Advertise on DISCO3.CO.UK
Forum · Gallery · Wiki · Shop · Sponsors
DISCO3.CO.UK > Discovery 5 - L462

Worries for D5, Velar and other with infotainment. Hacking !
Post Reply  Down to end
Page 1 of 2 12>
Dan_NL
 


Member Since: 19 Sep 2010
Location: world
Posts: 1213

Worries for D5, Velar and other with infotainment. Hacking !

Rolling Eyes ][/quote]
 

Last edited by Dan_NL on 21st Apr 2019 12:12 am. Edited 1 time in total 
Post #197373813th Aug 2018 10:14 pm
View user's profile Send private message View poster's gallery Reply with quote
DG
Site Moderator 


Member Since: 12 Dec 2005
Location: The Gaff
Posts: 50979

Wales 

What are they going to do ....listen to my Spotify playlist Rolling with laughter

FWIW you can't control them by SMS because there is no interface Wink
  
Post #197374013th Aug 2018 10:23 pm
View user's profile Send private message View poster's gallery Reply with quote
Dan_NL
 


Member Since: 19 Sep 2010
Location: world
Posts: 1213


Rolling Eyes
 

Last edited by Dan_NL on 21st Apr 2019 12:12 am. Edited 1 time in total 
Post #197374313th Aug 2018 10:35 pm
View user's profile Send private message View poster's gallery Reply with quote
DG
Site Moderator 


Member Since: 12 Dec 2005
Location: The Gaff
Posts: 50979

Wales 

That's not SMS though is it Whistle
  
Post #197374513th Aug 2018 10:43 pm
View user's profile Send private message View poster's gallery Reply with quote
Dan_NL
 


Member Since: 19 Sep 2010
Location: world
Posts: 1213


Well, I think so. I won't know how it would function otherwise.
Actually it says somewhere in the docs that the car updates its position to the cloud by sms..
  
Post #197375013th Aug 2018 11:17 pm
View user's profile Send private message View poster's gallery Reply with quote
DG
Site Moderator 


Member Since: 12 Dec 2005
Location: The Gaff
Posts: 50979

Wales 

OK ...You have a sleepless night Whistle ...I'll be sleeping soundly Very Happy
  
Post #197375114th Aug 2018 12:17 am
View user's profile Send private message View poster's gallery Reply with quote
Dan_NL
 


Member Since: 19 Sep 2010
Location: world
Posts: 1213


I have insurance... Mr. Green
  
Post #197375314th Aug 2018 12:22 am
View user's profile Send private message View poster's gallery Reply with quote
DG
Site Moderator 


Member Since: 12 Dec 2005
Location: The Gaff
Posts: 50979

Wales 

Exactly Thumbs Up
  
Post #197375414th Aug 2018 12:25 am
View user's profile Send private message View poster's gallery Reply with quote
SantaCruz
 


Member Since: 22 Jan 2012
Location: Salisbury, Wiltshire
Posts: 568

2016 Discovery 4 3.0 SDV6 SE Tech Auto ArubaDiscovery 4

but they need to up-load a virus in the first place via USB or your phone.. I dont think its anything to worry about at the moment!
 Si

2016 Disco 4 SE Tech
2019 Fiesta ST3
2021 GBS Zero 
 
Post #197376914th Aug 2018 7:09 am
View user's profile Send private message View poster's gallery Reply with quote
Pelyma
  


Member Since: 06 Jan 2005
Location: Patching, Sussex
Posts: 15496

England 

Watch this video from 14 minutes



With car manufacturers now doing OTA updates (Tesla even upgraded the Model 3 brakes OTA) how long before exploits are found? JLR are one of the biggest employers of Computer Science graduates in the UK but that doesn’t mean mistakes won’t be made and vulnerabilities won’t be found by the bad guys first, it might be used to punish those with poor taste in music but it could be used to unlock the car change any part of the car configuration. Your car disappears off your drive one night, you capture the thief on your cctv walking up, opening the door and driving off. Ahh says the insurance company you left the car unlocked so you aren’t covered. Don’t you think this could happen?
 DS3 TDV6 HSE - Silver with Alpaca (old one) Gone
DS3 TDV6 HSE- Silver with Alpaca (new one) Gone
D4 HSE Lux - Montalcino Red Gone
Porsche Cayenne V8 Diesel S 
 
Post #197377714th Aug 2018 7:32 am
View user's profile Send private message View poster's gallery Reply with quote
Dan_NL
 


Member Since: 19 Sep 2010
Location: world
Posts: 1213


Sheep
 

Last edited by Dan_NL on 21st Apr 2019 12:13 am. Edited 1 time in total 
Post #197379414th Aug 2018 8:14 am
View user's profile Send private message View poster's gallery Reply with quote
Redline
 


Member Since: 20 Jan 2018
Location: Warwickshire
Posts: 141

United Kingdom 2011 Discovery 4 3.0 SDV6 HSE Auto Siberian SilverDiscovery 4

There are several vulnerabilities here.

The USB interface is the first one but requires physical access to exploit. With BT I suspect they get used less and less but still pose a problem as an entry point into the cars systems. Plug your phone that has dormant but malicious code in to charge it or an infected USB and that’s the starting point.

Cars with OTA are more vulnerable because they are directly addressable via the data channel (not SMS).
Changes to a cars config or use of remote unlock commands could be exploited either directly or via a compromised USB. Far fetched? Maybe. But definitely possible.

But, if the infected system then informs the hacker what the car is along with build details plus location, all they have to do is turn up, unlock it and drive away. Hopefully, encryption on the link plus embedded IP controls built in to hardware would prevent this. I very much doubt sufficient controls are built in to OTA interfaces. Anyone clever enough to access the systems remotely are clever enough to find ways to exploit it for their own ends. The whole car (but not it’s components) however should become worthless unless it’s systems are given a new identity. At some point, again either by OTA or connection to diagnostics then the manufacturer will be able identify and locate the car.

More worrying would be a targeted DoS but on a big scale. That could cause chaos. Lots of quietly infected systems then simultaneously triggered to turn off or prevent use of the vehicle or worse, prevent critical systems from working properly when needed.
We’re into the realms of state sponsored actors - they are out there and they are looking for any way they can to cause economic harm. What better way than controlling and interrupting transport directly.
 Current : Discovery 4 HSE (2012 spec)
Current : BMW Z4 20i MSport
Current : BWM Z4 3.0SI Sport Auto
Previous : Freelander 2 HSE 
 
Post #197379514th Aug 2018 8:30 am
View user's profile Send private message View poster's gallery Reply with quote
DG
Site Moderator 


Member Since: 12 Dec 2005
Location: The Gaff
Posts: 50979

Wales 

Pelyma wrote:
Your car disappears off your drive one night, you capture the thief on your cctv walking up, opening the door and driving off. Ahh says the insurance company you left the car unlocked so you aren’t covered. Don’t you think this could happen?


Not only is there a visible indication of unlock procedure when you open the motor but the telematics system confirms remotely that the alarm is set, windows, doors, boot and bonnet are locked, tracking is active. All of this information is retained in your account so I'm sure that insurers would be compliant.



No doubt the evils will work around it as that has always been the game since day dot. I'm not going to worry about it tbh Smile
  
Post #197380114th Aug 2018 8:46 am
View user's profile Send private message View poster's gallery Reply with quote
discoverybrazil
 


Member Since: 07 Aug 2018
Location: sao paulo
Posts: 102

Brazil 2006 Discovery 3 4.4 V8 HSE Auto Keswick GreenDiscovery 3

I think someone will get handcuffed in the car by wifes Rolling with laughter Rolling with laughter Rolling with laughter
 LR3 ON ROAD ONLY  
Post #197387014th Aug 2018 11:37 am
View user's profile Send private message View poster's gallery Send e-mail Reply with quote
Pelyma
  


Member Since: 06 Jan 2005
Location: Patching, Sussex
Posts: 15496

England 

DG wrote:
Pelyma wrote:
Your car disappears off your drive one night, you capture the thief on your cctv walking up, opening the door and driving off. Ahh says the insurance company you left the car unlocked so you aren’t covered. Don’t you think this could happen?


Not only is there a visible indication of unlock procedure when you open the motor but the telematics system confirms remotely that the alarm is set, windows, doors, boot and bonnet are locked, tracking is active. All of this information is retained in your account so I'm sure that insurers would be compliant.



No doubt the evils will work around it as that has always been the game since day dot. I'm not going to worry about it tbh Smile


The app is neither here nor there if your system has been compromised it will say whatever the hacker says it will say! The issue to me would be how many cars have to be attacked for a manufacturer to patch the problem? The insurance company offering LR extended warranty say the engine issue is a design fault so don’t cover it yet LR seems to have done nothing to the design, would the same apply to a software issue? I guess it’s an issue that many companies are going to have to face and let’s face it all cars soon enough will be potentially vulnerable, are we going to stop buying cars?
 DS3 TDV6 HSE - Silver with Alpaca (old one) Gone
DS3 TDV6 HSE- Silver with Alpaca (new one) Gone
D4 HSE Lux - Montalcino Red Gone
Porsche Cayenne V8 Diesel S 
 
Post #197393214th Aug 2018 3:08 pm
View user's profile Send private message View poster's gallery Reply with quote
Display posts from the last:  
Post Reply Back to top
Page 1 of 2 12>
Jump to:  
Previous Topic | Next Topic >


Posting Rules
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



DISCO3.CO.UK Copyright © 2004-2024 Futuranet Ltd & Martin Lewis
DISCO3.CO.UK RSS Feed - All Forums

DISCO3.CO.UK is independent and not affiliated to Land Rover.
Switch to Mobile Site