Aah yes, just to prevent… touching your door knob?
That’s not what ‘keyless entry’ means. You still have to open your door, you just don’t need to press a button to unlock it first.
You. Don’t. Need. To. Put. Your. Car. On. The. Internet.
Don’t buy vehicles that need you to be connected to the internet. The truth is, Tesla knows full well how vulnerable its cars are. They designed them. It definitely has nothing to do with the global stolen car black market /s.
connecting your car to the internet is really dumb. The infotainment and navi should be connected, but not critical systems.
How do you navigate?
Your phone.
Or even just a regular old map.
Yeah I just familiarize myself with the city I live in.
If only it were that easy. It feels like any vehicle that is worth buying new, is online.
I think only a wave of “hacking related insurance claims” can start a change.
Recently reconsidered a new car because this appears to be the only option.
TL;DR: Phishing + no additional precautions against creating digital car keys once logged in
Worth noting that it isn’t just “hacking WiFi”. You have to have the username and password associated with the car.
Yes, that was the “phishing” bit.
With a sprinkling of “omg flipper zero” for some reason.
The Watch Dogs series warned everyone.
No just transfer the ownership through unethical but acceptable and deserving way .
Fewer things have been better established than the fact that yes, absolutely, without hesitation: we would download a car.
But hey let’s put wifi in our heads right Elon?
This is just… Completely avoidable and a great example of XKCD’s take on cyber security.
Software engineers can be split into two groups: those who aspire to own a Tesla, and those who aspire to replacing every digital appliance they own with an analog alternative
Aaaaaahh! Wear gloves! Burry it in the desert!
Kia Boys are moving up in the world.
Well, it’s not like you can smash the windows in a Tesla… even if you’re trying to save someone’s life apparently.
That turret defense system is intense
mr krabs i have an ideaaaaa
hackers only need a simple $169 hacking tool called Flipper Zero, a Raspberry Pi, or a laptop to pull it off.
At that point, why mention the Flipper Zero or RPi? Just say it can be done without specialized hardware. I feel like they’re trying to piggyback off of the buzz from the Flipper Zero being banned in Canada recently.
Well, most laptops do cost more than $169
There was nothing in this article that wasn’t sensationalist click bait crap.
Flipper Zero doesn’t even have WiFi. At most it’s a screen and button input device for ESP8266, ect.
Flipper Zero is kinda whatever it wants to be since it has ports for additional modules. It’s a hacking tool you need to hack for it to work to get around (most) legal issues.
You can buy a WiFi module and just plug it in as HAT, but I still think it’s stupid to even mention when you can use pretty much anything with WiFi that you control. You could probably do the same thing with a rooted Android phone if you wanted.
In other words: you only need a computer. 😱
I believe this method came out weeks ago and I had thought I’d read tesla already took care of it, but may be wrong. You still have to hang out long enough to get someone who actually wants wifi, but doesn’t want to stay at their car where the wifi is at, and then will also fall for a phishing attack and put in their verification code sent to their phone into the fake site.
All to swipe a car that’s going to be noticed as being stolen very quickly, and when all teslas come standard with GPS location tracking.
So what’s the point of stealing a car after possible hours and hours of waiting for a mark and then taking it while the owner can report it and it’s location the entire time.
They haven’t banned it yet, they’re just looking to do so at some point
Maybe they’re trying to justify the stupidity of that ban. I’m still shaking my head over that, it’s like nobody bothered to ask the question “does this thing actually do the thing we’re mad about?”
Given how often it happens in other industries, it wouldnt surprise me to find out that someone, somewhere along the line has an agenda to push and are trying to lump certain things into the same category as a thing people aren’t supposed to like in order to get the thing that’s only kind of related banned.
Heck, I personally know people who want 3d printing to be banned because “you can 3d print guns”. I can make a gun with a trip to the hardware store and a few hours. The extra hours are to make sure I can use it more than once. I’m just using this as an example, it’s not quite the same.
I also know people who have seen the drone headlines for Ukraine and give me the side eye when I mention I have a drone and can build my own at home. One coworker has even asked why I “need” to build drones and that having a bunch of hardware to do stuff like that is “sketchy”. Drones are already being regulated into the ground over a few high profile incidents. And some try to lump rc devices into the same category. Sorry I can’t fly my 8oz foam plane here, it’s in the same class as 200lb agricultural drones with 12 rotors and I need special FAA authorization. You can build an ultralight aircraft in your garage and fly it across country without running it by anyone first, though.
I rambled a bit but my point is every time you see things being lumped together and you’re scratching your head as to why, ask yourself “who wrote/published/shared this, who are they affiliated with, and do they have a reason to want one of these things or similar products regulated” and you’ll see a surprising amount of shady bs going on that’s all perfectly legal.
People are weird. In my area, saying you run Linux because you hate ad tracking and don’t have a Facebook account makes people think you’re a child molester.
And the 3D printing thing is crazy. I’ve had 3D printers for well over a decade because I started out building my own before you could buy them, printed thousands of parts of varying degrees of toughness, but I would be damned if I would ever shoot a gun I printed off of one. I haven’t heard a word about banning lathes and mills though.
I just ignore the drone thing, our nearest neighbor is 2 miles away so I do what I want. I built a crop scouting drone that goes for a tour every morning and flies a 7 mile route unmonitored. Never heard a word about it from the neighbors.
The lathe & knee mill thing is being nibbled away under the ‘ghost gun’ fears - yes 80% is a weird line in the sand but we have to define it somewhere between “non-descript block of metal” to “legally now a gun”. Not sure how that’s going to survive legal test, the law there needs a refresh tbh
I’m really more surprised to see 3D printing not being targeted/trolled by copyright and IP lawyers. There was some limited activity with Games Workshop and people scanning wargaming miniatures to cheaply 3D print instead of paying (exorbitant) retail prices, but hasn’t gone far beyond banning non-official minions at official events
It’s so weird how a lot of society went from “WOAH, government can’t use these things to track me, I have a right to privacy!” to “WOAH, you try not to be tracked by every single company on the planet and 16 major governments? What are you some kinda criminal?”
I can tell you from experience you can use a garage worth of basic tools to make a gun, but not one that will be “print, assemble, fire” without extra parts.
I’d say about 4/10 times I go flying my 240g drone in the local park someone comes over to tell me I’m breaking the law. Weirdly they can never name a specific one, and it’s always just “the law says you cant use that here”. Never had cops called yet. Mostly people want to ask me how much it was and how I like it. A few have asked if I’ve tried dropping “something the size of a baseball” from it.
I have a buddy who works in a bank, says a ton of ag loans these days are for drones and renewable energy equipment. Even the owner of the field I live next to has one. I think it lives in his shed, it has 8 rotors. Looks like it could lift a skinny short person. I have exactly 0 concerns they will use it to spy on me or drop explosives on my house.
I’d love to have a drone with thermal/night vision. We get a lot of animals around here and I’d like to be able to see them (and figure out what they all are) without spooking them.
What is the thing used for?
It can sniff radio packets, so if you have a ridiculously simple security system using RFID, you can record the pattern it emits off a tag when its pinged and play it back to defeat a security system. But no vehicle since the 90s has used a single code system that it would be able to defeat, so it’s useless for that.
The way thieves are defeating car locks is when the car listens for a fob within it’s security range (like the ones that unlock when you walk up with a fob in your pocket), and if people leave their keys close to a wall where the radio signal can be boosted so it reaches the car, it’ll pop the locks. The unit they banned, which is opensource and easily built from components you can get from Digikey or Mouser anyway, can’t do this. A common radio repeater or SDR can do this but banning that would be ridiculously onerous on industry.
praxis?
Smart cars are being hijack by WiFi. Welcome to the world of tomorrow!
haha
I would download a car - unless it’s a Tesla. I do have standards, you know.
Wonder how long until jailbreaking your EV becomes common place to turn off shit like Wifi.
Fuck it jailbreak the tesla
Here is an alternative Piped link(s):
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
What could that even entail? Unlock faster speeds for free instead of having to pay the premium?
Or you could click the setting. Or not login to a website you didn’t expect to see. Or most scammers won’t bother because it’s risky and not scalable: you need to be physically present. This doesn’t seem like a likely vector.
The recommendation of being notified when new keys are created, is a good one though.
… except I could swear it already does
Proprietary software is often locked down to be idiot proof and tamper proof to the average consumer. Actually disabling the wifi (not just turning off SSID broadcasting) or other exploitable points might require a deeper level of access than just the settings page.
And it’s not websites people are concerned about. There’s a pretty common hacking concept where you attack the weakest connected device. If your car connects to your garage door opener, your coffee maker, your washing machine, all your smart devices - they only need to get access to one to get access to all of them since those devices are ‘trusted’. Your car doesn’t know why your coffee maker says ‘unlock’ but it’s gonna listen, it trusts your coffee machine.
No. That’s not how it works. That’s not how any of this work.
A car does not automatically accept commands to devices it connects to because of some inherent trust. The car would be programmed to only accept commands from devices it expects to send it such commands.
Anyone who allows the toaster to not only command the car but alap unlock the car should be fired and blackballed from the industry. That’s not a whoopsie, learning experience. That’s an unforgivable level of incompetence.
I simplified the concept which might seem misleading to you but the outcome is exactly the same.
You can get access to the home network through weakly secured devices. If you can get past a weak device, trusted by the network, you can send commands through the network and to other devices as if you were a typical user. If your car can be unlocked from your computer (or phone) over the network, a hacker would only need to get past your coffee maker on that same network to be able to tell your car to unlock.
In other words, the Internet of Things can often be a liability if you don’t know how to secure points of access to your network. If you installed a smart thermostat and it’s still broadcasting the default SSID, that’s a glowing weakspot for a hacker. Who would need WPA2 security for that, right?
From the toaster you’d still need to find a way to access a trusted device. This is going to require an exploit. But first the toaster needs meet some specific requirements, like does it have a web server or shell. If it’s a simple device that merely broadcasts its state it likely does it meet these requirements.
If your WiFi thermostat is broadcasting its default SSID, that means it is not connected to your WiFi. At most you can take control of the device but it won’t get you onto the trusted network any faster than hacking their WiFi directly. Best to go for a device already on the network.
In the case of tesla, you’d still need the API token to the specific car (which requires username and password) to send any commands to it. It doesn’t actually take commands directly, from anything, it’s all done through teslas servers via the API. Getting access to local network makes no difference, you need the token to do anything with the car. You can’t even send commands via BT to the car.
The kind of mistake someone on a work visa working 85 hours a week and sleeping in the office so they don’t get fired might make you say?
Interesting that the Lemmy hive mind wants this to be true, yet another indication that this place does not have a strong technical knowledge base. But no, this wouldn’t be the decision of a single person. That isn’t what this exploit is but again, trying to explain things to people who don’t understand the technical side of things isn’t a winning battle.
Somebody should seriously scare Elmo shitless by this method lol 😂
