this post was submitted on 03 Sep 2023
330 points (91.9% liked)

Technology

59753 readers
3170 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 year ago (1 children)

You should finish watching that first episode before making such bold statements.

[–] [email protected] 2 points 1 year ago (2 children)

I mean I think its still a valid point. The car in the show was sabotaged, and that is definitely something that might be a thing once all cars self-drive. Especially once they remove controls like steering wheels.

There hasn't been a tesla FSD hack yet, but it would take spoofing a software update (and spoof the authentication and certs, etc)... The attacker would need to have access to a pretty massive supercomputer to make their own custom self-driving software and today getting the certs and everything right is next to impossible... but even then its only next to impossible, not impossible.

[–] [email protected] 6 points 1 year ago (2 children)

It may be difficult to spoof a certificate today, but tomorrow is a whole new day. To wit, OpenSSL has a pretty long history of serious vulnerabilities, despite being the best SSL library out there.

It is absolutely only a matter of time until the Tesla OTA functionality is compromised. There's too many moving parts for it to not be.

[–] [email protected] 2 points 1 year ago

"Attack surface" is the term you want. Big software means big attack surface. So keep code lean for security as well as efficiency.

[–] [email protected] 0 points 1 year ago

There are still a lot of other layers that need to be compromised past the cert for such an attack to even be possible. Even so, I suspect when such an attack does happen it will probably be for stealing cars. Your car would just wake up in the middle of the night and drive itself somewhere else to be cut up for parts. Less likely is any kind of safety issue since its so easy to take over control of the car.

[–] [email protected] -1 points 1 year ago (1 children)

Don’t even need sabotage. You already share the road with cars that someone repaired under a tree with the cheapest parts they could find.

[–] [email protected] 4 points 1 year ago (1 children)

oh look more anti right to repair sentiment.

no, cars repaired by people other than the manufacturer wont kill you

[–] [email protected] 1 points 1 year ago (1 children)

I’ve been repairing cars for over 15 years. There’s a massive spectrum for quality on almost any aftermarket replacement part. Literally the same part can range from $50 to $400 and the only difference is quality and durability.

Sometimes the cheap part is fine, sometimes they cause weird problems. Especially electrical parts.

[–] [email protected] 2 points 1 year ago

yeah sure, but that is unlikely to kill you or someone else, and diy repair is almost always good for the consumer