Omega Owners Forum
Chat Area => General Discussion Area => Topic started by: Gaffers on 24 February 2016, 14:04:01
-
Warning. This post contains elements that some readers may find moronic. ::)
Just seen this on the BBC website. It appears that the security layer on the Carwing API is ineffective / not implemented and some bright spark discovered it, informed Nissan a month ago and they did booger all.about it.
Just switched off my application access and changed the notifications to everything.
So much for heating my seats up remotely for a while :(
Yours,
Capt Coldbuttcheeks
-
Still, just think of the extra 30m you can travel by not toasting the derriere
-
Still, just think of the extra 30m you can travel by not toasting the derriere
Almost doubling the total range ;D
-
Spotted that earlier....spoilsport!
http://www.omegaowners.com/forum/index.php?topic=134680.0
-
Still, just think of the extra 30m you can travel by not toasting the derriere
is that 30 miles or meters? ::)
-
What's a Nissan Leaf ;D
-
Still, just think of the extra 30m you can travel by not toasting the derriere
is that 30 miles or meters? ::)
He said it would double the range. So metres ;D
-
Spotted that earlier....spoilsport!
http://www.omegaowners.com/forum/index.php?topic=134680.0
Ah yes, technically this should be in the other section. Feel free to move it :y
As for hacking my Leaf, I have disabled the app so it's a no go :P I have heard a site in Canada has the script available if anyone wants to dice with the Computer Misuse Act ::)
Once they fix it I shall be pentesting the cr@p out of my car :y
-
Still, just think of the extra 30m you can travel by not toasting the derriere
;D ;D
-
What's a Nissan Leaf ;D
+1 ;)
-
Its an ugly milk float. They even make a van version as well
Keith ABS
-
We've got a Leaf at work , surprisingly quick off the mark , but just watch the range disappear as you hoof it !
-
What's a Nissan Leaf ;D
+1 ;)
You know those electric rides for kids in the shopping mall,Postman Pats van or the like?
Well the Nissan Leaf is one for grown ups. Every company should have one in the car park for staff to play with during lunch. Pound coin in the slot and away you go. ;D
-
Spotted that earlier....spoilsport!
http://www.omegaowners.com/forum/index.php?topic=134680.0
Ah yes, technically this should be in the other section. Feel free to move it :y
As for hacking my Leaf, I have disabled the app so it's a no go :P I have heard a site in Canada has the script available if anyone wants to dice with the Computer Misuse Act ::)
Once they fix it I shall be pentesting the cr@p out of my car :y
Be interesting to see if the warranty stands similar scrutiny... ::)
-
Spotted that earlier....spoilsport!
http://www.omegaowners.com/forum/index.php?topic=134680.0
Ah yes, technically this should be in the other section. Feel free to move it :y
As for hacking my Leaf, I have disabled the app so it's a no go :P I have heard a site in Canada has the script available if anyone wants to dice with the Computer Misuse Act ::)
Once they fix it I shall be pentesting the cr@p out of my car :y
Be interesting to see if the warranty stands similar scrutiny... ::)
Warranty after a passive vulnerability assessment or of the batteries as per previous conversation?
-
After your passive/aggressive vulnerability testing ;D
-
Right, this strikes at the heart of an issue I just don't get.
Why the fudge does a car need to be connected to the internet, or be a wifi hotspot?? I have never been in a car and thought "you know what it'd be great if this thing had youtube". In the sam way I've never put some bread in a toaster and thought "wouldn't it be great if this thing gave massages".
Its just so oppsing pointless! perhaps if mainstream manufacturers concentrated - even just a bit on making cars nice places to be instead of horrible s**ty plastic boxes, people wouldn't feel the need to dissociate themselves from the driving process and watch youtube on them!
Sorry, rant over, I'm currently stuck in rural sweden where beer is getting on £7 a pint and I've been given a Renault clit estate as my only nmeans of transport. Honestly, I've spent the last 4 days praying for a stretch of black ice so I can wrap it round a tree. Its done 16,000km and several bits of trip have already fallen off. Oh and its either implausibly economical, or the fuel gauge has stopped working ;D
-
Nothing illegal or which would contravene a warranty agreement in a passive pentest/vulnerability assessment. :y
-
Right, this strikes at the heart of an issue I just don't get.
Why the fudge does a car need to be connected to the internet, or be a wifi hotspot?? I have never been in a car and thought "you know what it'd be great if this thing had youtube". In the sam way I've never put some bread in a toaster and thought "wouldn't it be great if this thing gave massages".
Its just so oppsing pointless! perhaps if mainstream manufacturers concentrated - even just a bit on making cars nice places to be instead of horrible s**ty plastic boxes, people wouldn't feel the need to dissociate themselves from the driving process and watch youtube on them!
Sorry, rant over, I'm currently stuck in rural sweden where beer is getting on £7 a pint and I've been given a Renault clit estate as my only nmeans of transport. Honestly, I've spent the last 4 days praying for a stretch of black ice so I can wrap it round a tree. Its done 16,000km and several bits of trip have already fallen off. Oh and its either implausibly economical, or the fuel gauge has stopped working ;D
It's set to become an EU requirement for all new vehicles to include telematics soon (if not already implemented) so hold on to that Omega if you don't like the idea. ;)
-
Right, this strikes at the heart of an issue I just don't get.
Why the fudge does a car need to be connected to the internet, or be a wifi hotspot?? I have never been in a car and thought "you know what it'd be great if this thing had youtube". In the sam way I've never put some bread in a toaster and thought "wouldn't it be great if this thing gave massages".
Its just so oppsing pointless! perhaps if mainstream manufacturers concentrated - even just a bit on making cars nice places to be instead of horrible s**ty plastic boxes, people wouldn't feel the need to dissociate themselves from the driving process and watch youtube on them!
Sorry, rant over, I'm currently stuck in rural sweden where beer is getting on £7 a pint and I've been given a Renault clit estate as my only nmeans of transport. Honestly, I've spent the last 4 days praying for a stretch of black ice so I can wrap it round a tree. Its done 16,000km and several bits of trip have already fallen off. Oh and its either implausibly economical, or the fuel gauge has stopped working ;D
It's set to become an EU requirement for all new vehicles to include telematics soon (if not already implemented) so hold on to that Omega if you don't like the idea. ;)
Yes. Certain agencies want need the metadata ::)
-
http://www.troyhunt.com/2016/02/controlling-vehicle-features-of-nissan.html
Complete technical details there, including how much information is returned about trip details from the telematics unit. Interesting reading..
-
What suprises me is that different countries/regions have different APIs.
That just beggars belief.
-
What suprises me is that different countries/regions have different APIs.
That just beggars belief.
Yep, it's like they leave it to the individual national agencies to farm it out to the lowest bidder. ::)
What I'd be worrying about is how secure the API between the telematics box in the car and the internet is, because I'm guessing that's a whole lot more "feature rich".
I can arrange an observable mobile network if you fancy observing the traffic there. ;)
-
Now that would make for some interesting research
-
That would be handy. In theory it should be encrypted on some level at least. But let's see :y
-
C'mon Matt, you've worked in security long enough to not be that naive.. ;) :D :D
-
Just leant some info about hacking GSM with some stuff off ebay. Mobile data is normally encrypted unless demand increases. 3g and 4g are more difficult ergo more expensive.
If I can fix it on GSM and then forcefeed it some settings then it should be easy to hack.
-
Nothing illegal or which would contravene a warranty agreement in a passive pentest/vulnerability assessment. :y
I think the DMCA prohibits probing security software and as long as we have extradition to America there is a theoretical risk of being whisked off to Lakenheath and onto a flight to the US. ::)
-
Just leant some info about hacking GSM with some stuff off ebay. Mobile data is normally encrypted unless demand increases. 3g and 4g are more difficult ergo more expensive.
If I can fix it on GSM and then forcefeed it some settings then it should be easy to hack.
I can do all 3 network types. Can you get to the antenna connector for the telematics?
Network will normally encrypt, but that's only over the radio interface, leaving the data that enters the internet unencrypted. I really hope they use something on top of that.
-
I hope they do too but I suspect not. My fear is that they have wrongly assumed that all mobile traffic from GSM to lte is automatically encrypted.
-
Nothing illegal or which would contravene a warranty agreement in a passive pentest/vulnerability assessment. :y
I think the DMCA prohibits probing security software and as long as we have extradition to America there is a theoretical risk of being whisked off to Lakenheath and onto a flight to the US. ::)
If I keep any non passive tests to the car which I own there is no juridiction from the DCMA, especially in the uk . Otherwise any penetration tester would be at risk of prosecution for doing what is a legitimate job.
-
Nothing illegal or which would contravene a warranty agreement in a passive pentest/vulnerability assessment. :y
I think the DMCA prohibits probing security software and as long as we have extradition to America there is a theoretical risk of being whisked off to Lakenheath and onto a flight to the US. ::)
If I keep any non passive tests to the car which I own there is no juridiction from the DCMA, especially in the uk . Otherwise any penetration tester would be at risk of prosecution for doing what is a legitimate job.
That's sounds a good job ::) ;D ;D