SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow4408
A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking. Daan Keuper and Thijs Alkemade, security researchers with Computest, said they successfully tested their findings and exploit chains on Volkswagen Golf GTE and Audi A3 Sportback e-tron models (Audi is a brand part of the Volkswagen Group).
The two researchers said used a car's WiFi connection to exploit an exposed port and gain access to the car's IVI, manufactured by electronics vendor Harman. Researchers also gained access to the IVI system's root account, which they say allowed them access to other car data.
"Under certain conditions attackers could listen in to conversations the driver is conducting via a car kit, turn the microphone on and off, as well as gaining access to the complete address book and the conversation history," Computest researchers said. "Furthermore, due to the vulnerability, there is the possibility of discovering through the navigation system precisely where the driver has been, and to follow the car live wherever it is at any given time," researchers added.
Original Paper: The Connected Car Ways to get unauthorized access and potential implications
(Score: 2) by schad on Wednesday May 02 2018, @04:42PM (2 children)
For goodness sake. There are plenty of legitimate reasons to dislike push-to-start. You don't need to go making up these ridiculous ones.
I wouldn't say "insane," but certainly it's not something you should do except under very rare circumstances (push-starting a car with a manual transmission). To make a computer analogy, what you are doing is relying on unspecified behavior. You're exploiting the fact that some "APIs" will tolerate certain things, and then complaining when future versions do not. The problem is not with the API, it's with you.
Going back to cars specifically, this is clearly a legitimate safety feature. The only reason cars haven't always operated this way is simply that nobody has thought of it, or we, until fairly recently, lacked the technology to implement it reliably and affordably across all model lines. (I'm pretty sure I ran across the "won't start unless in park and with foot on brake" feature on luxury cars made in the 80s. Maybe an '88 300SEL?)
Yeah, you're right. They should probably put a safety feature in that prevents the car from starting unless you're stepping on the brakes. Oh, wait...
(Score: 3, Interesting) by bob_super on Wednesday May 02 2018, @05:26PM
The stupidest part about the shitty clutch/brake requirement, is that many cars have remote start. So, if a sentient being is sitting at the controls, you need extra safety, but if you push a button accidentally while storing your coat inside the house, or playing with the phone app 100 miles away, that nerfing is not required ?
(Score: 2) by Justin Case on Wednesday May 02 2018, @08:58PM
I'm not saying the safety feature should not exist. I'm saying you should not be required to bet your life (or your undamaged car) on it, merely so you can check the odometer.
Belt and suspenders. Defense in depth, especially where life, injury, or large financial damage are on the line.
But for FSM's sake do not train people to start the car without pressing the brake, because the safety feature will probably save your ass.