Bad Android security makes it easy to break into and steal millions of "smart" cars


#1

Originally published at: http://boingboing.net/2017/02/17/bad-android-security-makes-it.html


#2

Note to self: smart car, smart tv, smart light bulb, smart (insert product name) - it’s all marketing speak, ie, lies. To buy smart, always avoid products that call themselves smart.


#3


#4

Good thing my Ford Fiesta runs Windows!


#5

#6

I remember years ago a Microsoft product manager was quoted as saying that, hey, it was entirely possible to build a secure version of Windows, what was harder was getting people to buy it.

I can almost guarantee you that they get complaints about how current versions of Android ask for permission to do things like use the microphone and camera.


#7

From a slide deck posted by the Grugq.

In case you’re wondering what he thinks of Linux as a general OS


#8

I still come across malfunctioning ATMs running XP. I assume a specialized and highly locked down version, but still! What version of windows is on your car? The roll down type?


#9

Updates are done by loading a USB stick, taking it out to the car and doing the update.


#10

XP is only insecure if you connect it to the internet. And really, its greatest insecurity, as always, comes from being used to surf the internet by a human.

An ATM running XP probably only connects to the bank’s internal network and is no more insecure than any other headless, userless, non-internet connected windows box.


#11

May we have a link, please?

Eta: Found it


#12

Pass…bad enough I have to deal with Windows on my home computers…don’t need it in the car.


#13

I downloaded the PDF but didn’t copy the URL. I’m sorry. I came across it on Twitter, if that’s any help. It’s really a humorous deck.

— Sent from Boxer | http://getboxer.com

Original Quoted context has been removed as per policy


#14

I know that used to be the case, but understand that since it came along, the Internet is becoming all-too-tempting.

[Edit] It’s not the same source I was looking for, but section 7, here:


seems to corroborate that reasonably.

(Certainly better than the ‘encyclopedia.com’ article I found that asserts that “Inside most ATMs in the early twenty-first century are PCs with an Intel processor chip running IBM’s OS/2 Warp operating system.” )
(Shudders)


#15

Worth following here, too, if you use it:

https://twitter.com/thegrugq


#16

HA! That’s cr

This content has been removed because it was dumb.

– Get <a href=https://www.youtube.com/watch?v=dQw4w9WgXcQ>Rickrolled!


#17

Once again proving that it doesn’t matter how secure your OS or software are if you don’t follow basic security precautions.

Also proving once again that banks, which you would think would be really good at security because, duh, are really all too often totally incompetent at security.

PS: I just checked. our Bank of Montreal credit card account still requires a password of exactly 6 alphanumeric-only characters, no more, no less.


#18

I think the response to those three paragraphs are:

  1. Absolutely
  2. Oh, absolutely!
    and
  3. (Facepalm) Oh, I really wish I had difficulty believing that.

(:confounded:)


#19


#20

I was amazed to discover recently that if you’re still running XP you can do a registry edit to fool update into thinking it’s windows embedded posready and thus still receive updates. Microsoft were not amused but fuck 'em.