GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Dave Rahardja (drahardja@sfba.social)'s status on Sunday, 01-Sep-2024 05:07:11 JST Dave Rahardja Dave Rahardja

    These guys tracked down an expert car thief and got him to explain how he can steal cars in under 30 seconds.

    tl;dr: Most modern cars contain well-known software vulnerabilities that are accessible through the OBD2 connector. Unscrupulous Chinese manufacturers have cataloged and automated these exploits using tablets and OBD2 adapters, and you can buy these tools freely and legally online. You may need a blank key fob from the right manufacturer, but the app literally automates the job.

    Car makers have been shipping vulnerable software for decades without consequence (car owners and dealerships end up paying for theft, not manufacturers), and they continue to do so. Only Ford appears to be improving their security.

    #cars #cyberSecurity

    https://www.youtube.com/watch?v=YS2K_quFWuY

    In conversation about 11 months ago from sfba.social permalink

    Attachments


    1. The Most Wanted Car Thief in America
      from Tommy G
      Big Dog Merch: https://tommygmcgee.com/Patreon Exclusive Clips: https://www.patreon.com/tommygmcgeeMBox (Rapper)Instagram | https://www.instagram.com/whereis...
    • feld repeated this.
    • Embed this notice
      Nameless Individual (mvocc@mastodon.world)'s status on Sunday, 01-Sep-2024 05:26:34 JST Nameless Individual Nameless Individual
      in reply to

      @drahardja I can confirm this! I literally flew to Dearborn, MI, met with the CTO, CSSO, and Engineers of Ford at their HQ, and showed them irrefutable proof of errors and vulnerabilities in their OBD-II data. Engineers from Magneti Marelli were there, too. Ford got Magneti to fix ALL of what I uncovered. The fix was pushed out to their entire CrewChief fleet customers. This was circa 2014.

      In conversation about 11 months ago permalink
    • Embed this notice
      Nameless Individual (mvocc@mastodon.world)'s status on Sunday, 01-Sep-2024 05:26:52 JST Nameless Individual Nameless Individual
      in reply to

      @drahardja The plus side though is that they have a matrix of ALL the VINs affected. If an affected car is taken to a dealership for an oil change or whatever and the VIN is on the list, the dealership's computer will tell the tech to hook up a device and update the firmware. The update only takes a minute and can be done while they're doing the oil change or whatever. Also, the updates are non descriptive. I.e., "regular annual update/feature enhancement"

      In conversation about 11 months ago permalink
      feld likes this.
    • Embed this notice
      Nameless Individual (mvocc@mastodon.world)'s status on Sunday, 01-Sep-2024 05:26:53 JST Nameless Individual Nameless Individual
      in reply to

      @drahardja The CrewChief fix was relatively easy because those vehicles have telematics. We could push out an OTA firmware update through the cellular network and update the Magneti units and ECUs remotely.
      Things are different, though, if we're talking about a personal car driven by mom, dad, or your friends. Without cellular telematics, that update needs to be done at a dealership through a physical cable connected to the car's computer.

      In conversation about 11 months ago permalink
    • Embed this notice
      feld (feld@friedcheese.us)'s status on Sunday, 01-Sep-2024 05:27:38 JST feld feld
      in reply to
      @drahardja If you have car insurance that requires you plug in a device into the OBD2 to track your driving you're screwed tho
      In conversation about 11 months ago permalink
    • Embed this notice
      Dave Rahardja (drahardja@sfba.social)'s status on Sunday, 01-Sep-2024 05:27:39 JST Dave Rahardja Dave Rahardja
      in reply to

      I suspect that removing 12V power in the OBD2 port is enough to foil most of these tools. The adapters I saw in the video all seem to require 12V power to boot up and operate—I suspect this is because they have to generate 12V pulses to communicate on the CANBus. Maybe there’s an OBD2 power fuse you can pull. That would be a pretty cheap way to protect your car from thieves.

      Just don’t forget to put the fuse back in when you smog your car.

      In conversation about 11 months ago permalink
    • Embed this notice
      Dave Rahardja (drahardja@sfba.social)'s status on Sunday, 01-Sep-2024 05:30:19 JST Dave Rahardja Dave Rahardja
      in reply to
      • feld

      @feld I won’t plug those in for other reasons, so no problem for me.

      In conversation about 11 months ago permalink
      feld likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.