- cross-posted to:
- red_team@lemmy.ninja
- technology@beehaw.org
- cross-posted to:
- red_team@lemmy.ninja
- technology@beehaw.org
You must log in or register to comment.
A subscription for hardware is such bullshit, I hope this trend dies.
We can all do our part by not buying anything from those who do this.
Unpatchable
Good to hear
This is the best summary I could come up with:
Utilizing multiple connections to the power supply, BIOS SPI chip, and SVI2 bus, the researchers performed a voltage fault injection attack on the MCU-Z’s Platform Security Processor.
“They allow an attacker to decrypt the encrypted NVMe storage and access private user data such as the phonebook, calendar entries, etc.”
“Hacking the embedded car computer could allow users to unlock these features without paying,” the TU Berlin researchers add.
In an email to Tom’s Hardware, one of the researchers clarified that not all Tesla software upgrades are accessible, so it remains to be seen if those premium options will also be ripe for picking.
Another consequence is that the exploit can “extract an otherwise vehicle-unique hardware-bound RSA key used to authenticate and authorize a car in Tesla’s internal service network.”
The TU Berlin team (consisting of PhD students Christian Werling, Niclas Kühnapfel, and Hans Niklas Jacob, along with security researcher Oleg Drokin) will present their findings next week (August 9) at the Blackhat conference in Las Vegas, where we hope to hear more about all the feature upgrades that are accessible.
I’m a bot and I’m open source!
For example, 2021 Model 3 SR+ vehicles can enable the Cold Weather Feature (heated steering wheel, heated rear seats) for an extra $300. This feature unlock is confirmed to work with the exploit.
So like cucks people were paying for something that their car already had offline, both hardware- and software-wise.
Cool! Now work on exploits for those paywalled features of BMW cars and Ford cars.
If you pay for something it’s yours by right. You should be able to use the entire thing, because you physically have it now.
When I need a new car it’s going to br older not newer…
Nice anti-AMD framing so shortly after that latest Zen2 vulnerability.
Idk unpatcheable vulnerability for the core component of the system seems pretty negligent but what do I know
Not like they make boat loads of profit and are definitely just cutting corners on aspects of staffing to save extra money up for when the planet inevitably burns down (due to the very same people)
The vulnerability is much more of an issue for Tesla('s profits) than the owners. It’s not a simple exploit and not the worst concern for average users of those chips. You have to have physical access to it in order to exploit it, as well as a system worth hacking (think, national security trying to prevent compromised personnel from physically using the exploit on their systems). I’m not worried about someone breaking into my house to physically hack my computer, just to find some memes and bullshit
It still has to be addressed by both Intel and AMD, because that’s their whole industry. But recalls and such aren’t needed, because bugs can be exploited all over the place and this one isn’t a high level risk for the average end-user. It’s more of a concern for Intel/AMD reputation and the large industry users of their chips
If all electric cars are just going to be subscription bullshit, I’m sorry, I won’t be driving electric.
Even ICE manufacturers have been including hardware that software disabled for a while
deleted by creator
There are some manufacturers that do not do this garbage, or at least not often. I’ve heard good things about Hyundai specifically.
Tesla got rid of the heater subscription bullshit in 2021. Now, the only thing locked behind a paywall is internet related stuff (sentry over mobile, streaming media access, etc.), the performance boost, and FSD.
But if the car is completely capable of habe that performance, why should people pay for it.
Oh I’m just correcting the article. Facts are better than fiction for conversations about reality.
Here is an alternative Piped link(s): https://piped.video/watch?v=PWQL_XORalY
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
They should publish that private key 🤣
