just_another_person@lemmy.world
on 23 Jan 17:56
nextcollapse
Something similar was found on another system by a certain Korean carmaker and silently patched. I’m positive these types of systems will all be exploited more in the future, and need to be completely overhauled. Cars should not be reachable entities on any sort of network, especially one without proper IAC restrictions. They should be consumers of said information at best, but even that will eventually be impersonated somehow. We have the potential for turnkey system with all the damn devices running around that can be used as a 3-key-minimum system to ensure proper identity, but that would be giving consumers TOO MUCH CONTROL 🤣
TimeSquirrel@kbin.melroy.org
on 23 Jan 18:33
nextcollapse
Simply removing the two-factor auth element which does nothing to access the main page underneath. I do that shit with newspaper paywalls. That is wild.
Also having a script in there that just resets a password no questions asked. WTF is going on with modern software development? It isn't just Subaru. It's almost everything in the last 15 years. Behind all the pretty lipstick, IT systems are jankier than ever.
For any aspiring programmers, remember, never ever assume the user is rational, expecting them to follow the rules. At least half of your user data-handling code should be validation and sanity checks. Code defensively.
Only someone who was never forced to outsource critical software to low pay companies basically sweatshoping software, thinks outsourcing is equal throughout the world. Everyone loses in that chain except the C type that shows nice numbers that quarter for a nice performance number. Meanwhile shit like the one above propagates like wildfire.
apocalypticat@lemmy.world
on 23 Jan 20:44
collapse
The scary part to me (noted in the article as well) is less the technical hack but more so the amount of data they are collecting.
Subaru had/has an ongoing issue where the telematics drains the battery while the car is parked, especially if it’s parked out of reach of cell towers. With the amount of data they are sending, it’s not surprising.
There is no need for the car to report its position whatsoever unless I request assistance.
At 38C3, there was a talk about Volkswagen - a German car manufacturer - that didn’t correctly secure the data it collected from its vehicles and what you can „learn“ from this data. The talk can be found here, it’s in German but there’s also an English translation in another audio layer
PalmTreeIsBestTree@lemmy.world
on 23 Jan 23:20
nextcollapse
I’m glad Starlink doesn’t work anymore on my older Subaru since it used 3G cell towers. To be specific, if any of you got a pre 2020 Outback, then you should not have to worry about this. I had a battery issue and the reason why is because my car was constantly searching for the towers and draining it. I ended up getting a free battery out of that ordeal though.
No idea if they respect it, but its a good idea regardless.
DarkFuture@lemmy.world
on 23 Jan 23:49
nextcollapse
The Starlink system is TRRAAAAAAAAAASH.
Shit is designed like shit and crashes/freezes all the time. A pop up you have to hit AGREE on pops up every time you turn on the car and you have to wait a solid 5 seconds before you can hit it. You have NO control over the touch screen until you do so. None of the physical buttons work either. So whatever volume you had your speakers at when you turned the car off is what you get for a solid 5 seconds when you turn the car on before you can turn the speakers down. What kind of shit for brains developers/engineers were responsible for that gem?
It is categorically awful. It’s really unfortunate that a bad touch screen system can basically eliminate a car for perspective buyers.
lunatic_lobster@lemmy.world
on 24 Jan 01:24
collapse
For anyone who has a Subaru and wants to get rid of this there is an aftermarket part you can install to bypass the telematics radio without losing access to any other features (if you just unplug it I think speakers stop working)
threaded - newest
Something similar was found on another system by a certain Korean carmaker and silently patched. I’m positive these types of systems will all be exploited more in the future, and need to be completely overhauled. Cars should not be reachable entities on any sort of network, especially one without proper IAC restrictions. They should be consumers of said information at best, but even that will eventually be impersonated somehow. We have the potential for turnkey system with all the damn devices running around that can be used as a 3-key-minimum system to ensure proper identity, but that would be giving consumers TOO MUCH CONTROL 🤣
Simply removing the two-factor auth element which does nothing to access the main page underneath. I do that shit with newspaper paywalls. That is wild.
Also having a script in there that just resets a password no questions asked. WTF is going on with modern software development? It isn't just Subaru. It's almost everything in the last 15 years. Behind all the pretty lipstick, IT systems are jankier than ever.
For any aspiring programmers, remember, never ever assume the user is rational, expecting them to follow the rules. At least half of your user data-handling code should be validation and sanity checks. Code defensively.
Subcontracted to Indian, Ucranian and other low income countries. You get what you pay for.
Just subcontracts in general. No need to bring any specific country into this.
Only someone who was never forced to outsource critical software to low pay companies basically sweatshoping software, thinks outsourcing is equal throughout the world. Everyone loses in that chain except the C type that shows nice numbers that quarter for a nice performance number. Meanwhile shit like the one above propagates like wildfire.
Check your “urcranium” bruh
Trust no-one, not even yourself.
Lowest bidder.
even worse, it’s a joke, but it’s true, the proof of concept is often also the final product
The scary part to me (noted in the article as well) is less the technical hack but more so the amount of data they are collecting.
Subaru had/has an ongoing issue where the telematics drains the battery while the car is parked, especially if it’s parked out of reach of cell towers. With the amount of data they are sending, it’s not surprising.
There is no need for the car to report its position whatsoever unless I request assistance.
At 38C3, there was a talk about Volkswagen - a German car manufacturer - that didn’t correctly secure the data it collected from its vehicles and what you can „learn“ from this data. The talk can be found here, it’s in German but there’s also an English translation in another audio layer
…ccc.de/…/38c3-wir-wissen-wo-dein-auto-steht-volk…
I’m glad Starlink doesn’t work anymore on my older Subaru since it used 3G cell towers. To be specific, if any of you got a pre 2020 Outback, then you should not have to worry about this. I had a battery issue and the reason why is because my car was constantly searching for the towers and draining it. I ended up getting a free battery out of that ordeal though.
Here’s the list. Looks likes its mainly models up to 2018. Your 2020 is likely still affected.
Mine is an 18.
Subaru data opt out page from the eff:
www.subaru.com/support/consumer-privacy.html
No idea if they respect it, but its a good idea regardless.
The Starlink system is TRRAAAAAAAAAASH.
Shit is designed like shit and crashes/freezes all the time. A pop up you have to hit AGREE on pops up every time you turn on the car and you have to wait a solid 5 seconds before you can hit it. You have NO control over the touch screen until you do so. None of the physical buttons work either. So whatever volume you had your speakers at when you turned the car off is what you get for a solid 5 seconds when you turn the car on before you can turn the speakers down. What kind of shit for brains developers/engineers were responsible for that gem?
It is categorically awful. It’s really unfortunate that a bad touch screen system can basically eliminate a car for perspective buyers.
For anyone who has a Subaru and wants to get rid of this there is an aftermarket part you can install to bypass the telematics radio without losing access to any other features (if you just unplug it I think speakers stop working)
www.autoharnesshouse.com/69018.html
It’s $80 for the one that retains the OEM head unit, but I’m thinking that might be worth it.
Now that’s something I’m looking for