508

Hacking Kia: Remotely Controlling Cars With Just a License Plate. (samcurry.net)

submitted 1 day ago by 101@feddit.org to c/technology@lemmy.world

130 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[-] Corno@lemm.ee 11 points 3 hours ago* (last edited 3 hours ago)

Why does a car need to be connected to the internet? A reliable rule of conduct in aeronautics is that systems which are deemed critical to safety are air gapped from the systems which are connected to the internet, so in the event that those systems are compromised by malware or hackers, the safety critical systems won't also be compromised.

Why is it seemingly taking automotive manufacturers so long to catch on to this principle? Before anyone mentions downloadable features, I do not see that as a means of justification. Like with videogames, if you're paying good money for a product, that product should already be finished by release. Hiding content that should already exist on a car is egregious and the normalisation of it incentivizes manufacturers to release vehicles that are incomplete and should not have been released in their current state.

[-] njordomir@lemmy.world 5 points 3 hours ago

This is my car, I have a stereo with entertainment features. My mileage, drive time, fuel economy, and anything related to the systems of the car, shows up on a separate display strip. To the best of my knowledge, the stereo cannot control the car in any way. Its just there to play music for me. I dread the day I have to replace this car. I may just buy an old pre-telemetry 4x4. The roads around here have gotten too bad for a hatchback anyway.

[-] Corno@lemm.ee 4 points 2 hours ago

Yup, that's how it should be across the board. That's how it is with modern airliners. The redundancy of having each system be controlled by multiple computers is nullified if a hacker can get to control all of them, including the ones which are safety critical, just by hacking one. I honestly don't blame you, I love the internet but there really are situations where something really doesn't need to be connected to the internet.

[-] JustZ@lemmy.world 15 points 4 hours ago

This is why you have to install the latest software updates on your license plate. One time I let my gas cap firmware get outdated and someone downloaded my car.

[-] njordomir@lemmy.world 2 points 2 hours ago* (last edited 2 hours ago)

$ wget kiasorrento. sh

...looks like it's my car now. 😈😆

[-] gravitas_deficiency@sh.itjust.works 4 points 9 hours ago

smiles contentedly in 2003 1.8T Jetta 5MT

[-] exanime@lemmy.world 1 points 3 hours ago

Agreed. But I am getting more and more concerned we won't always be able to keep or buy an old car and avoid these pitfalls

I'm likely 3 to 6 years away from having to buy a new/used car and I don't think il be able to (or actually want) a 20 year old car

[-] gravitas_deficiency@sh.itjust.works 3 points 3 hours ago

Yeah I have to replace the suction side AC line on mine and the OE part alone is about 350-400 and absolutely impossible to find 💀

[-] jabjoe@feddit.uk 19 points 13 hours ago

This is the problem with digital serfdom, those lording it over us aren't perfect either. Not only should we be able to connect our cars to our own server, we should be able inspect provided server implementation to see if it's a bag of nails.

[-] raspberriesareyummy@lemmy.world 5 points 3 hours ago

aren't perfect either

You misspelled "are fucking morons" :)

[-] MaskedPanda@sh.itjust.works 38 points 22 hours ago

FYI: From the article: “These vulnerabilities have since been fixed, this tool was never released, and the Kia team has validated this was never exploited maliciously.”

[-] exanime@lemmy.world 2 points 3 hours ago

Well I wouldn't really trust kia, who released these gaping vulnerabilities and benefit the most from pretending ain't no big thing, with these statements

[-] NotMyOldRedditName@lemmy.world 9 points 23 hours ago* (last edited 23 hours ago)

I know the majority of you hate Tesla, but security is something they do take more seriously. They even take part in pwn2own to help find vulnerabilities.

All auto manufacturers should be taking part in that.

Nothing like winning a car to get people to try and break into it publicly.

Edit: Also details on the 2025 event in January just recently announced. https://www.zerodayinitiative.com/blog/2024/9/23/announcing-pwn2own-automotive-for-2025

[-] exanime@lemmy.world 4 points 3 hours ago

We hate Elon, Tesla is Ok

[-] NotMyOldRedditName@lemmy.world 2 points 2 hours ago* (last edited 2 hours ago)

There's a portion that only hate Elon and not Tesla, but there's a lot of Tesla hate out there as well, and there has been since even before Elon publicly went off the deepend.

Some of that might be decisions that Elon made for Tesla, but it's still at Tesla.

Edit: but I will take your point and say my use of majority in my OP wasn't correct as the majority here is about Elon.

[-] CeeBee_Eh@lemmy.world 13 points 18 hours ago

I have my money on Tesla being the first cloud-connected car (that phrase shouldn't exist) to be hacked and push a malicious firmware that will cause all cars to simultaneously activate self driving and to pull a hard left at a specific time (time bomb).

[-] NotMyOldRedditName@lemmy.world 6 points 18 hours ago* (last edited 18 hours ago)

You should watch - Leave the World Behind

You might be right, but I don't think it'll be because their cars are the easiest to hack, it'll be because they have the most cars out there capable of doing this and it'd be more impactful attack if successful.

(edit: Also they'd be able to exert the most control on their cars with the software/sensors available today at scale. E.g they could more easily have the car drive around until it finds a pedestrian to hit)

(edit: Further, you can make the most changes to a Tesla as they have one of the more (or probably most) advanced OTA update capabilities)

They are definitely a prime target.

[-] cordlesslamp@lemmy.today 3 points 18 hours ago

I also love how Tesla engineers pay attention to small quality-of-life things like racing games to play while you wait for charge using the wheel as controller, using the built-in 360 camera as dashcam and parking monitor.

[-] mctoasterson@reddthat.com 92 points 1 day ago

Yeah... fuck this shit. This is part of the reason I still drive a nearly 20 year old vehicle. It has features I want, and can't be stolen via fucking API calls. Absolute insanity.

I think Hyundai/Kia group has done unfathomable damage to their brands. Kia, despite being a budget brand, wants to be seen as a legit competitor to Toyota or at least Nissan. Their corner cutting with the immobilizers and the resulting "USB" theft shit was bad enough. Now this exploit.

[-] chakan2@lemmy.world 23 points 1 day ago

They're just terrible cars. I've had two...they were great until they weren't. I literally had a screw fall out of the headliner the other day bringing it home from a nearly 1000$ exhaust patch/repair. It's not 10 years old yet and only has 60k miles.

The other one has had the engine replaced already (under warranty thank god).

We are likely replacing both of them next year. I'm never buying a Kia again.

[-] tyler@programming.dev -4 points 7 hours ago

The stats disagree with you, so your anecdotes don’t really mean anything…

[-] chakan2@lemmy.world 4 points 4 hours ago

Um...sure Kia marketing sure

There's a reason the resale value is so cheap.

[-] chemicalprophet@lemm.ee 6 points 1 day ago

My Toyota with 300k+ miles has cost me $285 in repairs minus maintenance costs. I’ll likely get at least another 100k. Just placing these goalposts here…

load more comments (20 replies)

load more comments

this post was submitted on 26 Sep 2024

508 points (98.1% liked)

Technology

58287 readers

4294 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS