SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow4408
A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking. Daan Keuper and Thijs Alkemade, security researchers with Computest, said they successfully tested their findings and exploit chains on Volkswagen Golf GTE and Audi A3 Sportback e-tron models (Audi is a brand part of the Volkswagen Group).
The two researchers said used a car's WiFi connection to exploit an exposed port and gain access to the car's IVI, manufactured by electronics vendor Harman. Researchers also gained access to the IVI system's root account, which they say allowed them access to other car data.
"Under certain conditions attackers could listen in to conversations the driver is conducting via a car kit, turn the microphone on and off, as well as gaining access to the complete address book and the conversation history," Computest researchers said. "Furthermore, due to the vulnerability, there is the possibility of discovering through the navigation system precisely where the driver has been, and to follow the car live wherever it is at any given time," researchers added.
Original Paper: The Connected Car Ways to get unauthorized access and potential implications
(Score: 2) by Grishnakh on Wednesday May 02 2018, @02:08PM (7 children)
I have a Volkswagen and it has a lot of silly crap. Like you can't read the odometer without starting the engine, because digital is cool.
Are you sure? Every car these days has a digital odometer, but you can usually see it by turning the car on (without starting the engine; on a keyless car you normally do this by keeping your foot off the brake, and pressing the "start" button twice).
(Score: 2) by Justin Case on Wednesday May 02 2018, @02:17PM (6 children)
I can't swear that your procedure (or something equally convoluted) would not work. After all, testing every possible combination of inputs can be quite a chore.
But I hope you aren't going to argue that it is an "intuitive" user interface, or even well designed*. Beginning the "start engine" sequence without applying the brake first? Insane!
* As opposed to, you know, merely looking at the mechanical odometer. Works anywhere, anytime, no matter what mode unrelated parts of the car may be in. OK, perhaps other than total wreckage. Which is what you're going to get if your car unexpectedly lurches into motion when you were just trying to read the odometer.
(Score: 0) by Anonymous Coward on Wednesday May 02 2018, @02:37PM (1 child)
> Beginning the "start engine" sequence without applying the brake first? Insane!
If it's in Park or Neutral, then this is far from insane. On my older car I turn the key to start the engine and as long as it's in Park or Neutral it starts right up. Another older car has manual transmission and this has a clutch interlock--clutch pedal must be pushed before the starter runs (but no brake application required).
I agree that digital odometers are a nuisance if they can't be read with the car turned off. I have vague memories of one that used a reflective LCD, this could be read (faintly) without the backlight (car turned off), when ambient lighting conditions were correct.
(Score: 3, Insightful) by Justin Case on Wednesday May 02 2018, @03:22PM
But how do you know it's in Park or Neutral?
I mean sure, you pushed the lever, and the pretty light came on, so you think it is probably in park, but you are no longer in control of the car, the computers are. And it will do as it decides which totally may or may not be what you commanded or even expected due to a confusing user interface.
"But software never malfunctions!"
Please refresh your memory regarding the topic of the present discussion.
(Score: 2) by schad on Wednesday May 02 2018, @04:42PM (2 children)
For goodness sake. There are plenty of legitimate reasons to dislike push-to-start. You don't need to go making up these ridiculous ones.
I wouldn't say "insane," but certainly it's not something you should do except under very rare circumstances (push-starting a car with a manual transmission). To make a computer analogy, what you are doing is relying on unspecified behavior. You're exploiting the fact that some "APIs" will tolerate certain things, and then complaining when future versions do not. The problem is not with the API, it's with you.
Going back to cars specifically, this is clearly a legitimate safety feature. The only reason cars haven't always operated this way is simply that nobody has thought of it, or we, until fairly recently, lacked the technology to implement it reliably and affordably across all model lines. (I'm pretty sure I ran across the "won't start unless in park and with foot on brake" feature on luxury cars made in the 80s. Maybe an '88 300SEL?)
Yeah, you're right. They should probably put a safety feature in that prevents the car from starting unless you're stepping on the brakes. Oh, wait...
(Score: 3, Interesting) by bob_super on Wednesday May 02 2018, @05:26PM
The stupidest part about the shitty clutch/brake requirement, is that many cars have remote start. So, if a sentient being is sitting at the controls, you need extra safety, but if you push a button accidentally while storing your coat inside the house, or playing with the phone app 100 miles away, that nerfing is not required ?
(Score: 2) by Justin Case on Wednesday May 02 2018, @08:58PM
I'm not saying the safety feature should not exist. I'm saying you should not be required to bet your life (or your undamaged car) on it, merely so you can check the odometer.
Belt and suspenders. Defense in depth, especially where life, injury, or large financial damage are on the line.
But for FSM's sake do not train people to start the car without pressing the brake, because the safety feature will probably save your ass.
(Score: 2) by Osamabobama on Wednesday May 02 2018, @07:49PM
My Volkswagen (c. 2014) activates the odometer display when the driver's door is opened with the engine off. I haven't timed how long it stays on, but it will turn itself off again a short time after the door is closed.
Appended to the end of comments you post. Max: 120 chars.