• Rai@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        7
        ·
        2 months ago

        My friend has his Kia broken into and started, but it’s a standard so they ditched it hahaha

        • Semi-Hemi-Lemmygod@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          2 months ago

          I got a decent manual for about $12k back in February. And it was one of three on the lot I was there to look at all around that price: A GTI, a WRX, and a Mini.

          I went with the GTI

        • swag_money@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          2 months ago

          right before the used car market exploded i got my manual Subaru for $3400 when it was worth about 10-12k because of a misfire. yeah it just had the wrong spark plugs in it :p and it’s about as dumb as they come. it has a radio, abs, and cruise control - no other driving assists or telemetry

        • Blaster M@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          The fun tax is real… except unllike the poster below, I was looking for a Base model Subaru and not the WRX (even though the WRX is a bucket list car)

      • Dran@lemmy.world
        link
        fedilink
        English
        arrow-up
        53
        ·
        2 months ago

        Just because you can’t use it doesn’t mean a hacker can’t. If someone discovered a vulnerability in the 3g handshake or encryption protocol, it could be an avenue for an RCE.

        • Rubanski@lemm.ee
          link
          fedilink
          English
          arrow-up
          15
          ·
          2 months ago

          Especially when there are no security updates anymore. They should just rip out any possible receiver there is for mobile communication

        • Scott@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          11
          ·
          2 months ago

          Honestly if someone manages to figure that out I would want to know, that way I can finally use my cars remote start 😄

    • Echo Dot@feddit.uk
      link
      fedilink
      English
      arrow-up
      8
      ·
      2 months ago

      I wish, but most people don’t know / care about this stuff, it’s not going to really percolate into the public consciousness .

      According to the dealership my car isn’t worth it’s weight grass clippings because it’s too old.

    • NotMyOldRedditName@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      2 months ago

      The car will still work if you take the radio out or put a faraday cage around it, maybe that’ll become a thing in the future, but that might fuck with the paid charging infrastructure for EVs. Doesn’t impact gas.

    • SharkAttak@kbin.melroy.org
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      I have a '01 Citroen and I’m gonna run it to the ground. She needs a big overhaul now, but for a 190’000Km car my baby is still pretty good.

  • mctoasterson@reddthat.com
    link
    fedilink
    English
    arrow-up
    93
    ·
    2 months ago

    Yeah… fuck this shit. This is part of the reason I still drive a nearly 20 year old vehicle. It has features I want, and can’t be stolen via fucking API calls. Absolute insanity.

    I think Hyundai/Kia group has done unfathomable damage to their brands. Kia, despite being a budget brand, wants to be seen as a legit competitor to Toyota or at least Nissan. Their corner cutting with the immobilizers and the resulting “USB” theft shit was bad enough. Now this exploit.

  • penquin@lemm.ee
    link
    fedilink
    English
    arrow-up
    48
    ·
    2 months ago

    Let the fucking hacking begin. Fuck these assholes. They are milking people out of their last penny, and on top of that they’re selling people’s driving data to data brokers who sell it to insurance companies that jack up prices.

  • MaskedPanda@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    40
    ·
    2 months ago

    FYI: From the article: “These vulnerabilities have since been fixed, this tool was never released, and the Kia team has validated this was never exploited maliciously.

    • exanime@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      Well I wouldn’t really trust kia, who released these gaping vulnerabilities and benefit the most from pretending ain’t no big thing, with these statements

  • JohnWorks@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    27
    ·
    2 months ago

    I’ve noticed a lot of issues showing up for the Kia and Hyundai cars security wise. I wonder if they’re having issues because there’s more focus on those cars or if their security is really that bad.

    • mosiacmango@lemm.ee
      link
      fedilink
      English
      arrow-up
      36
      ·
      edit-2
      2 months ago

      The Kia/Hyundai “challenge” where people were stealing their cars with a USB cord is because they opted not to include an immobilizer in US models for a decade. Every other car brand had them as standard. Kia even had them as standard in non US cars, but because the USA stupidly does not have a law about it, they opted to drastically reduce car security to save a few dollars per car.

      This has made them prime targets, as people know they make bad security choices whenever they can save a buck.

      So a bit of both, I expect.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        6
        ·
        2 months ago

        I’m still amazed that immobilizers aren’t a legal requirement in the USA, and that Kia would remove them from US models just to save a small amount of money.

    • ravhall@discuss.online
      link
      fedilink
      English
      arrow-up
      8
      ·
      2 months ago

      Both probably. I’m sure a lot of cars have problems like this, but they just haven’t been found and there are already known vulnerabilities to focus on.

    • ccdfa@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      Don’t look into South Korean web security. If their cars are as badly designed as their websites… Yikes

  • jabjoe@feddit.uk
    link
    fedilink
    English
    arrow-up
    20
    ·
    2 months ago

    This is the problem with digital serfdom, those lording it over us aren’t perfect either. Not only should we be able to connect our cars to our own server, we should be able inspect provided server implementation to see if it’s a bag of nails.

  • NotMyOldRedditName@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    ·
    edit-2
    2 months ago

    I know the majority of you hate Tesla, but security is something they do take more seriously. They even take part in pwn2own to help find vulnerabilities.

    All auto manufacturers should be taking part in that.

    Nothing like winning a car to get people to try and break into it publicly.

    Edit: Also details on the 2025 event in January just recently announced. https://www.zerodayinitiative.com/blog/2024/9/23/announcing-pwn2own-automotive-for-2025

    • CeeBee_Eh@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      ·
      2 months ago

      I have my money on Tesla being the first cloud-connected car (that phrase shouldn’t exist) to be hacked and push a malicious firmware that will cause all cars to simultaneously activate self driving and to pull a hard left at a specific time (time bomb).

      • NotMyOldRedditName@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        2 months ago

        You should watch - Leave the World Behind

        You might be right, but I don’t think it’ll be because their cars are the easiest to hack, it’ll be because they have the most cars out there capable of doing this and it’d be more impactful attack if successful.

        (edit: Also they’d be able to exert the most control on their cars with the software/sensors available today at scale. E.g they could more easily have the car drive around until it finds a pedestrian to hit)

        (edit: Further, you can make the most changes to a Tesla as they have one of the more (or probably most) advanced OTA update capabilities)

        They are definitely a prime target.

      • NotMyOldRedditName@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        2 months ago

        There’s a portion that only hate Elon and not Tesla, but there’s a lot of Tesla hate out there as well, and there has been since even before Elon publicly went off the deepend.

        Some of that might be decisions that Elon made for Tesla, but it’s still at Tesla.

        Edit: but I will take your point and say my use of majority in my OP wasn’t correct as the majority here is about Elon.

  • 🐋 Color 🔱 ♀@lemm.ee
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    2 months ago

    Why does a car need to be connected to the internet? A reliable rule of conduct in aeronautics is that systems which are deemed critical to safety are air gapped from the systems which are connected to the internet, so in the event that those systems are compromised by malware or hackers, the safety critical systems won’t also be compromised.

    Why is it seemingly taking automotive manufacturers so long to catch on to this principle? Before anyone mentions downloadable features, I do not see that as a means of justification. Like with videogames, if you’re paying good money for a product, that product should already be finished by release. Hiding content that should already exist on a car is egregious and the normalisation of it incentivizes manufacturers to release vehicles that are incomplete and should not have been released in their current state.

    • njordomir@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 months ago

      This is my car, I have a stereo with entertainment features. My mileage, drive time, fuel economy, and anything related to the systems of the car, shows up on a separate display strip. To the best of my knowledge, the stereo cannot control the car in any way. Its just there to play music for me. I dread the day I have to replace this car. I may just buy an old pre-telemetry 4x4. The roads around here have gotten too bad for a hatchback anyway.

      • 🐋 Color 🔱 ♀@lemm.ee
        link
        fedilink
        English
        arrow-up
        5
        ·
        2 months ago

        Yup, that’s how it should be across the board. That’s how it is with modern airliners. The redundancy of having each system be controlled by multiple computers is nullified if a hacker can get to control all of them, including the ones which are safety critical, just by hacking one. I honestly don’t blame you, I love the internet but there really are situations where something really doesn’t need to be connected to the internet.

    • exanime@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      Agreed. But I am getting more and more concerned we won’t always be able to keep or buy an old car and avoid these pitfalls

      I’m likely 3 to 6 years away from having to buy a new/used car and I don’t think il be able to (or actually want) a 20 year old car