| ▲ | tamimio 6 days ago |
| Car manufacturers are like automation/control manufacturers; they existed before cybersecurity and never caught up to the pace. If you ever audited any SCADA system, you will see nightmares. For cars, some new models of popular brands (not specifying any), you can access the CANbus from the headlight where you can reprogram the ECM to your new key. It's that simple to "own" a modern car. |
|
| ▲ | dfex 6 days ago | parent | next [-] |
| PREACH! Currently sitting in a control room at a greenfield manufacturing facility trying to describe why even VLANning the control network would be a good idea to some controls engineers who want a plant-wide subnet for all PLCs that will be remotely supported by 6 different vendors. The struggle is real |
| |
| ▲ | protocolture 6 days ago | parent | next [-] | | Loosely aware a controller manufacturer who wanted a bluetooth/wifi based password recovery utility with a fixed or predictable recovery key. They were asked what their exposure would be if someone walked into a datacenter and used their phone to disable all the airconditioning systems. | |
| ▲ | giantg2 6 days ago | parent | prev [-] | | Do they want the passwords for all their systems to match so they don't need to remember as many? | | |
| ▲ | dfex 6 days ago | parent [-] | | My suspicion is that they want all the passwords on this site to match the one they use with all their other customers too. Saves money on password management. |
|
|
|
| ▲ | Terr_ 6 days ago | parent | prev | next [-] |
| > It's that simple to "own" a modern car. On the other hand, it's been a great excuse for a hobby project with 12V relays and learning how to write code for an ESP32. :P I still haven't yet figured out which CAN-bus to tap and which undocumented byte-messages to interpret... but entering the Konami Code on the steering wheel to unlock the ignition is quite plausible. Or an NFC/RFID tag over a hidden reader, or an active bluetooth connection to my phone, etc. Whatever the case, quite enough to stop the average thief that would target a cheaper vehicle like my own. You could also skip the ESP32, and have a purely analog switch tucked away. |
| |
| ▲ | waste_monk 6 days ago | parent [-] | | >but entering the Konami Code on the steering wheel to unlock the ignition is quite plausible. The left, right, left, right part I can see, but surely up, up, down, down, would be difficult on most steering wheels :) | | |
| ▲ | reorder9695 6 days ago | parent [-] | | What about media controls? My steering wheel anyway has up and down buttons for skip songs |
|
|
|
| ▲ | bbarnett 6 days ago | parent | prev [-] |
| I've seen one-manufacturer, 2024 models at least, which requires two keys in range, before a third key may be programmed. Good idea, don't know how effective it is in reality. |
| |
| ▲ | bayindirh 6 days ago | parent | next [-] | | Needing two keys for a third one is not new. My 25 year old car needs two keys for adding the third, old Fiats has “red master” keys which are also required during adding keys. | | |
| ▲ | serf 6 days ago | parent | next [-] | | Honda/Acura/Toyota have used similar systems for years; this is one of the reasons why cloning a key costs less flagged hours than making a new one for an owner that lost all of them : when you lose all of them you need to get the actual computer out and pair it with the ecm directly, when you clone them there is a ritual that can be done with the other keys+ the new one. | | |
| ▲ | tonyarkles 6 days ago | parent [-] | | > ritual I cannot think of a better word to describe the process. The ritual may involve some chanting. Thank you for that :D | | |
| |
| ▲ | dzhiurgis 6 days ago | parent | prev [-] | | Man wish we could copy that key onto smartphone (Apple needs to add flipper zero's tech to iPhone) for easy keyless access. | | |
| |
| ▲ | rootusrootus 6 days ago | parent | prev [-] | | That's common, and it's often a bit stricter. E.g. my Ford Lightning has a pocket you have to put the fob into for this kind of activity. For certain things you need both fobs, so you do one, and then the other, as part of a sequence in the programming. Just being in range isn't good enough. |
|
