this post was submitted on 03 Sep 2023
328 points (91.8% liked)
Technology
57453 readers
4413 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is like that show "Upload"; the guy literally gets killed by a car
You should finish watching that first episode before making such bold statements.
I mean I think its still a valid point. The car in the show was sabotaged, and that is definitely something that might be a thing once all cars self-drive. Especially once they remove controls like steering wheels.
There hasn't been a tesla FSD hack yet, but it would take spoofing a software update (and spoof the authentication and certs, etc)... The attacker would need to have access to a pretty massive supercomputer to make their own custom self-driving software and today getting the certs and everything right is next to impossible... but even then its only next to impossible, not impossible.
It may be difficult to spoof a certificate today, but tomorrow is a whole new day. To wit, OpenSSL has a pretty long history of serious vulnerabilities, despite being the best SSL library out there.
It is absolutely only a matter of time until the Tesla OTA functionality is compromised. There's too many moving parts for it to not be.
"Attack surface" is the term you want. Big software means big attack surface. So keep code lean for security as well as efficiency.
There are still a lot of other layers that need to be compromised past the cert for such an attack to even be possible. Even so, I suspect when such an attack does happen it will probably be for stealing cars. Your car would just wake up in the middle of the night and drive itself somewhere else to be cut up for parts. Less likely is any kind of safety issue since its so easy to take over control of the car.
Don’t even need sabotage. You already share the road with cars that someone repaired under a tree with the cheapest parts they could find.
oh look more anti right to repair sentiment.
no, cars repaired by people other than the manufacturer wont kill you
I’ve been repairing cars for over 15 years. There’s a massive spectrum for quality on almost any aftermarket replacement part. Literally the same part can range from $50 to $400 and the only difference is quality and durability.
Sometimes the cheap part is fine, sometimes they cause weird problems. Especially electrical parts.
yeah sure, but that is unlikely to kill you or someone else, and diy repair is almost always good for the consumer
That was a really good show.
Well hold on there, he survived the crash, and would probably have been ok. It was the upload that killed him.
Yeah, my bad 🤣 I meant the car technically endangered him to not live longer 😔