this post was submitted on 12 Mar 2024
695 points (97.4% liked)

Technology

59135 readers
2234 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] scops@reddthat.com 203 points 7 months ago (7 children)

hackers only need a simple $169 hacking tool called Flipper Zero, a Raspberry Pi, or a laptop to pull it off.

At that point, why mention the Flipper Zero or RPi? Just say it can be done without specialized hardware. I feel like they're trying to piggyback off of the buzz from the Flipper Zero being banned in Canada recently.

[–] Morefan@retrolemmy.com 73 points 7 months ago (2 children)

Flipper Zero doesn't even have WiFi. At most it's a screen and button input device for ESP8266, ect.

[–] Cqrd@lemmy.dbzer0.com 37 points 7 months ago

You can buy a WiFi module and just plug it in as HAT, but I still think it's stupid to even mention when you can use pretty much anything with WiFi that you control. You could probably do the same thing with a rooted Android phone if you wanted.

[–] RealFknNito@lemmy.world 7 points 7 months ago

Flipper Zero is kinda whatever it wants to be since it has ports for additional modules. It's a hacking tool you need to hack for it to work to get around (most) legal issues.

[–] ikidd@lemmy.world 48 points 7 months ago (3 children)

Maybe they're trying to justify the stupidity of that ban. I'm still shaking my head over that, it's like nobody bothered to ask the question "does this thing actually do the thing we're mad about?"

[–] Transporter_Room_3@startrek.website 45 points 7 months ago (1 children)

Given how often it happens in other industries, it wouldnt surprise me to find out that someone, somewhere along the line has an agenda to push and are trying to lump certain things into the same category as a thing people aren't supposed to like in order to get the thing that's only kind of related banned.

Heck, I personally know people who want 3d printing to be banned because "you can 3d print guns". I can make a gun with a trip to the hardware store and a few hours. The extra hours are to make sure I can use it more than once. I'm just using this as an example, it's not quite the same.

I also know people who have seen the drone headlines for Ukraine and give me the side eye when I mention I have a drone and can build my own at home. One coworker has even asked why I "need" to build drones and that having a bunch of hardware to do stuff like that is "sketchy". Drones are already being regulated into the ground over a few high profile incidents. And some try to lump rc devices into the same category. Sorry I can't fly my 8oz foam plane here, it's in the same class as 200lb agricultural drones with 12 rotors and I need special FAA authorization. You can build an ultralight aircraft in your garage and fly it across country without running it by anyone first, though.

I rambled a bit but my point is every time you see things being lumped together and you're scratching your head as to why, ask yourself "who wrote/published/shared this, who are they affiliated with, and do they have a reason to want one of these things or similar products regulated" and you'll see a surprising amount of shady bs going on that's all perfectly legal.

[–] ikidd@lemmy.world 29 points 7 months ago (2 children)

People are weird. In my area, saying you run Linux because you hate ad tracking and don't have a Facebook account makes people think you're a child molester.

And the 3D printing thing is crazy. I've had 3D printers for well over a decade because I started out building my own before you could buy them, printed thousands of parts of varying degrees of toughness, but I would be damned if I would ever shoot a gun I printed off of one. I haven't heard a word about banning lathes and mills though.

I just ignore the drone thing, our nearest neighbor is 2 miles away so I do what I want. I built a crop scouting drone that goes for a tour every morning and flies a 7 mile route unmonitored. Never heard a word about it from the neighbors.

[–] Transporter_Room_3@startrek.website 8 points 7 months ago* (last edited 7 months ago)

It's so weird how a lot of society went from "WOAH, government can't use these things to track me, I have a right to privacy!" to "WOAH, you try not to be tracked by every single company on the planet and 16 major governments? What are you some kinda criminal?"

I can tell you from experience you can use a garage worth of basic tools to make a gun, but not one that will be "print, assemble, fire" without extra parts.

I'd say about 4/10 times I go flying my 240g drone in the local park someone comes over to tell me I'm breaking the law. Weirdly they can never name a specific one, and it's always just "the law says you cant use that here". Never had cops called yet. Mostly people want to ask me how much it was and how I like it. A few have asked if I've tried dropping "something the size of a baseball" from it.

I have a buddy who works in a bank, says a ton of ag loans these days are for drones and renewable energy equipment. Even the owner of the field I live next to has one. I think it lives in his shed, it has 8 rotors. Looks like it could lift a skinny short person. I have exactly 0 concerns they will use it to spy on me or drop explosives on my house.

I'd love to have a drone with thermal/night vision. We get a lot of animals around here and I'd like to be able to see them (and figure out what they all are) without spooking them.

load more comments (1 replies)
load more comments (2 replies)
[–] Imgonnatrythis@sh.itjust.works 13 points 7 months ago

There was nothing in this article that wasn't sensationalist click bait crap.

[–] rob_t_firefly@lemmy.world 13 points 7 months ago

In other words: you only need a computer. 😱

[–] ColeSloth@discuss.tchncs.de 9 points 7 months ago

I believe this method came out weeks ago and I had thought I'd read tesla already took care of it, but may be wrong. You still have to hang out long enough to get someone who actually wants wifi, but doesn't want to stay at their car where the wifi is at, and then will also fall for a phishing attack and put in their verification code sent to their phone into the fake site.

All to swipe a car that's going to be noticed as being stolen very quickly, and when all teslas come standard with GPS location tracking.

So what's the point of stealing a car after possible hours and hours of waiting for a mark and then taking it while the owner can report it and it's location the entire time.

[–] Player2@lemm.ee 5 points 7 months ago

They haven't banned it yet, they're just looking to do so at some point

load more comments (1 replies)
[–] Kyrgizion@lemmy.world 121 points 7 months ago* (last edited 7 months ago) (9 children)

It's gotten to the point that whenever people see Teslas, they automatically start laughing.

Tesla also seems to have taken over the "douchebag driver" stereotype that used to be reserved for BMW's and Mercedeses.

[–] Orbituary@lemmy.world 47 points 7 months ago (2 children)

If they weren't all so abysmally bad at handling their cars, maybe I'd have a different take. I swear that I get cut off, stuck behind, blocked by, or otherwise inconvenienced for dumb reasons by Teslas every time I drive.

It's like despite all the cameras, they have zero spatial awareness. Or it's a direct reflection of what's in their head.

[–] paysrenttobirds@sh.itjust.works 15 points 7 months ago (4 children)

I'm not disagreeing, but having driven a Tesla for a couple weeks-- it'll make a good driver look bad every time. Turning radius is surprisingly bad. Normal (through the window/mirror) visibility is bad. Handling is super weird and probably unlearnable in the default settings because the car seems to be constantly "correcting" your inputs even when not in autopilot. The default break style gives me motion sickness even when I'm the one driving. And the turn signals-- you just don't know how long they'll stay on, so I did start to feel reluctant to use them?

load more comments (4 replies)
[–] givesomefucks@lemmy.world 14 points 7 months ago (1 children)

Eh...

I hate to do it, but in fairness the worst drivers are going to be the first to adapt self driving cars.

The issue is Tesla misrepresents how "self driving" their cars are.

So idiots who are bad drivers think the car is a good driver. Because they're comparing it to their own driving, and overestimate how good they are at it

[–] Orbituary@lemmy.world 7 points 7 months ago

It's not just to my own driving. It's compared to other cars around them and to other cars around me. I just as often see Tesla drivers do stupid things unrelated to me.

I was at the mountain snowboarding this weekend. Two Teslas attempted to drive up the road to park. Both got stuck in the same place, one after the other. Then, instead of backing up or getting out of the way, they just got out and walked to the resort lodge.

This is just idiotic behavior and I see it time and time again. Seattle, where I live, has one of the highest Tesla ownership percentages in the country.

I'm all for electric cars. I am trying to understand why Tesla drivers have so many morons behind the wheel.

[–] BruceTwarzen@kbin.social 11 points 7 months ago (5 children)

There are a lot of roundabouts where i live and when i see a tesla, he's either not using his turn signal or is on the phone or somehow very often both. Tesla people seem to be on their phone more often than other people in the road. Which is even weirder, because they all have that elaborate electronics on board, no?

[–] 800XL@lemmy.world 11 points 7 months ago (1 children)

Who can bothered with silly driving when there are calls to make? They only bought a Tesla to have an electronic chauffeur. Even though it's not supposed to be used for that.

[–] Kyrgizion@lemmy.world 9 points 7 months ago

Only a few people at my workplace drive Teslas and let's just say they have... specific types of personalities to them.

load more comments (4 replies)
[–] ChickenLadyLovesLife@lemmy.world 7 points 7 months ago (1 children)

whenever people see Teslas, they automatically start laughing

I dunno, I'm a school bus driver and little boys (like, grades 1-8) always go apeshit when they see a Tesla (or a Ferrari or Lamborghini as well). And a lot of adults still seem to be buying them.

load more comments (1 replies)
load more comments (6 replies)
[–] givesomefucks@lemmy.world 110 points 8 months ago* (last edited 8 months ago) (6 children)

Once logged in, the hackers could even create a new "phone key," allowing them to come back to the vehicle later and drive off with it without raising suspicion.

That's because Tesla doesn't actually notify the user if a new key is created, as Mysk and Bakry point out in their video.

Mysk tested out the vulnerability on his own Tesla and found that he was easily able to create new phone keys without ever having access to the original, physical key card. That's despite Tesla promising that wasn't possible in its owner's manual.

Once he told Tesla about his findings, the EV maker underplayed the vulnerability, telling him it was all by design and "intended behavior," an assertion that Mysk called "preposterous" in his interview with Gizmodo.

"The design to pair a phone key is clearly made super easy at the expense of security," he said.

Mysk argues it would be easy for the automaker to plug the vulnerability by simply notifying users if a new phone key is created.

Weird the dudes name is so close to Musk, but it sounds like this would be something incredibly easy for Tesla to fix, they're just not doing it and denying it's a problem...

[–] Albbi@lemmy.ca 34 points 7 months ago

I'm surprised Tesla hasn't gotten to the point yet where it's just replying with 💩, but I guess this response wasn't too far off from that.

[–] evergreen@lemmy.world 12 points 7 months ago

Same kind of dictator mentality I'd expect from Musk himself honestly. Doesn't fix the problem because he's insulted that someone else pointed it out. Cutting off his nose to spite his face. He's good at that. I'm really surprised the board still tolerates his shit.

[–] redditron_2000_4@lemmy.world 6 points 7 months ago (2 children)

It’s something they “broke” recently. You used to require a physical card to pair a new phone key. I noticed when I replaced my phone that it was no longer needed. They should be able to fix it easily, but I’m sure they won’t.

You can enable pin to drive to reduce the risk, but if you have the creds and there is no 2FA on the account then you can use the app to bypass it.

load more comments (2 replies)
load more comments (3 replies)
[–] Maggoty@lemmy.world 83 points 7 months ago (2 children)

But hey let's put wifi in our heads right Elon?

This is just... Completely avoidable and a great example of XKCD's take on cyber security.

[–] merthyr1831@lemmy.world 20 points 7 months ago (1 children)

Software engineers can be split into two groups: those who aspire to own a Tesla, and those who aspire to replacing every digital appliance they own with an analog alternative

load more comments (1 replies)
[–] Johanno@feddit.de 4 points 7 months ago

Aaaaaahh! Wear gloves! Burry it in the desert!

[–] RealFknNito@lemmy.world 68 points 7 months ago (4 children)

Wonder how long until jailbreaking your EV becomes common place to turn off shit like Wifi.

[–] AA5B@lemmy.world 16 points 7 months ago* (last edited 7 months ago) (1 children)

Or you could click the setting. Or not login to a website you didn’t expect to see. Or most scammers won’t bother because it’s risky and not scalable: you need to be physically present. This doesn’t seem like a likely vector.

The recommendation of being notified when new keys are created, is a good one though.

… except I could swear it already does

[–] RealFknNito@lemmy.world 25 points 7 months ago (1 children)

Proprietary software is often locked down to be idiot proof and tamper proof to the average consumer. Actually disabling the wifi (not just turning off SSID broadcasting) or other exploitable points might require a deeper level of access than just the settings page.

And it's not websites people are concerned about. There's a pretty common hacking concept where you attack the weakest connected device. If your car connects to your garage door opener, your coffee maker, your washing machine, all your smart devices - they only need to get access to one to get access to all of them since those devices are 'trusted'. Your car doesn't know why your coffee maker says 'unlock' but it's gonna listen, it trusts your coffee machine.

[–] Clent@lemmy.world 4 points 7 months ago (4 children)

No. That's not how it works. That's not how any of this work.

A car does not automatically accept commands to devices it connects to because of some inherent trust. The car would be programmed to only accept commands from devices it expects to send it such commands.

Anyone who allows the toaster to not only command the car but alap unlock the car should be fired and blackballed from the industry. That's not a whoopsie, learning experience. That's an unforgivable level of incompetence.

[–] DragonTypeWyvern@literature.cafe 14 points 7 months ago (1 children)

The kind of mistake someone on a work visa working 85 hours a week and sleeping in the office so they don't get fired might make you say?

load more comments (1 replies)
load more comments (3 replies)
load more comments (2 replies)
[–] Aatube@kbin.melroy.org 55 points 8 months ago (3 children)

TL;DR: Phishing + no additional precautions against creating digital car keys once logged in

[–] KairuByte@lemmy.dbzer0.com 20 points 7 months ago

With a sprinkling of “omg flipper zero” for some reason.

load more comments (2 replies)
[–] masquenox@lemmy.world 52 points 7 months ago

I would download a car - unless it's a Tesla. I do have standards, you know.

[–] DancingBear@midwest.social 51 points 7 months ago (2 children)
[–] brbposting@sh.itjust.works 11 points 7 months ago

Fewer things have been better established than the fact that yes, absolutely, without hesitation: we would download a car.

load more comments (1 replies)
[–] superduperenigma@lemmy.world 35 points 7 months ago (1 children)

Kia Boys are moving up in the world.

[–] FinalRemix@lemmy.world 12 points 7 months ago (2 children)

Well, it's not like you can smash the windows in a Tesla... even if you're trying to save someone's life apparently.

load more comments (2 replies)
[–] dangblingus@lemmy.dbzer0.com 33 points 7 months ago* (last edited 7 months ago) (5 children)

You. Don't. Need. To. Put. Your. Car. On. The. Internet.

Don't buy vehicles that need you to be connected to the internet. The truth is, Tesla knows full well how vulnerable its cars are. They designed them. It definitely has nothing to do with the global stolen car black market /s.

load more comments (4 replies)
[–] BlackNo1@lemmy.world 14 points 7 months ago

mr krabs i have an ideaaaaa

[–] hal_5700X@lemmy.world 10 points 7 months ago* (last edited 7 months ago) (1 children)
load more comments (1 replies)
[–] autotldr@lemmings.world 6 points 8 months ago (1 children)

This is the best summary I could come up with:


Researchers have found that hackers could easily hijack WiFi networks at Tesla charging stations to steal vehicles — a glaring cybersecurity vulnerability that only requires an affordable, off-the-shelf tool.

"Phishing and social engineering attacks are very common today, especially with the rise of AI technologies, and responsible companies must factor in such risks in their threat models."

Cybersecurity researchers have long rung alarm bells over the use of keyless entry in the car industry, which leave modern vehicles at risk of being stolen.

Using their weapon of choice, hackers create a spoof WiFi network called "Tesla Guest" that masquerades as the real thing.

If a victim were to try to access the network, which the EV maker normally provides free of charge to waiting customers, they could be duped into giving up their login by entering it into a duplicate site.

Once he told Tesla about his findings, the EV maker underplayed the vulnerability, telling him it was all by design and "intended behavior," an assertion that Mysk called "preposterous" in his interview with Gizmodo.


The original article contains 428 words, the summary contains 175 words. Saved 59%. I'm a bot and I'm open source!

load more comments (1 replies)
[–] ahriboy@lemmy.dbzer0.com 6 points 7 months ago

The Watch Dogs series warned everyone.

load more comments
view more: next ›