Member Since: 19 Sep 2010
Location: world
Posts: 1213
Worries for D5, Velar and other with infotainment. Hacking !
][/quote]
Last edited by Dan_NL on 21st Apr 2019 12:12 am. Edited 1 time in total
13th Aug 2018 10:14 pm
DG Site Moderator
Member Since: 12 Dec 2005
Location: The Gaff
Posts: 50979
What are they going to do ....listen to my Spotify playlist
FWIW you can't control them by SMS because there is no interface
13th Aug 2018 10:23 pm
Dan_NL
Member Since: 19 Sep 2010
Location: world
Posts: 1213
Last edited by Dan_NL on 21st Apr 2019 12:12 am. Edited 1 time in total
13th Aug 2018 10:35 pm
DG Site Moderator
Member Since: 12 Dec 2005
Location: The Gaff
Posts: 50979
That's not SMS though is it
13th Aug 2018 10:43 pm
Dan_NL
Member Since: 19 Sep 2010
Location: world
Posts: 1213
Well, I think so. I won't know how it would function otherwise.
Actually it says somewhere in the docs that the car updates its position to the cloud by sms..
13th Aug 2018 11:17 pm
DG Site Moderator
Member Since: 12 Dec 2005
Location: The Gaff
Posts: 50979
OK ...You have a sleepless night ...I'll be sleeping soundly
14th Aug 2018 12:17 am
Dan_NL
Member Since: 19 Sep 2010
Location: world
Posts: 1213
I have insurance...
14th Aug 2018 12:22 am
DG Site Moderator
Member Since: 12 Dec 2005
Location: The Gaff
Posts: 50979
but they need to up-load a virus in the first place via USB or your phone.. I dont think its anything to worry about at the moment!Si
2016 Disco 4 SE Tech
2019 Fiesta ST3
2021 GBS Zero
14th Aug 2018 7:09 am
Pelyma
Member Since: 06 Jan 2005
Location: Patching, Sussex
Posts: 15496
Watch this video from 14 minutes
With car manufacturers now doing OTA updates (Tesla even upgraded the Model 3 brakes OTA) how long before exploits are found? JLR are one of the biggest employers of Computer Science graduates in the UK but that doesn’t mean mistakes won’t be made and vulnerabilities won’t be found by the bad guys first, it might be used to punish those with poor taste in music but it could be used to unlock the car change any part of the car configuration. Your car disappears off your drive one night, you capture the thief on your cctv walking up, opening the door and driving off. Ahh says the insurance company you left the car unlocked so you aren’t covered. Don’t you think this could happen?DS3 TDV6 HSE - Silver with Alpaca (old one) Gone
DS3 TDV6 HSE- Silver with Alpaca (new one) Gone
D4 HSE Lux - Montalcino Red Gone
Porsche Cayenne V8 Diesel S
14th Aug 2018 7:32 am
Dan_NL
Member Since: 19 Sep 2010
Location: world
Posts: 1213
Last edited by Dan_NL on 21st Apr 2019 12:13 am. Edited 1 time in total
14th Aug 2018 8:14 am
Redline
Member Since: 20 Jan 2018
Location: Warwickshire
Posts: 141
There are several vulnerabilities here.
The USB interface is the first one but requires physical access to exploit. With BT I suspect they get used less and less but still pose a problem as an entry point into the cars systems. Plug your phone that has dormant but malicious code in to charge it or an infected USB and that’s the starting point.
Cars with OTA are more vulnerable because they are directly addressable via the data channel (not SMS).
Changes to a cars config or use of remote unlock commands could be exploited either directly or via a compromised USB. Far fetched? Maybe. But definitely possible.
But, if the infected system then informs the hacker what the car is along with build details plus location, all they have to do is turn up, unlock it and drive away. Hopefully, encryption on the link plus embedded IP controls built in to hardware would prevent this. I very much doubt sufficient controls are built in to OTA interfaces. Anyone clever enough to access the systems remotely are clever enough to find ways to exploit it for their own ends. The whole car (but not it’s components) however should become worthless unless it’s systems are given a new identity. At some point, again either by OTA or connection to diagnostics then the manufacturer will be able identify and locate the car.
More worrying would be a targeted DoS but on a big scale. That could cause chaos. Lots of quietly infected systems then simultaneously triggered to turn off or prevent use of the vehicle or worse, prevent critical systems from working properly when needed.
We’re into the realms of state sponsored actors - they are out there and they are looking for any way they can to cause economic harm. What better way than controlling and interrupting transport directly.Current : Discovery 4 HSE (2012 spec)
Current : BMW Z4 20i MSport
Current : BWM Z4 3.0SI Sport Auto
Previous : Freelander 2 HSE
14th Aug 2018 8:30 am
DG Site Moderator
Member Since: 12 Dec 2005
Location: The Gaff
Posts: 50979
Pelyma wrote:
Your car disappears off your drive one night, you capture the thief on your cctv walking up, opening the door and driving off. Ahh says the insurance company you left the car unlocked so you aren’t covered. Don’t you think this could happen?
Not only is there a visible indication of unlock procedure when you open the motor but the telematics system confirms remotely that the alarm is set, windows, doors, boot and bonnet are locked, tracking is active. All of this information is retained in your account so I'm sure that insurers would be compliant.
No doubt the evils will work around it as that has always been the game since day dot. I'm not going to worry about it tbh
14th Aug 2018 8:46 am
discoverybrazil
Member Since: 07 Aug 2018
Location: sao paulo
Posts: 102
I think someone will get handcuffed in the car by wifes LR3 ON ROAD ONLY
14th Aug 2018 11:37 am
Pelyma
Member Since: 06 Jan 2005
Location: Patching, Sussex
Posts: 15496
DG wrote:
Pelyma wrote:
Your car disappears off your drive one night, you capture the thief on your cctv walking up, opening the door and driving off. Ahh says the insurance company you left the car unlocked so you aren’t covered. Don’t you think this could happen?
Not only is there a visible indication of unlock procedure when you open the motor but the telematics system confirms remotely that the alarm is set, windows, doors, boot and bonnet are locked, tracking is active. All of this information is retained in your account so I'm sure that insurers would be compliant.
No doubt the evils will work around it as that has always been the game since day dot. I'm not going to worry about it tbh
The app is neither here nor there if your system has been compromised it will say whatever the hacker says it will say! The issue to me would be how many cars have to be attacked for a manufacturer to patch the problem? The insurance company offering LR extended warranty say the engine issue is a design fault so don’t cover it yet LR seems to have done nothing to the design, would the same apply to a software issue? I guess it’s an issue that many companies are going to have to face and let’s face it all cars soon enough will be potentially vulnerable, are we going to stop buying cars?DS3 TDV6 HSE - Silver with Alpaca (old one) Gone
DS3 TDV6 HSE- Silver with Alpaca (new one) Gone
D4 HSE Lux - Montalcino Red Gone
Porsche Cayenne V8 Diesel S
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum