Trouble is the move to complete computerization. Back in the day we had physical keys which turned a physical switch to physically connect the power from battery to wake ECU. Now, we have a button that sends a REQUEST to the ECU to turn on or off, and as long as an acceptable transponder is around it will accept the request. If you turn your car off when u hit that stop button it REQUESTS that the ECU shut down assuming conditions are met. I have had a problem 202w wrangler JL turn on fine but refuse to shut off untill you pulled the terminals off the battery. This new age hyper computerized nonsense is why every mechanic hates these new age techno bullshit wanna-be computer appliances on wheels, canbus can be awesome for keeping all modules on the same page but one bad wire and the whole system takes a shit.
Comment on Inside the Underground Trade of ‘Flipper Zero’ Tech to Break into Cars
Treczoks@lemmy.world 3 days ago
If you can hack a car with a flipper zero, then the car manufacturers failed to implement the most basic security protocols. Complain to them, and demand a fix.
innermachine@lemmy.world 2 days ago
Treczoks@lemmy.world 2 days ago
202w wrangler
Well, Jeep is not really a name for good innovation. They are stuck with a management that still thinks “mechanics” and sees electronics as a pure profit center, not as a gear in the system that has to be as reliable as the rest of it.
bridgeenjoyer@sh.itjust.works 2 days ago
Give us fucking keys and BUTTONS. We dont want or need this tech shit they want to shove into everything so they can show cancerous growth to ther shareholders.
douglasg14b@lemmy.world 2 days ago
TBF most of these are failures and exploits on older devices.
Which are a dime a dozen across the entire industry. Security is rather difficult, especially when considering exploits and bugs.
Ofc many of these ARE the results of cut corners, though many are just a lack of security awareness or old devices with known exploits discovered long after manufacturing.
Treczoks@lemmy.world 2 days ago
The lack of security awareness is due to them to scrooge to hire the right professionals for the job. It is 100% the result of cutting corners.
Jason2357@lemmy.ca 1 day ago
When a car is stolen, they typically get to sell another one, courtesy of the drivers insurance policy. They are incentivized to bad security.
YiddishMcSquidish@lemmy.today 3 days ago
Fucking real! My car (2016 Toyota Avalon) uses a rolling code for the transponder! It’s like one of the most basic things any manufacturer can do to avoid this shit! And it can’t be more than a few dozen lines of code (I’m no expert so this may be an exaggeration)?
Doomsider@lemmy.world 3 days ago
It is almost like their should be something written down somewhere. Like a guideline or rule or something…
Oh that is right, it is called a regulation requiring basic wireless security for extremely expensive consumer items.
YiddishMcSquidish@lemmy.today 3 days ago
Nope can’t do that.
But with mega corpos
Won’t someone think of the multi billion dollar corporations‽
ArcaneSlime@lemmy.dbzer0.com 2 days ago
Of course, this particular attack actually “works” with rolling codes (WILL desync your real keyfob), it requires the attacker to sniff one signal off your key (incl lock) and then they can spoof your key’s rollover protocol (and any button, not just the one they sniffed) to reset the rolling code back to 0 and allowing them access. Iirc it’s different from a standard replay attack in (definitely) that it can spoof other keys on the fob it hasn’t read, and (I think) that while a trad replay attack requires the car not to hear the signal when recording I believe that doesn’t matter with this attack.
Unfortunately I haven’t been able to test it out since I’m not buying a serial locked flipper firmware from some guy who just got out of prison selling it on telegram.
YiddishMcSquidish@lemmy.today 2 days ago
What if I only use the fob as a fob? I usually only use the touch pad to lock and inner handle’s proximity sensor to unlock, so the car is only range finding after initial sense.
ArcaneSlime@lemmy.dbzer0.com 2 days ago
If you literally never press the buttons, nor leave your keys alone with anyone else who could possibly push the buttons?
Then a guy with a $20 car unlock kit from Autozone can still get in. And so can a guy with a hammer, and a guy with a broken spark plug. Locks are suggestions, especially when you have windows.
And that’s not even to mention people with actual SDRs that can repeat your key’s signal and remote start your car, keep your fob in a faraday bag.