isolate. | mikestew wrote: | Your Leaf is too new. We've got an OG Leaf (2011) that had the | old GPRS radio. When AT&T dropped that, Nissan generously | offered a more modern cell radio for something like $300. Or | they would take out the radio for free. Given the utter | uselessness of Nissan's "remote" platform[0], guess which | option we went for? | | But it's right behind the glove box, and unless the design has | changed (it _has_ been eleven years), a couple of screws should | get you in the neighborhood of the antenna. | | [0] Seriously, what a slow-ass piece of shit. It was literally | faster to walk out to the garage and turn the heat on than it | was to do it through the app. And that assumes that Nissan's | server could see its way clear to turn the heat on at all, | which it frequently didn't. | anotheracctfo wrote: | A couple weeks ago my block was hit by thieves who got remote | entry into a bunch of Toyotas and Hondas. I wonder if that's how | they did it. | neoncontrails wrote: | I simply can't take a Twitter account with a blue checkmark | seriously anymore. | cmckn wrote: | As if I needed one more reason to hate SiriusXM. | kbrackbill wrote: | Is it possible to buy a new car these days without the | remote/cell connection stuff? Or if not, can it be disabled? My | car is 15 years old so I haven't had to think about it yet, but | I'm worried about what I'll do when it finally gives up. Maybe | just buy another older used one or something. | | Alternatively, are there any killer features that make having an | always connected car desirable? I understand why car | manufacturers would want it for telemetry and updates and such | but I'm not sure what the value is for me. | dangrossman wrote: | I use an app to turn on climate control in my car a few minutes | before I'm ready to leave, so it's already warmed up in winter, | or cooled down in summer, by the time I get in. My last few | cars have been electric, so this doesn't involve starting up a | noisy engine, and can safely be done if the car's parked in a | garage too. | dmlekrng093 wrote: | mjh2539 wrote: | It makes it a lot harder to have it stolen. Or rather, in light | of the OP, it makes it a lot harder to have it stolen and not | be able to find it. | vlucas wrote: | They can't start my car if it's a manual! :) | burnt_toast wrote: | Lol, manuals can be equipped with remote start too. Hopefully | it wasn't left in gear. | jaywcarman wrote: | I was intrigued by this statement and did some searching. | Sure enough it does exist: | https://www.compustar.com/blog/can-you-remote-start-a- | manual... | | > This is accomplished via clutch bypass, reservation mode, | and built-in safety features. | | I still would never want it... but it's an interesting | system. | itslennysfault wrote: | I had a manual Acura Integra when I was younger and I | installed a remote start on it because shops refused to | (because it's dangerous af). | | Anyways, the clutch pedal simply presses a little button | when it is all the way up. All I had to do is bridge the | two wires going into that button and it would start without | the clutch pressed. | | Amazingly I only ever tried to remote start it while in | gear once. It retries 3 times so it jumped forward 3 times. | About a foot each time, but didn't hit anything thankfully. | | I always wanted to add a sensor to the shifter so it'd only | bypass the clutch sensor when in neutral, but I never got | around to doing it. | ClarityJones wrote: | When someone is believed to have "committed suicide" or | "accidentally" left their car running in the garage, is it | routine for investigators to audit the manufacturer's remote- | start logs? Do those logs even exist? | TylerE wrote: | It's actually more or less impossible with modern cars. | | Hell, in a lot of cities what comes out of the tailpipe is | cleaner than what goes in the intake. | bombcar wrote: | Cleaner on noxious chemicals but not on carbon dioxide which | is what gets humans. | | I'm kind of surprised garage doors don't have co2 monitors | built in but I suppose it could be used as a security bypass. | FateOfNations wrote: | Carbon Monoxide alarms are being required in more and more | places, though typically only enforced in situations where | you are getting a building inspection (new construction, | extensive remodels, etc.) or where it's a rental property. | | You can pick one up at the hardware/big box store. | bombcar wrote: | I'm thinking more of something that causes the garage | opener to open if it detects a running car in the garage | or CO2 limits approaching unhealthy. | | I do have a very nice CO alarm that I keep in the kitchen | (portable pilot very sensitive one from CO Experts). | snotrockets wrote: | [citation needed] | | But until you find one, let's do some math: | | Let's only look at CO2 and disregard the even nastier NO | gasses emitted by a gasoline engine. EPA data suggests a car | produces 2,345 grams CO2 for every liter gas. And a modern, | but without shut-at-stop, idling car burns about 0.75 l/hour. | | So 1758 g/hour CO2 for an idling car in your garage, which is | roughly 63 m^3, and CO2 is 44.01 g/mol, so after an hour | idling in a closed garage, you'd have 14,440 PPM CO2. That is | enough to cause drowsiness in most, and some illness in | sensitive populations. The OHSA standard for allowed exposure | is 5,000ppm averaged over 8-hour workday. | dmlekrng093 wrote: | .. and assumes an airtight garage. | mschuster91 wrote: | You can still die from carbon dioxide exposure/oxygen | inefficiency. It will just take longer, now that carbon | monoxide emissions are down because of catalytic converters | eliminating a lot of them. And yet, a lot of people still die | or get seriously injured, particularly because their | "keyless" crap acts up [1]. | | [1] https://www.nytimes.com/2018/05/13/business/deadly- | convenien... | philsnow wrote: | I agree that carbon dioxide exposure is dangerous, but it | is probably less dangerous because (TIL) there's a specific | brain mechanism that wakes you up when your blood has | elevated CO2[0]. | | On the other hand, carbon monoxide poisoning will only wake | you up if its symptoms (among which headache, | nausea/vomiting, elevated heart rate, and cardiac arrest | seem likely) do so. | | [0] https://medicine.uiowa.edu/content/specific-neurons- | trigger-... | cortesoft wrote: | Are you suggesting you could kill someone by remotely starting | their car? Is the person sleeping in their car in the garage? | exhilaration wrote: | My garage is right below my kids' room so leaving the car on | would definitely be dangerous. Most remote starters | automatically turn after 10 minutes so I'd like to think that | mitigates that particular threat. Also we have carbon | monoxide detectors in every room (after one of my neighbors' | HVAC exhaust got blocked by snow after a particularly bad | storm). | ClarityJones wrote: | I don't personally know whether it's possible, but the NYT | has reported that every year a couple of people die from | leaving a running car in the garage: | | https://www.nytimes.com/2018/05/13/business/deadly- | convenien... | | If it is possible to do accidentally, then it's also possible | to do on purpose. | | With that said, I would expect more 28 false positives 12 | years. Those very low numbers may indicate that - contrary to | their reporting - it is not actually possible (barring weird | circumstances). | Neil44 wrote: | It's a thing - more accidents these days with hybrid and | keyless, so if you get distracted it's not immediately | obvious that you've left the car on and the engine might kick | in randomly later. | | https://www.nytimes.com/2018/05/13/business/deadly- | convenien... | sc00ty wrote: | https://threadreaderapp.com/thread/1597792097175674880.html | sawyna wrote: | I think this must have been buried in years old docs and layers | of design that nobody understands what's going on under the hood. | | I wouldn't blame either parties, I suppose the process can be | improved but it's very subjective. There'll be a new missing | piece tomorrow and you'll have to "improve" the process again. | | I think this is simply a side effect of fast moving software | design. Things will settle down in a couple of decades when the | AI lord takes over. | stainablesteel wrote: | i just want a car that doesn't need firmware updates | ffgh wrote: | When something like this happens, is the development team to | blame? Or maybe even the QA team? Wouldn't it be customary to | test for things like this | ilyt wrote: | Manufacturers for even allowing that to exist (why the fuck | telemetry app made by company _making radio channels_ would | have permissions to unlock the car in the first place) and | company for woeful errors in security and data protection. | zuppy wrote: | most probably, because of CAN bus, which is the system that | most of the cars use to connect their systems. | | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7219335/ | | how CAN bus works: | https://payatu.com/blog/kartheek.lade/automotive-security- | pa... | | i'm aware that on this case there was something even dumber, | an unsecured api endpoint, but as far as i know, if you've | managed to reach the system you can do anything with any | other connected device. there should not be a way to be able | to do whatever you want just because you have access to the | network. | nicholasjarnold wrote: | I recall reading that some cars are now using TCP/IP for | connecting some of their systems. A _super_ quick search on | this topic yields some results speaking to this [0]. | | [0] - https://www.techrepublic.com/resource- | library/whitepapers/tc... | jaywalk wrote: | SiriusXM is a company that does a lot more than just "making | radio channels." This is an egregious security issue, but SXM | offering the service makes sense. They also offer an aviation | weather service. | joezydeco wrote: | I've worked on software for SXM receivers. | | When you look at the physical layer it's just a 1.5 mbit | data stream carrying whatever you want, pointed at most of | North America. Over time some of that bandwidth was carved | out for data services at the expense of audio quality. | snotrockets wrote: | Because that "radio channels" company already have expensive | infrastructure in place to transmit to cars in most of North | America, and an established relationships with car | manufacturers, and thus are already integrated into their | supply chain. | | iow, it's not a "radio channels" company. | totally wrote: | What good is blame? | ilyt wrote: | "We must take security seriously or we got sued out of | existence" is good motivator for management. | CoastalCoder wrote: | I'd say it depends on how far out you're willing to zoom. | | For example, legislators and regulators allowed this kind of | laxity to be commercially advantageous. | | Voters allowed legislators and regulators to ignore the issue. | | To some extent, parents failed to instill in their children the | civic virtue of voting wisely. | | Etc. | ElijahLynn wrote: | Title is misleading. The vulnerability was patched after they | reported it. One cannot use this vulnerability today. | toast0 wrote: | My vehicle is safe, thanks to Ford. Telematics goes over | terrestrial phone networks, and when 2g shutdown months after the | car was made, they replaced the modem with a 3g modem that was | alreadt obsolete and now that 3g is shutdown, there's no more | internet access to the car. Thanks Ford! | webmobdev wrote: | Your comment is insightful and made me realise something I was | quite unaware of in India - that allowing your automobile to | track, collect and share data has become so mainstreamed in the | US / west that it is considered "normal"! I guess I shouldn't | be surprised - most people are unaware that Ford (and some | others) collect a lot of personal data when you take your car | to the service centre (for e.g. they download your contact list | and call logs from your car when they run the diagnostic | software) | | More info here - _Data could be what Ford sells next as it | looks for new revenue_ - | https://www.freep.com/story/money/cars/2018/11/13/ford-motor... | and _Ford Eyes Use of Customers' Personal Data to Boost | Profits_ - https://threatpost.com/ford-eyes-use-of-customers- | personal-d... ). | philsnow wrote: | > they download your contact list and call logs from your car | when they run the diagnostic software | | I'm inclined to believe you because I don't give cars access | to my contacts and in general treat in-car software as | already-compromised (I see the car manufacturer as more of an | adversary than a partner), but do you have a source for this | claim? | webmobdev wrote: | I remember reading about this a long time ago (5+ years ago | I think) - it was Ford doing this and it did cause some | mild outrage in the internet. Unfortunately I cannot find | that particular article - Google has become shitty for | finding old stuffs and possibly Ford PR has scrubbed the | internet so that the public can't find it easily (a common | practice in the evolving online marketing industry). I've | added two sources to my earlier comment that disclose the | gist of what I have claimed. | philsnow wrote: | > Google has become shitty for finding old stuffs | | yes, but in their defense, the Internet has become (or | has always been) shitty at keeping old stuffs around, so | even if Google indexed it the link would be dead or empty | by the time you go to look at it. Google used to surface | links to their cached copy that they used for indexing | more prominently but I hardly ever see them anymore. | reaperducer wrote: | _I don 't give cars access to my contacts_ | | It seems that many people are less smart than you are. | | Every rental car I've driven in the last six or seven years | has had some previous renter's entire contact list synced | to the info-tainment system. | | People are just too used to pressing "yes" buttons to get | on with their lives. | Arrath wrote: | We're finally seeing things like guest or hotel login | modes for smart tvs/netflix/hulu etc where it wipes your | credentials every time you turn the tv off. I wonder why | phones don't have a "Connecting to rental" kind of option | in their bluetooth configs. Like you I see rental cars | with all kinds of crap in the pairing history. | hunter2_ wrote: | Or car infotainment systems with rental mode would be | awesome. Like if every time you pair a phone, the car | asks if you want it paired indefinitely, or for N days. | User sets N based on rental duration, and the car wipes | the data after that. | | Granted, it's much better for the phone to not send | contacts to a rental car at all, but either solution | would be a significant improvement. | nradov wrote: | Ford does sell 4G cellular hardware updates for certain | vehicles. One of my relatives bought one for her Fusion sedan. | toast0 wrote: | Yeah, There's an upgrade available, but it costs money (even | when they were offering to pay the labor for some people), | and the functionality isn't worth it for me, especially once | they changed the power tradeoff and the car doesn't get the | messages in a reasonable amount of time. It's nice that it | doesn't kill the battery, and I understand the tradeoff, but | if I don't know how many hours it will take for internet | based remote unlocking to get to the car, it's not useful. | js2 wrote: | My 2016 Mazda was never connected in the first place, but I've | left my wife's 2017 Volt connected because I do actually find | the monthly OnStar report that's emailed to me to be useful. I | also like notifications of low-tire pressure, engine-oil life, | etc. | shortstuffsushi wrote: | For something like low tire pressure, won't a monthly report | be too late? | saghm wrote: | It sounds like the monthly report and the notifications for | tire pressure and the like are separate things | Symbiote wrote: | Can't this just be shown on the dashboard? | | I had a similar warning come up on a hire car last month. | crooked-v wrote: | I have a 2012 Mini with no connectivity at all that has | tire pressure warnings. | Eleison23 wrote: | Soon the car will just purchase its own new tires, or | drive itself around town in search of a working air pump. | tremon wrote: | Or it will just auto-dial the nearest tow service and | leave the bill to you. | ipaddr wrote: | Low gas should come in a monthly report you can pickup it | up on your way walking your empty car home. Or a door is | open report that you can receive as you lay on the side | of the road. | js2 wrote: | Unless a tire is punctured, it only loses air slowly over | time, but not enough you'd really notice looking at them, | but still enough that it's bad for tire wear. It's a nice | reminder to me I need to add air to the tires. | | The car's dashboard display also shows the tire pressures, | but: | | a) My wife, for whatever reason, seems blind to anything | the car shows her on the dashboard. :-( | | b) She'd have to put the dashboard to the screen which | shows tire pressure. The TPMS doesn't alert till pressure | is quite low. They are supposed to be 36 PSI. The TPMS | won't alert till they are below 25 PSI or some such. | shortstuffsushi wrote: | I have also had your experience, but my resolution was | just to swap cars for a day every couple weeks. The | threshold on her car was higher though, I believe 29 | (same ~35-36 normal range), so if they dropped she'd at | least be alerted sooner if I didn't see it. | reaperducer wrote: | _I also like notifications of low-tire pressure, engine-oil | life, etc._ | | Both things that have been done with non-connected cars for | decades. | jreese wrote: | Sometimes the person driving the car does not (want to?) | pay attention or has "ceded responsibility" for car | maintenance, and it's nice to get these reports without | needing to periodically remember to check the car manually. | js2 wrote: | Though my wife and I just celebrated 26 years of marriage | and have open lines of communication, her telling me | anything about the car she's driving is very hit or miss. | So the monthly email is helpful. :-) | all2 wrote: | Hardware | | - VoCore Lite | | - USB to ODB2 cable | | - Murata 1" x 1" DC-DC converter | | Software | | - Your choice of Linux flavor | | - FreeDiag, looks like it is still under active | development: https://github.com /fenugrec/freediag/ | | - Your own glue code to consume data, munge, and send | updates. | | I think I might do this. :D | insane_dreamer wrote: | Congratulations. You might be one of the few to survive the | Cylon attack. | colechristensen wrote: | I love my 09 Jetta being one of the last years available | without all of this nonsense. | vardump wrote: | The Cylons will probably start their attack with some fake 2G | cell towers, taking over all of the old IoT stuff. | munk-a wrote: | I'm not certain - assuming their goals are consistent with | other depictions they'll probably come armed with pre- | wireless technology spoofing devices and a serial or | parallel port so they can actually interact with and take | over missile control systems. | | Some day we might find an uneasy peace with the machines | when we desperately admit we need their advanced | technological capabilities to bridge PS/2 to USB-c so we | can keep using our clicky IBM Model-M keyboards. | doctor_eval wrote: | They'll probably need to start with a blue box to get | remote access, and then we can blame everything on Steve. | Litost wrote: | Does this explain the plot to Independence Day ;)? | Gordonjcp wrote: | Minor nitpick - 2G hasn't shut down, and the way things are it | probably never will. | reaperducer wrote: | _Minor nitpick - 2G hasn 't shut down, and the way things are | it probably never will._ | | AT&T's 2G network shut down January 1, 2017. | | The old Sprint 2G network shut down at the end of May. | | T-Mobile's 2G GSM and Verizon's 2G network shut down at the | end of this month. | Gordonjcp wrote: | What do they use for 2G M2M links? | toast0 wrote: | I think it is in the US? At least carriers wouldn't let my 2G | devices online anymore. | zootboy wrote: | In a large number of places, it's either already shut down or | will be shut down soon: | | https://en.wikipedia.org/wiki/2G#Past_2G_networks | skorpeon87 wrote: | How do these cell systems respond to the network no longer | existing? Do they continue trying to ping towers that no longer | exist? Do they give up eventually and turn themselves off | forever? | dangrossman wrote: | When the 2G networks were sunset, Nissan offered a voluntary | service campaign for some of their cars with 2G modems: | either pay $200 to get a replacement telematics unit with a | 3G modem, or they'll disable the 2G modem for free so it | doesn't drain your battery trying to connect to a non- | existent network 24/7. | mikestew wrote: | But did Nissan disable the "we're collecting data and | sending it off to the homeland: OK/Cancel" startup screen? | No. So now every time I drive the thing, I have to push a | button that does nothing so that I can see the screen. | | One of but many little duck bites that has us firmly in the | "never buy another Nissan" camp. | hunter2_ wrote: | On Volkswagens, nag screens like that (and "menu disabled | while vehicle is in motion" lockouts, and a million other | things) can be tweaked with cheap dongles that let you | change settings using your phone or laptop. Maybe there's | something similar for Nissan? | mikestew wrote: | Ya know, now that you mention it, there are apparently | dongles of some sort (perhaps OBDC? It's been a while...) | that give all kinds of extra info, maybe there's | something like you mention. It's been a while since I've | been over to mynissanleaf.com, perhaps it's time to go | pay a visit for a search. | | Thanks for the prompting. | mikeryan wrote: | My Volvo has had this happen. I have no idea if it still | pings anything but the app access has been shut down. | | Annoyingly every so often the car gives me a warning that the | Volvo service has expired. I'd love to turn that off. But it | must still be trying to connect to something. | toast0 wrote: | Yeah, I still get the warning every so often that Ford has | access to my GPS for trip tracking... I think if I factory | reset the headunit, that'll go away, but then I lose my | presets. If I had thought about it, I could have | deassociated while the modem was online. :( | toast0 wrote: | Probably try forever. The last head unit firmware added a | deep sleep so it doesn't drain the battery and polled much | less frequently (this was before 3g shut down and made the | telematics much less useful anyway). Might have just been | parked in an underground garage or driving through tunnels | everywhere. I really should pull the fuse though. | Arrath wrote: | The classic "my phone just munched 35% of its battery on a | short subway ride frantically thrashing the radio in a | search for signal" scenario. | phonescreen_man wrote: | Sales of flipper going up! | avel wrote: | This is not related to radio hacks, it is just a poorly secured | web API. | twojacobtwo wrote: | >At this point, we identified that it was also possible to access | customer information and run vehicle commands on Honda, Infiniti, | and Acura vehicles in addition to Nissan. | | >We reported the issue to SiriusXM who fixed it immediately and | validated their patch. | | Nice to see that it was addressed quickly, but it's frightening | that such a shoddy system design was accepted by auto | manufacturers with seemingly no oversight. | hackernewds wrote: | Imagine the risk when cars can also drive themselves, as 6 ton | battering rams that can also self implode the evidence. | endtime wrote: | Why would they spend money on that? This severe vulnerability | isn't going to hurt their bottom line, even if it "should". | | (I'm not endorsing this perspective, to be clear, just | recognizing that it exists.) | ticviking wrote: | Isn't doing that math and seeing how heartless corporations | the opening premise of "Fight Club"? | spookthesunset wrote: | If Fight Club was filmed today, I'm pretty sure the final | scenes would be blowing up the media buildings and not the | banks/credit card buildings... | Retric wrote: | As in Twitter/Facebook/Google or CNN/Fox News? | philsnow wrote: | > This severe vulnerability isn't going to hurt their bottom | line, even if it "should". | | When there's damnable, devastating security news for some | publicly-traded company that makes it to the big news | sources, the stock takes a 0-10% dive and then completely | recovers within a couple weeks. Even if the company's | response is completely bungled, mismanaged, or | miscommunicated, the market doesn't understand security | issues and it seems like the company just benefits from the | news exposure. | | I wish I kept notes on the last few times I've seen this | happen so that I could cite examples. | mughinn wrote: | It's not the market, the customers don't care. They won't | stop buying the product because of security issues, it's | because of THAT that the price recovers, not because "the | market" doesn't understand security | | If the customers cared, there would be significant drop in | the price of the stock because a vulnerability like this | would result in lower sales | kube-system wrote: | Well, some traders are selling on the news, which is what | causes the dip. Most investors don't really have a deep | technical grasp of the situation and don't fully realize | how common software vulns are, don't understand their | impact, or don't understand the effort to remediate them. | hamburglar wrote: | I scooped up a bunch of SolarWinds stock on this theory but | just barely made my money back a year later, and wouldn't | have if I'd held it until now... | kahrl wrote: | Idiotic claim with no proof. SiriusXM is a publicly traded | company. If they were found responsible for vulnerabilities | that lead to stolen cars, the lawsuits and public sentiment | ABSOLUTELY would affect their bottom line. Just look at Kia | and Hyundai right now. | | What are you even talking about? | sofixa wrote: | Wouldn't the same argument apply to Equifax? | mschuster91 wrote: | > Nice to see that it was addressed quickly, but it's | frightening that such a shoddy system design was accepted by | auto manufacturers with seemingly no oversight. | | That's thanks to the old tale of "outsourcing what is not a | core business". I get it, it's fine when you have the capacity | and capability to do oversight - but in most cases, the | beancounters eventually decide that this capacity is not | needed, and then shit like this happens. | Fej wrote: | How does one disable the telematics system(s) on a Honda or | Nissan? | dangrossman wrote: | Unplug the antenna from the telematics unit. In my last Nissan, | that was located right behind the glove box, not hard to get | to. | rglover wrote: | So from what I gathered, they weren't running any validation on | the server aside from that the VIN existed and matched a | customer's vehicle? No JWT token/cookie validating the logged in | user or anything else? | bornfreddy wrote: | Yup. And I wonder how they fixed it - did they actually find a | way to distinguish the owner from the hackers? Does anyone know | how the initial pairing with the app works? | Firmwarrior wrote: | Pretty crazy if true | | The news is going to be saying "Security issue found, elite | hackers elitely hacked into SiriusXM" when it should be saying | "Sirius did not bother to implement _any security at all_ for | their remote management software " | Thaxll wrote: | It's mind blowing that removing a single k/v in an http post | would lead to unlock any cars... wtf seriously. Like how can you | not test that, the POST to fetch token should be bulletproof. | [deleted] | jiveturkey wrote: | this sounds useful since i often forget where i parked. i could | remote flash and honk all hondas in the parking lot when i go | christmas shopping. then the one not flashing is my car. | | or when the guy 3 cars ahead on his phone doesn't move when the | light changes, i can honk the car in back of him. | jrsj wrote: | The good news is my Acura has a manual transmission so the number | of people who can both hack and drive it is a bit more limited at | least ;) | BoorishBears wrote: | They couldn't drive it with this hack anyways | | Manual cars are required to have a clutch lockout for starting | (so you can't accidentally leave it in gear and have it lurch | forward) | chrisseaton wrote: | I don't get why people thinking driving a manual gearbox is | such a mystery - it's not much different to automatic driving | I've never met anyone who wasn't able to do it well enough. | kube-system wrote: | In the US they are not common and most people do not know how | to operate one. | chrisseaton wrote: | There's really no magic to it - there's an extra pedal you | depress when changing gear, and you bring up to re-engage | the engine. Anyone can figure it out when presented with | the pedal and the gear lever. People with no no education | do it all around the world every day - I'm sure an American | can figure it out. | ryanianian wrote: | > no education do it all around the world every day | | I taught myself to drive stick on a rental car. It was | probably extremely obvious to other cars that I had no | idea what I was doing. Grinding gears, over-revving the | engine especially in reverse, and stalling at every full | stop. That would catch any cop's eyes. But to your point, | after 3-4 hours I got the hang of it and was no longer | attracting attention. | | But to parent's point: A thief who doesn't drive stick is | almost certainly going to prefer stealing an automatic. | millzlane wrote: | Did you teach yourself to drive it without ever seeing | one driven? | ryanianian wrote: | I had ridden in manuals as a passenger. I watched some | youtubes and understood the general principle, but it was | sink-or-swim learning. Pretty unsafe to be honest, but | this was in a pretty remote area, and the car was a very | forgiving Japanese micro-SUV. | [deleted] | kube-system wrote: | I understand, I drive one, and I have taught nearly a | dozen others. | | If you put someone behind the wheel of a manual | transmission vehicle and don't give them any pointers, | they _will_ turn the key and complain that the vehicle | doesn 't start... even if they understand the general | idea of a manual transmission. Muscle memory is a | powerful thing. (In the US clutch interlocks are | universal) | | It is highly unlikely that someone with no prior | experience with a manual will successfully pull off a | time sensitive and high pressure task like a car theft. | They will steal another car instead. | kelnos wrote: | I doubt that. Most people in the US getting into a car | with a third pedal and a stick shift would just not have | any idea what to do. The more enterprising would think, | ok, I guess to I need to put it in first gear. So they | try to move the shifter, and they can't move it. Assuming | they don't break anything, _maybe_ they figure out they | need to press the clutch pedal. So they shift, and | release the clutch pedal, and the car stalls. | | Many people would just give up right there. | | Those who don't, _might_ get that they need to release | the clutch slowly. So they try that, but maybe it still | stalls (maybe they 're on a slight incline, and the car | won't move without giving it a little gas). | | Let's say they do manage to get the car moving. I expect | that further shifting will be incredibly rough, and there | will be a lot more stalling. And that's basically the | best scenario. I don't think most Americans would get | anywhere near this far. | | As an American who learned how to drive manual by | accident in the Netherlands, but who already understood | the basic mechanics of it, it was still very difficult. | It took me over a half hour to get out of the parking | lot, and then I stalled quite often in embarrassing ways | over the next day or so (including on the highway during | stop-and-go traffic, where I rolled back into the front | of a box truck behind me). By the time I returned the | rental car, I'd more or less figured it out, but I also | had the benefit of my dad owning a manual car when I was | young (though Mom made him get a car she could drive too | by the time I was 8 years old or so). But someone who'd | never even thought about a manual transmission before? | Like, most Americans? Not a chance. (I did end up buying | a manual car back at home, a few months later, when my | existing car died. Drove it for 15 years until I finally | had to get rid of it earlier this year.) | | Remember, we're talking about a hypothetical car thief | here who hops into a car, gets it started, and then | notices it's not an automatic. We're not talking about | someone who has actively decided to teach themselves how | to drive manual, and rents or borrows a manual car for | that purpose. | millzlane wrote: | If they can get the car started. | chrisseaton wrote: | You just turn the ignition. You may have to push the | clutch in for some cars, just like you have to push the | break in for some automatic cars. Manual cars aren't as | different as you think they are. | kube-system wrote: | Unless you're driving an antique vehicle, every manual | transmission car in the US has a clutch starter | interlock. | chrisseaton wrote: | That's what I said about pressing the clutch isn't it? | Just like pressing the brake in many automatic cars. | kube-system wrote: | If you put someone who has developed their muscle memory | driving automatic transmission vehicles behind the wheel | of a manual transmission car, they will press the brake | and turn the key. | | Successfully starting a manual transmission vehicle has | two prerequisites: | | * knowing that you have to press the clutch in | | * identifying the clutch | | People without this knowledge lack these prerequisites. | alanbernstein wrote: | This is like comparing a microwave meal to one cooked | from scratch on a stove. Yes, anyone can do it. No, | experience with the automatic version does not | meaningfully translate to the manual one. | Osiris wrote: | Feathering the clutch to move slowly in first gear can be | very tricky. | | The clutch in my Subaru has a very specific and narrow | bite point. I've been driving stick for decades and I | still stall the car on occasion. | | Imagine someone that's never driven a manual trying to go | up hill from a stop. | AustinDev wrote: | I now only own automatics as of last month but before then I'd | never lock my doors for my manual sports cars when around town. | No one messed with it or tried to steal it. It was pretty | great. | itslennysfault wrote: | It would've been REALLY easy for some kid to pop it in | neutral and let it roll away, but you do you boo boo. | at-fates-hands wrote: | So true. | | I remember seeing several videos of people trying to steal | cars, only to find out its a manual and have to retreat. The | best was a pair of criminals who robbed a store, got the | managers keys, loaded up the car and then after several | attempts of leaving with the loot (popping the clutch to | hilarious effect) and realizing they couldn't drive a manual, | just got of the car and took off on foot empty handed. | | This must be a generational thing. As soon as I was old enough | to drive, I was taught how to drive a manual first. | randcraw wrote: | This trick works only if keyless services on your Honda were | enabled. Thus this vulnerability is trivial to avoid, even | without a patch. | aksss wrote: | Interfaces with rotary encoders (physical knobs), buttons, and | disconnected operation will become premium features. ___________________________________________________________________ (page generated 2022-12-02 23:00 UTC)