- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.
Mmmm, all those expired domains with known vulnerable api clients still calling them…
Imagine a botnet. Now, imagine a botnet on wheels!
If the data isn’t being paid for anymore, they can’t connect to anything at all. Is T-Mobile or Verizon or whoever expected to foot the bill ten years down for no reason? There may be some definitions of connecting I’m missing, but I reasoned a data connection over some sort of cellular network.
But then, if it’s some hidden proprietary magic on some unused bands, who knows?
I think it does use cellular. But theoretically, it could use a mesh network of all applicable cars that hops back to some entrance nodes into the manufacturer’s network or cheap exit nodes to the broader internet.
Edit, autocorrect
I imagine they’re still searching for the network despite not being able to reach anything, so maybe a local hack would be possible near the vehicle, but remotely? Idk.
My personal strategy to avoid this situation is to just not buy a car with those “features”. If I can’t know before I buy it, then I won’t bother to care to know. Keep your secrets, I’ll keep my $.
At some level, I’d put the blame of some of this on the consumer.
Something being a scam on some level should be the inherent suspicion of basically everything you intend to purchase. The chances a product is straightforward and trustworthy seem to be far less likely these days than the opposite.