Wonder how long until jailbreaking your EV becomes common place to turn off shit like Wifi.
Except in the article here, they are counting on a driver connecting their phone to the wifi and logging in with Tesla credentials.
In this instance you don’t need to disable anything in the car.
Fuck it jailbreak the tesla
Here is an alternative Piped link(s):
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
What could that even entail? Unlock faster speeds for free instead of having to pay the premium?
Or you could click the setting. Or not login to a website you didn’t expect to see. Or most scammers won’t bother because it’s risky and not scalable: you need to be physically present. This doesn’t seem like a likely vector.
The recommendation of being notified when new keys are created, is a good one though.
… except I could swear it already does
Proprietary software is often locked down to be idiot proof and tamper proof to the average consumer. Actually disabling the wifi (not just turning off SSID broadcasting) or other exploitable points might require a deeper level of access than just the settings page.
And it’s not websites people are concerned about. There’s a pretty common hacking concept where you attack the weakest connected device. If your car connects to your garage door opener, your coffee maker, your washing machine, all your smart devices - they only need to get access to one to get access to all of them since those devices are ‘trusted’. Your car doesn’t know why your coffee maker says ‘unlock’ but it’s gonna listen, it trusts your coffee machine.
No. That’s not how it works. That’s not how any of this work.
A car does not automatically accept commands to devices it connects to because of some inherent trust. The car would be programmed to only accept commands from devices it expects to send it such commands.
Anyone who allows the toaster to not only command the car but alap unlock the car should be fired and blackballed from the industry. That’s not a whoopsie, learning experience. That’s an unforgivable level of incompetence.
The kind of mistake someone on a work visa working 85 hours a week and sleeping in the office so they don’t get fired might make you say?
Interesting that the Lemmy hive mind wants this to be true, yet another indication that this place does not have a strong technical knowledge base. But no, this wouldn’t be the decision of a single person. That isn’t what this exploit is but again, trying to explain things to people who don’t understand the technical side of things isn’t a winning battle.
I simplified the concept which might seem misleading to you but the outcome is exactly the same.
You can get access to the home network through weakly secured devices. If you can get past a weak device, trusted by the network, you can send commands through the network and to other devices as if you were a typical user. If your car can be unlocked from your computer (or phone) over the network, a hacker would only need to get past your coffee maker on that same network to be able to tell your car to unlock.
In other words, the Internet of Things can often be a liability if you don’t know how to secure points of access to your network. If you installed a smart thermostat and it’s still broadcasting the default SSID, that’s a glowing weakspot for a hacker. Who would need WPA2 security for that, right?
From the toaster you’d still need to find a way to access a trusted device. This is going to require an exploit. But first the toaster needs meet some specific requirements, like does it have a web server or shell. If it’s a simple device that merely broadcasts its state it likely does it meet these requirements.
If your WiFi thermostat is broadcasting its default SSID, that means it is not connected to your WiFi. At most you can take control of the device but it won’t get you onto the trusted network any faster than hacking their WiFi directly. Best to go for a device already on the network.
In the case of tesla, you’d still need the API token to the specific car (which requires username and password) to send any commands to it. It doesn’t actually take commands directly, from anything, it’s all done through teslas servers via the API. Getting access to local network makes no difference, you need the token to do anything with the car. You can’t even send commands via BT to the car.
This is the best summary I could come up with:
Researchers have found that hackers could easily hijack WiFi networks at Tesla charging stations to steal vehicles — a glaring cybersecurity vulnerability that only requires an affordable, off-the-shelf tool.
“Phishing and social engineering attacks are very common today, especially with the rise of AI technologies, and responsible companies must factor in such risks in their threat models.”
Cybersecurity researchers have long rung alarm bells over the use of keyless entry in the car industry, which leave modern vehicles at risk of being stolen.
Using their weapon of choice, hackers create a spoof WiFi network called “Tesla Guest” that masquerades as the real thing.
If a victim were to try to access the network, which the EV maker normally provides free of charge to waiting customers, they could be duped into giving up their login by entering it into a duplicate site.
Once he told Tesla about his findings, the EV maker underplayed the vulnerability, telling him it was all by design and “intended behavior,” an assertion that Mysk called “preposterous” in his interview with Gizmodo.
The original article contains 428 words, the summary contains 175 words. Saved 59%. I’m a bot and I’m open source!
Thanks, the website doesn’t provide “opt out of all legitimate interest” button and it has 857 vendors enabled.
Smart cars are being hijack by WiFi. Welcome to the world of tomorrow!
Here is an alternative Piped link(s):
Welcome to the world of tomorrow
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
praxis?
TL;DR: Phishing + no additional precautions against creating digital car keys once logged in
With a sprinkling of “omg flipper zero” for some reason.
Worth noting that it isn’t just “hacking WiFi”. You have to have the username and password associated with the car.
Yes, that was the “phishing” bit.
deleted by creator
Fewer things have been better established than the fact that yes, absolutely, without hesitation: we would download a car.
mr krabs i have an ideaaaaa
It’s gotten to the point that whenever people see Teslas, they automatically start laughing.
Tesla also seems to have taken over the “douchebag driver” stereotype that used to be reserved for BMW’s and Mercedeses.
its always been lexis for my area.
Pickups with Michigan plates here in Ohio.
Everyone from Ohio anywhere else. ;)
whenever people see Teslas, they automatically start laughing
I dunno, I’m a school bus driver and little boys (like, grades 1-8) always go apeshit when they see a Tesla (or a Ferrari or Lamborghini as well). And a lot of adults still seem to be buying them.
So, children and adults that never mentally matured past 8th grade still think they’re cool. Can’t argue with that.
I hate the company, but where I live the drivers are definitely undeserving of general condemnation. Altimas, on the other hand…
Agreed on the driver stereotype. Here in the SF Bay Area Teslas are abundant on the roads and a good 60-70% of their drivers are absolute shit.
If they weren’t all so abysmally bad at handling their cars, maybe I’d have a different take. I swear that I get cut off, stuck behind, blocked by, or otherwise inconvenienced for dumb reasons by Teslas every time I drive.
It’s like despite all the cameras, they have zero spatial awareness. Or it’s a direct reflection of what’s in their head.
I’m not disagreeing, but having driven a Tesla for a couple weeks-- it’ll make a good driver look bad every time. Turning radius is surprisingly bad. Normal (through the window/mirror) visibility is bad. Handling is super weird and probably unlearnable in the default settings because the car seems to be constantly “correcting” your inputs even when not in autopilot. The default break style gives me motion sickness even when I’m the one driving. And the turn signals-- you just don’t know how long they’ll stay on, so I did start to feel reluctant to use them?
Interesting take. Thanks.
Do you think that embarrassment of the purchase, ignorance of what’s good, or status prevent more buyers from talking about that? As a person who enjoys the act of driving (though not the experience of driving in this city), I should see if I can get behind the wheel of one and attempt to be objective.
Edit: relevant post. https://slrpnk.net/pictrs/image/ea297ad5-1e8f-45cd-abad-d2b50d53e2bf.webp
I do encourage you to rent one. I like driving, too, and I just didn’t think it was a good experience. But I didn’t really fool around with the programs. It’s interesting at least.
It’s possible drivers who care have figured it out, but there is at least a very large learning curve.
I have a 73 Porsche 914, it’s my second. I’ve had two 1970 Monte Carlos. Both vastly different vehicles, but both are extremely visceral cars. You’re extremely connected to the road and the vehicle.
There seems to be an abstraction layer with Teslas.
Renting one is a great idea.
Haha, you are orders of magnitude bigger driving enthusiast than myself! I’d be interested to know what you think of the Tesla.
Eh…
I hate to do it, but in fairness the worst drivers are going to be the first to adapt self driving cars.
The issue is Tesla misrepresents how “self driving” their cars are.
So idiots who are bad drivers think the car is a good driver. Because they’re comparing it to their own driving, and overestimate how good they are at it
It’s not just to my own driving. It’s compared to other cars around them and to other cars around me. I just as often see Tesla drivers do stupid things unrelated to me.
I was at the mountain snowboarding this weekend. Two Teslas attempted to drive up the road to park. Both got stuck in the same place, one after the other. Then, instead of backing up or getting out of the way, they just got out and walked to the resort lodge.
This is just idiotic behavior and I see it time and time again. Seattle, where I live, has one of the highest Tesla ownership percentages in the country.
I’m all for electric cars. I am trying to understand why Tesla drivers have so many morons behind the wheel.
There are a lot of roundabouts where i live and when i see a tesla, he’s either not using his turn signal or is on the phone or somehow very often both. Tesla people seem to be on their phone more often than other people in the road. Which is even weirder, because they all have that elaborate electronics on board, no?
HamCo?
I see them all the time near 37. You always gotta be careful around them.
It seems like the Mustang EV is selling better nowadays at least. I see just about as many of them on the road compared to Teslas. They at least seem to be pretty good drivers.
Tesla people seem to be on their phone more often than other people in the road.
I don’t know, I see people in all different makes of cars talking on their phones while driving - usually that weird shit where they’re holding it flat in front of their face and yelling into the mic. I’m a school bus driver and whenever somebody blows past my flashing lights (which happens a lot), 99% of the time they’re on their phone and not paying attention. One time I even had a cop do this.
Honestly, I was taught that you should not use a signal in a roundabout, especially when the exits are so tight it’s easy to get confused if someone turns it on too early. I see now though that it’s the law in my area when exiting and I’ll start using it. I’ll be in the minority here.
I’m still not going to enter a roundabout just because I see someone’s turn signal on. I never trust them when I’m the one merging into a lane.
Who can bothered with silly driving when there are calls to make? They only bought a Tesla to have an electronic chauffeur. Even though it’s not supposed to be used for that.
Only a few people at my workplace drive Teslas and let’s just say they have… specific types of personalities to them.
I live in the city and only really ever see them parked over the curb or in the sidewalk in front of a No Parking sign. At this point I’m honestly not even sure they’re capable of parallel parking.
I die inside whenever I call an Uber and a Tesla pulls up.
I’m relieved this is universal. I thought I was going crazy. I’ve actually begun to give them a ton of space on the road now. I’ll purposefully take a different road, or on the freeway, get over to right lane and slow down to get the fuck away from them. It seems like they are making a point to drive as terribly as possible. It’s fucking crazy.
The Watch Dogs series warned everyone.
But hey let’s put wifi in our heads right Elon?
This is just… Completely avoidable and a great example of XKCD’s take on cyber security.
Software engineers can be split into two groups: those who aspire to own a Tesla, and those who aspire to replacing every digital appliance they own with an analog alternative
And which is better?
Aaaaaahh! Wear gloves! Burry it in the desert!
Kia Boys are moving up in the world.
Well, it’s not like you can smash the windows in a Tesla… even if you’re trying to save someone’s life apparently.
That turret defense system is intense
Aah yes, just to prevent… touching your door knob?
That’s not what ‘keyless entry’ means. You still have to open your door, you just don’t need to press a button to unlock it first.
I would download a car - unless it’s a Tesla. I do have standards, you know.
haha
Somebody should seriously scare Elmo shitless by this method lol 😂
