• @RealFknNito
    link
    English
    6810 months ago

    Wonder how long until jailbreaking your EV becomes common place to turn off shit like Wifi.

    • @AA5B
      link
      English
      16
      edit-2
      10 months ago

      Or you could click the setting. Or not login to a website you didn’t expect to see. Or most scammers won’t bother because it’s risky and not scalable: you need to be physically present. This doesn’t seem like a likely vector.

      The recommendation of being notified when new keys are created, is a good one though.

      … except I could swear it already does

      • @RealFknNito
        link
        English
        2510 months ago

        Proprietary software is often locked down to be idiot proof and tamper proof to the average consumer. Actually disabling the wifi (not just turning off SSID broadcasting) or other exploitable points might require a deeper level of access than just the settings page.

        And it’s not websites people are concerned about. There’s a pretty common hacking concept where you attack the weakest connected device. If your car connects to your garage door opener, your coffee maker, your washing machine, all your smart devices - they only need to get access to one to get access to all of them since those devices are ‘trusted’. Your car doesn’t know why your coffee maker says ‘unlock’ but it’s gonna listen, it trusts your coffee machine.

        • @Clent
          link
          English
          410 months ago

          No. That’s not how it works. That’s not how any of this work.

          A car does not automatically accept commands to devices it connects to because of some inherent trust. The car would be programmed to only accept commands from devices it expects to send it such commands.

          Anyone who allows the toaster to not only command the car but alap unlock the car should be fired and blackballed from the industry. That’s not a whoopsie, learning experience. That’s an unforgivable level of incompetence.

          • @[email protected]
            link
            fedilink
            English
            1410 months ago

            The kind of mistake someone on a work visa working 85 hours a week and sleeping in the office so they don’t get fired might make you say?

            • @Clent
              link
              English
              -410 months ago

              Interesting that the Lemmy hive mind wants this to be true, yet another indication that this place does not have a strong technical knowledge base. But no, this wouldn’t be the decision of a single person. That isn’t what this exploit is but again, trying to explain things to people who don’t understand the technical side of things isn’t a winning battle.

          • @RealFknNito
            link
            English
            3
            edit-2
            10 months ago

            I simplified the concept which might seem misleading to you but the outcome is exactly the same.

            You can get access to the home network through weakly secured devices. If you can get past a weak device, trusted by the network, you can send commands through the network and to other devices as if you were a typical user. If your car can be unlocked from your computer (or phone) over the network, a hacker would only need to get past your coffee maker on that same network to be able to tell your car to unlock.

            In other words, the Internet of Things can often be a liability if you don’t know how to secure points of access to your network. If you installed a smart thermostat and it’s still broadcasting the default SSID, that’s a glowing weakspot for a hacker. Who would need WPA2 security for that, right?

            • @Clent
              link
              English
              210 months ago

              From the toaster you’d still need to find a way to access a trusted device. This is going to require an exploit. But first the toaster needs meet some specific requirements, like does it have a web server or shell. If it’s a simple device that merely broadcasts its state it likely does it meet these requirements.

              If your WiFi thermostat is broadcasting its default SSID, that means it is not connected to your WiFi. At most you can take control of the device but it won’t get you onto the trusted network any faster than hacking their WiFi directly. Best to go for a device already on the network.

            • @[email protected]
              link
              fedilink
              English
              2
              edit-2
              10 months ago

              In the case of tesla, you’d still need the API token to the specific car (which requires username and password) to send any commands to it. It doesn’t actually take commands directly, from anything, it’s all done through teslas servers via the API. Getting access to local network makes no difference, you need the token to do anything with the car. You can’t even send commands via BT to the car.

    • @UsernameIsTooLon
      link
      English
      310 months ago

      What could that even entail? Unlock faster speeds for free instead of having to pay the premium?

    • DKP
      link
      English
      110 months ago

      Except in the article here, they are counting on a driver connecting their phone to the wifi and logging in with Tesla credentials.

      In this instance you don’t need to disable anything in the car.