Show HN: Control your Hyundai car with Python(github.com) |
Show HN: Control your Hyundai car with Python(github.com) |
You can send messages through ble or their cloud api / gsm. The app needed to first acquire a token to successfully establish a ble connection.
I'm not saying you can't buffer overflow through ble messages but at least the authentication was solid.
Been thinking - lately - to perhaps also use this package with Google Home, but haven't gotten around to it. Might come in handy fellow Hyundai owners.
* by smart car, I am not talking about self driving cars, I am talking about the gimmick of running some Android and iOS apps on one's car
A disconnected car is a requirement by any parameter of sanity given considerations of security including privacy, within a basic right of rejection of absurdity: but for how long will the "privilege" of avoiding lunacy will be granted?
In Europe already one has to have law-mandated (in terms of shipment) hardware modules removed (the "e-call"). For how long non-connected cars will be available on the market? It is even possible that some rogue legislating body will decide that some connected feature should be mandated...
> The attack can’t be done at scale, because the local network that the vehicle owner is using would have to be infiltrated by the attacker.
Wikipedia says BlueLink uses Bluetooth [2]. So I'm not sure what connection is actually used, but if it's Bluetooth/local wifi and there are no further security bugs, then it would be unlikely that someone else could connect to the car in the first place.
[1] https://www.tomshardware.com/news/hyundai-blue-link-vulnerab... [2] https://en.wikipedia.org/wiki/Hyundai_Blue_Link
I use it mostly to track and keep a record of my Niro status.
It would be considerably less terrifying if this was just canbus messages.
BIG YIKES
I remember being excited when I could remotely control the lights on my table from school (fun little arduino/rpie + led project).
Now we remotely control cars with REST... Indeed cool and terrifying!
> Typically, when people get downvoted, the downvotes are for the tone of the comment - ad hominem attacks
Downvote and their purpose has come up a few times and generally the seems to be a consensus seems to be that downvote=disagree is 100%, legitimate, citing some quote by PG. And if you go to certain a threads (highly political ones), it's not uncommon to see some of the more reasonable comments greyed out if they even remotely challenge the zeitgeist of the current thread inhabitants.
This also works the other way around. You can be a complete dick and violate half the guidelines and end up highly upvoted if enough people agree with you. I know because it's happened to me.
The more reliable it has to be, the least possibly connected you want it.
I am not sure it is so possible to remove or disable the «junk you don't want from your car». Already for the mentioned 'e-call', that law mandated that it has to be installed and cannot be removed by the user - only by the manufacturer. And you will very probably have to struggle to get that done ("We cannot" // "Yes you must" etc). I suppose those vehicles will have a high degree of integration - you cannot just remove pieces.
Secondly: you may have given one State authority over some conditional monitoring, but we have not allowed any such power to any private party.
As far as a cite, here an article that claims 2006 was the tipping point, so even earlier than I remember.
The issue will be about being able to use pre-2016 cars until civilization re-emerges.
(*) According to overheard info from Toyota presenting the technology at the N24 race.