Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
Cool! Now work on exploits for those paywalled features of BMW cars and Ford cars.
If you pay for something it's yours by right. You should be able to use the entire thing, because you physically have it now.
When I need a new car it's going to br older not newer..
If all electric cars are just going to be subscription bullshit, I'm sorry, I won't be driving electric.
Even ICE manufacturers have been including hardware that software disabled for a while
Subscribe to enable your BMW seat heater! They definitely require periodic software updates and is absolutely NOT a blatant money grab
I got an OBDeleven for my 2015 GTI so I could unlock stuff and customize. Enabled rolling down the windows with the key fob, being able to display the engine oil temp in the dash and also setting the accelerator pedal curve to linear.
What I didn't even know that was stuff you could even do
Kinda depends on the car. Volkswagen cars are pretty "hackable" with OBDeleven which is a wireless interface for the hilariously named "VAGCOM" protocol.
OBDeleven
Hang on, have I being saying this wrong for years? I thought it was OBDII or OBD2 ?
Audi had been doing this for years and they even disable stuff if you sell your car to another private person. One of my friends bought a used Audi and everything was disabled so he installed a cracked version of the infotainment software and now the only thing that doesn't work is the fingerprint unlock.
A fingerprint unlock on a car? I've never heard of that, is it to unlock the doors?
There are some manufacturers that do not do this garbage, or at least not often. I've heard good things about Hyundai specifically.
For now they have customer goodwill to win back after nearly a decade of building cars that practically fell apart in a year or 2 in the late 00s and early 10s.
They'll catch up to the others in anti-consumer practices soon, but for now they're a good choice if you don't particularly care for performance or ride quality.
Have you seen the automotive industry as of late? This isn't a EV issue nor is it really new. We've had things like OnStar for years and the entire industry has started to chase the gaming industry's microtransaction BS for a while now.
https://www.theverge.com/2022/7/12/23204950/bmw-subscriptions-microtransactions-heated-seats-feature
https://www.thedrive.com/news/43329/toyota-made-its-key-fob-remote-start-into-a-subscription-service
The future looks like a potential live service hell scape for the auto industry EV or otherwise.
It won’t just be electric cars, it’ll be all new model cars from manufacturing companies. At least until ICE is phased out.
Cory Doctorow has written a great article about this phenomenon a few days ago: https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon
Basically we move back to a feudalism world where you don't own anything anymore and you have to pay recurring rents. And as you don't own it they can fuck you over by increasing rents or disable features when you can't pay.
More like, until the Chinese weasel their way into the US market with cheaper-than-used cars to undercut the legacy auto makers. 10 years or so, it'll happen. And the big 3 will be begging for bailouts again. That is unless they smarten up and remember what made Ford what it is today.
Unpatchable
Good to hear
Good. There should be no such thing as unserviced features that are physically present in a product and locked out against its owner. Not in cars or anything.
A subscription for hardware is such bullshit, I hope this trend dies.
We can all do our part by not buying anything from those who do this.
This is the best summary I could come up with:
Utilizing multiple connections to the power supply, BIOS SPI chip, and SVI2 bus, the researchers performed a voltage fault injection attack on the MCU-Z's Platform Security Processor.
"They allow an attacker to decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc."
"Hacking the embedded car computer could allow users to unlock these features without paying," the TU Berlin researchers add.
In an email to Tom's Hardware, one of the researchers clarified that not all Tesla software upgrades are accessible, so it remains to be seen if those premium options will also be ripe for picking.
Another consequence is that the exploit can "extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla's internal service network."
The TU Berlin team (consisting of PhD students Christian Werling, Niclas Kühnapfel, and Hans Niklas Jacob, along with security researcher Oleg Drokin) will present their findings next week (August 9) at the Blackhat conference in Las Vegas, where we hope to hear more about all the feature upgrades that are accessible.
I'm a bot and I'm open source!
Nice anti-AMD framing so shortly after that latest Zen2 vulnerability.
Right? Probably for attention grabbing, cause they do say the same flaw exists in zen2 and zen3, and the article is by no means slamming AMD for it. But the title does come off that way
The title seems much more interesting than it is. I doubt most people have the ability to perform this type of exploit. It would be more interesting if a group would charge X to unlock it for you.
I hope that becomes more common as these types of features become more prevalent across multiple OEMs. I'd pay a tech-savvy mechanic or a car-savvy hacker quite a bit for features that are already installed but locked behind some arbitrary paywall.
I also just hope regulators put a stop to such behavior first, but I kind of doubt that will happen.
They should publish that private key 🤣
I see MusX stopping people's car in the middle of the highway when they found out.
reading this made me so hard
Oh no! Anyways...