100 million VWs can be unlocked with a $40 cracker (and other cars aren't much better)


#1

Originally published at: http://boingboing.net/2016/08/11/100-million-vws-can-be-unlocke.html


#2

Clicking on the given link Firefox tells me that the connection is not secure, it seems the site is using obsolete and insecure protocols…
Oh the irony.


#3

Can we charge the extra 'cuz-they’re-easy-to-steal insurance premiums back to VW and the other manufacturers?


#4

So you need to hang about and be in the short range of the keyfob and know exactly which mark is signaling.


#5

There are 100 Billion VWs in the world? I know they’re the People’s Car and all, but still…


#6

$40 seems like a lot for a cracker. Even a Ritz.


#7

I’ll grant that “cracker” is far superior to “red-neck” but it’s still poor form.

However, $40 is pretty good for services rendered.


#8

Maybe it’s a water biscuit from when Carlisle was flooded


#9

I wish somebody would steal my pollution machine.


#10

You can couple those water biscuits with 2012-vintage Parmesan cheese:


#11

Goddamn it! Beat me to it! :sweat_smile:


#12

This confirms to me that car makers need a new way of thinking about the cars they sell with software systems onboard. The current mentality is that when you purchase a vehicle, you purchase a computer system with the current software only. So, there will never be upgrades to the computer system. Want a newer software version? Buy a new car! [yes, I know I veer of the current topic slightly due to needed hardware to upgrade remote security]

If anything comes out of this, perhaps the concept that computer systems need maintenance over time to stay current with technology and security. Why not upgrade software to fix bugs in current bluetooth connectivity? Current car-manufacturers seem not to care or worry about this aspect of their product at all.

[I’d love to see hacks to enable user upgrades to the onboard computer systems (not ignition etc.- but in-dash computers). If I could find an updated firmware and method, I would likely have flashed my car to fix known bugs.]


#13

Same issue as phones.

Most manufacturers see updates as optional (for them) at best, even when security is at stake


#14

Look at the state of software updates for regular programs, which are much easier to deal with than a car will ever be: any update is a risk of regressions and/or new bugs; the cost of supporting multiple platforms is so high that vendors drop old platforms as soon as they can get away with it; updates can be spoofed by malware; updates can wipe your data, even stuff they have nothing to do with (like when Adobe wiped the entire $home folder of people updating a product).

Do you really want to experience all that on something that can easily cost from 10 to 50 grand? No thanks. If there is a specific bug without a workaround, the manufacturer should fix it; and if there is a workaround, just use that.

In something that can kill you, predictability should always trump “the shiny”. If there is a security problem (and I’m the first to say VW has one, considering thieves broke into my previous Passat twice and once in my neighbour’s Golf), VW should fix it, but let’s not open a can of worms.


#15

This of course assumes that there aren’t already significant problems with the software as shipped in the current machines. I fear this is a poor assumption.


#16

This topic was automatically closed after 5 days. New replies are no longer allowed.