Bug let researchers track millions of cars, unlock doors, and start engines at will.
  • futatorius@lemm.eeEnglish
    8·
    2 天前

    The comical part was that anyone could go through a completely vanilla registration workflow and become a registered dealer. What the hell were they thinking?

    • futatorius@lemm.eeEnglish
      3·
      2 天前

      It’s not a thing a car should require, and even for nice-to-have value-add features, it should be tightly secured, not only from external access but from the manufacturer.

    • jqubed@lemmy.worldEnglish
      163·
      4 天前

      They can bring some nice benefits like remote starting in cold (or hot) climates, but there needs to be much better design to minimize the exploitability of these systems.

      • TimeSquirrel@kbin.melroy.org
        233·
        4 天前

        We had remote starters in the 80s, they didn’t need Internet access, they were a completely local wireless solution, just like old wireless garage door openers.

        • Zorsith@lemmy.blahaj.zoneEnglish
          9·
          4 天前

          Remote starters that can reach from inside an office building to a distant end of a parking lot are underrated. I had this for about 6 months before the 3g network was shut down. Now, I’m limited to the range of a keyfob.

          Not to mention scheduled starts: say, 10 minutes before you have to drive to work, to make brushing snow off a car much faster, or 10 minutes before you leave work so you don’t give yourself a good sear on a random piece of metal in your car in the middle of summer.

          • FrederikNJS@lemm.eeEnglish
            4·
            4 天前

            Agree on both parts, but the second part can still be achieved from an unconnected car, you just can’t do it remotely

  • edric@lemm.eeEnglish
    6·
    4 天前

    I was gonna say they still need the fob for the car to actually drive it, but saw it mentioned in the article. I don’t have a Kia (used to, but traded it in because of the immobilizer shit), but my car right now has an app to remote-start, but the car itself won’t let you drive it if you don’t have the fob on you while sitting in the driver’s seat.

    The group’s web-based Kia hacking technique doesn’t give a hacker access to driving systems like steering or brakes, nor does it overcome the so-called immobilizer that prevents a car from being driven away, even if its ignition is started. It could, however, have been combined with immobilizer-defeating techniques popular among car thieves or used to steal lower-end cars that don’t have immobilizers.

    But yes, that’s just bad security.

    • futatorius@lemm.eeEnglish
      1·
      2 天前

      2FA where one of the factors is Bluetooth to the fob might be OK, assuming the Bluetooth link is secured in some way.

    • schizo@forum.uncomfortable.businessEnglish
      81·
      4 天前

      It’s still mindboggling that Kia sells any cars without immobilizers.

      I get they’re cheap cars and the way they’re cheap is to skimp on everything but uh, maybe that’s not the right place to skimp?