Technology

58348 readers

3979 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

113

Flaw in Kia’s web portal let researchers track, hack cars (arstechnica.com)

submitted 4 days ago by return2ozma@lemmy.world to c/technology@lemmy.world

10 comments fedilink hide all child comments

top 10 comments

sorted by: hot top controversial new old

[–] futatorius@lemm.ee 8 points 2 days ago

The comical part was that anyone could go through a completely vanilla registration workflow and become a registered dealer. What the hell were they thinking?

[–] scytale@lemm.ee 6 points 4 days ago* (last edited 4 days ago) (2 children)

I was gonna say they still need the fob for the car to actually drive it, but saw it mentioned in the article. I don't have a Kia (used to, but traded it in because of the immobilizer shit), but my car right now has an app to remote-start, but the car itself won't let you drive it if you don't have the fob on you while sitting in the driver's seat.

The group’s web-based Kia hacking technique doesn’t give a hacker access to driving systems like steering or brakes, nor does it overcome the so-called immobilizer that prevents a car from being driven away, even if its ignition is started. It could, however, have been combined with immobilizer-defeating techniques popular among car thieves or used to steal lower-end cars that don't have immobilizers.

But yes, that's just bad security.

[–] futatorius@lemm.ee 1 points 2 days ago* (last edited 2 days ago)

2FA where one of the factors is Bluetooth to the fob might be OK, assuming the Bluetooth link is secured in some way.

[–] schizo@forum.uncomfortable.business 7 points 4 days ago

It's still mindboggling that Kia sells any cars without immobilizers.

I get they're cheap cars and the way they're cheap is to skimp on everything but uh, maybe that's not the right place to skimp?

[–] kusivittula@sopuli.xyz 42 points 4 days ago (2 children)

internet connection is not a thing a car should even have

[–] futatorius@lemm.ee 3 points 2 days ago

It's not a thing a car should require, and even for nice-to-have value-add features, it should be tightly secured, not only from external access but from the manufacturer.

[–] jqubed@lemmy.world 13 points 4 days ago (1 children)

They can bring some nice benefits like remote starting in cold (or hot) climates, but there needs to be much better design to minimize the exploitability of these systems.

[–] TimeSquirrel@kbin.melroy.org 20 points 4 days ago (1 children)

We had remote starters in the 80s, they didn't need Internet access, they were a completely local wireless solution, just like old wireless garage door openers.

[–] Zorsith@lemmy.blahaj.zone 9 points 4 days ago* (last edited 4 days ago) (1 children)

Remote starters that can reach from inside an office building to a distant end of a parking lot are underrated. I had this for about 6 months before the 3g network was shut down. Now, I'm limited to the range of a keyfob.

Not to mention scheduled starts: say, 10 minutes before you have to drive to work, to make brushing snow off a car much faster, or 10 minutes before you leave work so you don't give yourself a good sear on a random piece of metal in your car in the middle of summer.

[–] FrederikNJS@lemm.ee 4 points 3 days ago

Agree on both parts, but the second part can still be achieved from an unconnected car, you just can't do it remotely