15 January 2022

We Should Put Cars' Electronic Controls on the Internet

What could possibly go wrong? Teen hacker finds bug that lets him control 25 Teslas remotely | Ars Technica.

A young hacker and IT security researcher found a way to remotely interact with more than 25 Tesla electric vehicles in 13 countries, according to a Twitter thread he posted yesterday.

David Colombo explained in the thread that the flaw was "not a vulnerability in Tesla's infrastructure. It's the owner's faults." He claimed to be able to disable a car's remote camera system, unlock doors and open windows, and even begin keyless driving. He could also determine the car's exact location.

Which if it is in fact a security problem brought on by owners' ineptitude by such things as poor passwords, my sympathy is limited.

If you have your house locks, your car, your medical devices, or anything else important on the internet, you better have iron clad security on your end of things. And yes, that includes things like brokerage and bank accounts.

Tesla's security team is on the case. For whatever that is worth.

2 comments:

  1. I keep telling people I know that thinks this kind of thing is a great idea, "If you can operate it remotely by an app on your phone, so can a potential bad guy." I get stunned silence snd blank stares.

    ReplyDelete
    Replies
    1. I gave up talking to friends and family about security. "It's too hard."

      It's too hard to remember one password for a PW manager.
      It's too hard to use a VPN whenever you're on public WiFi.
      It's too hard to create decent passwords that are not your pet's name. (Or anything else that is on F*c*book.)
      It's too uncomfortable to think about what bad things might happen. (They offered me a chocolate bar so I gave them the PW to my online banking system!)

      Delete

Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.

Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.