Everything is crackable, I bet the software in the car is as cheaply made as everything else
Worse, generally. Car manufacturers are completely awful with privacy and also very bad at security.
this subscription involves a mobile plan and access to a backend service though
So you're PAYING for the vulnerabilities this time?
It's kinda depressing to see bunch of people who support the subscription model in my post comments for something that you already paid & own
As they pointed out in your original post, it's not, "the subscription model...for something that you already paid & own." This isn't subscription seat warmers, it's paying for an additional service outside the car. You can argue it's too expensive, but without their internet connection and servers, these features wouldn't be possible.
Remote start has been around for well over a decade and did not require internet or a subscription. If you just subscribe and use the feature then clearly the neccesary equipment for remote start is already installed and you paid for that equipment regardless if you use the subscription service.
@FireRetardant @n2burns Remote start can mean different things. I'd hope a subscription based one was via a server and works where normal direct RF fobs wouldn't (like from another country).
If it is just direct RF based remote start that shouldn't be a subscription.
So what happens when your car has no cell service? Or you don't own a phone that supports the app? The only use case I can see is long distance remote start but I'm struggling to determine why someone would reasonably need that.
The only reasons they went away from RF is to justify subscriptions and further push the smart device trend where everything can connect to your phone.
RF range is very limited and there is no feedback of success/failure or current state. My neighbour's RF remote start wouldn't work through 2 townhouses. It also doesn't work from high-rises or office building.
How often do you lose cell reception in a parking lot? (Mostly open space with few things to interfere with cell signal).
You are aware that there are rf solutions that provide feedback? Not saying range limitations don't exist, but there are solutions that claim to provide a fair reach.
@n2burns @FireRetardant Basement car parks can be pretty bad for connectivity.
There's no need to host servers for 99% (maybe 100%) of this stuff. All the remote start features can be done through a direct connection between your phone and car. There's no need for a third computer to be involved, except to check if you've paid for it. As long as your car has wifi access (or phone network access, which would need to be paid for) then it can communicate with other devices on the network/internet. Sure, you still have to pay for the internet, but that's paid to the ISP, not the car company.
Features like this really do require a subscription model. This isn’t enabling remote start by pressing a key on your fob. This is sending a request to a server, which connects to a cell tower to broadcast signal saying “turn on this car”. That stuff ain’t free. Someone has to pay AT&T for the data connection.
What BMW was (is?) doing is abhorrent. You’re buying a car with heated seats, and you have to subscribe to hit the button.
Features like this really do require a subscription model. This isn’t enabling remote start by pressing a key on your fob. This is sending a request to a server, which connects to a cell tower to broadcast signal saying “turn on this car”. That stuff ain’t free. Someone has to pay AT&T for the data connection.
Only because they unethically intentionally designed it that way, when they could've just as easily picked a different design that could've worked entirely locally. They are inventing excuses for rentiership.
They almost always do offer a key fob based remote start option in addition to their app based remote start.
Well, the manufacturer rarely does but the dealership often tries to sell them as an added revenue stream.
They vary from OK to dreadful. But it's still an option vs this remote services system if you don't like it.
Also the added bonus of collecting data to sell too
IMHO, It makes sense though. Piracy and open source are two approaches to attacking the enclosure of public (intellectual) space. Roads for cars are literally an enclosure of public space. The subscription model just extends from this logic.
Edit: These are also things that make sense because the car has to have cell service via a provider.
These are things that need a subscription, though... These are remote features that require internet connectivity and application serving. Things that don't just come with a one-time fee. These are actual services being provided by Kia or Hyundai. This isn't the same as putting a hardware feature of your car behind an arbitrary pay wall.
149 to send a ping to locate a car? For an API call to lock unlock? How many API calls are worth 149 per year? In which world?
Make the car cost £400 more, once, when it's bought first hand. That will cover any costs for the lifetime of the vehicle. There you go, chuck the subscription in the sea.
These are software features that need an open, secure API.
yeah, i agree. it costs them money so there's little to no incentive to run that stuff for free.
also the price is reasonable (about as much as a single Nano ec2 instance on aws + mobile plan that's required to connect the car to the internet) and pretty much negligible when compared to amount of money you'll be spending on that vehicle anyway.
then there are privacy concerns tho. do you trust kia with knowledge of your exact car location, 24/7? (I'd assume it doesn't connect to their servers without the subscription?)
also that information (Exact location of all kia vehicles, with exact model numbers and registration information) seems like a goldmine for car thieves if leaked (or accessed by a third party.)
also, fuck heated seat other hardware/local software subscriptions
Don't worry there will be some vulnerability with the CPU that they wouldn't be able to patch out fully.
In the end we are in cat & mouse situation
Vulnerability found > hacker cracked it > car company figure it out > vulnerability get patched
It's same issues with John Deere tractor, from what i heard many farmer hire bunch of hacker to crack the software
Yeah i hope this just strengthens these licenses. ive heard about john deer being hacked at dfcon but man these companies are scummy.
you're paying for a backend service and a constant internet connection for your car here though, not for some client side feature that can be easily unlocked
I mean some people figured out how to crack a tesla to enable all the features including the secret "Elon" mode so.
Curious, what was the "secret Elon Mode" about?
Full self-driving without driver monitoring.
Which is just fantastically dangerous and poorly advised. Very appropriate for it to be called "Elon mode," if nothing else.
It really is appropriate
But the script that crack it never released in public AFAIK
Maybe we need to wait & lurking for some time untill the script finally release in public
there is no real script to do it. They released the full research paper on it and basically you pull part of the infotainment system low as it boots and it opens the maintenance menus that allow you to grant entitlements. It's a 100% physical attack. It also probably gets reversed every so often as mothership "detects problems" with your tesla.
Hell yeah! Fuck car dependent infrastructure!
Vote with your wallet.
Congratuations, you've fallen for the propaganda. That sentiment is nothing more than corporate astroturfing against effective regulation.
I remember back in the old days when remote start was a thing you paid someone to install in your car and, in those days, “remote climate” was remote start plus remembering to set it on high before your got out.
Subscriptions are dumb, you should be able to buy these outright, but there are people who can’t so 🤷🏻♀️
Edit: but for remote lock and alarm, those have been around for ages. That should come standard.
I think a lot of this conversation boils down to someone needing to make an ESP32 device that sits in your OBD port and can be addressed directly for those who have a car that can connect to your home WiFi. I feel like one of those already exists...
"You wouldn't download a car?"
If this isn't a lease then it will never hold up in any state court, John Deere and Apple already tried something similar to this over right to repair and lost miserably in every state it was tried in. I'm actually surprised they tried this after the epic payout John Deere had to make after the class action lawsuit against them.
Fuck Cars
This community exists as a sister community/copycat community to the r/fuckcars subreddit.
This community exists for the following reasons:
- to raise awareness around the dangers, inefficiencies and injustice that can come from car dependence.
- to allow a place to discuss and promote more healthy transport methods and ways of living.
You can find the Matrix chat room for this community here.
Rules
-
Be nice to each other. Being aggressive or inflammatory towards other users will get you banned. Name calling or obvious trolling falls under that. Hate cars, hate the system, but not people. While some drivers definitely deserve some hate, most of them didn't choose car-centric life out of free will.
-
No bigotry or hate. Racism, transphobia, misogyny, ableism, homophobia, chauvinism, fat-shaming, body-shaming, stigmatization of people experiencing homeless or substance users, etc. are not tolerated. Don't use slurs. You can laugh at someone's fragile masculinity without associating it with their body. The correlation between car-culture and body weight is not an excuse for fat-shaming.
-
Stay on-topic. Submissions should be on-topic to the externalities of car culture in urban development and communities globally. Posting about alternatives to cars and car culture is fine. Don't post literal car fucking.
-
No traffic violence. Do not post depictions of traffic violence. NSFW or NSFL posts are not allowed. Gawking at crashes is not allowed. Be respectful to people who are a victim of traffic violence or otherwise traumatized by it. News articles about crashes and statistics about traffic violence are allowed. Glorifying traffic violence will get you banned.
-
No reposts. Before sharing, check if your post isn't a repost. Reposts that add something new are fine. Reposts that are sharing content from somewhere else are fine too.
-
No misinformation. Masks and vaccines save lives during a pandemic, climate change is real and anthropogenic - and denial of these and other established facts will get you banned. False or highly speculative titles will get your post deleted.
-
No harassment. Posts that (may) cause harassment, dogpiling or brigading, intentionally or not, will be removed. Please do not post screenshots containing uncensored usernames. Actual harassment, dogpiling or brigading is a bannable offence.
Please report posts and comments that violate our rules.