No more locked bootloaders like Secure Boot or iBoot.
No more locked bootloaders like Secure Boot or iBoot.
The original Xbox's 2048-bit RSA key and I have some unfinished business from more than a decade ago.
Yet you can still buy new production 12AX7 and other vacuum tubes!
Yeah, but try getting vacuum to put in those tubes -- there's nothing available.
You're talking about reading the ODBII data. That's a very different application to an information display that most drivers will be using routinely. So if nothing else, there's probably a good chance that many of those downloads were professionals who work on cars. Most of the rest were presumably enthusiasts who enjoy tweaking, and if you reckon you've personally saved $5-10K just on diagnostics with Torque then clearly you're not a typical driver.
But lets see if you can compromise it without taking off a panel, disconnecting a wire, or otherwise having privileged access to it.
Does your definition of privileged access include being within radio range? Being within radio range when the legitimate owner activates a remote feature? Gaining access to the manufacturer's facilities, either to extract sensitive information or to initiate contact with vehicles through the manufacturer's own remote access tools?
(If you're wondering if these questions aren't random and this line of questioning is a trap... Yes. Yes, it is.)
As for "infotainment" systems you can't have a bad system without a good/better one to compare it to.
I hope we could all agree that, for example, a system that allows a potentially dangerous compromise of the vehicle's control systems is bad even if all cars have the same defect.
Also, the standards of presentation of these systems are awful. There is nothing good/better for comparison only if you exclude pretty much the entire field of user interface design in modern technology outside of cars.
It would be interesting to see what that graph looks like if you include the USA's response to the September 11 attacks. As in, we got an awful lot of our own people killed trying to "spread freedom" in the Middle East, in response to an attack that killed about as many people as die in car crashes every day.
You're flat-out wrong. but go on "suspecting" that. Out here in the real world, actual economists have done quite a few studies on the impact immigration has on the US economy, and it's tremendously positive. Each immigrant produces, on average, more than one new job, so the net effect is positive. It's not instantaneous - there's always a delay as the market adjusts to the increased labor supply - but the effect is reliable.
In fact, economists believe that open borders would double the size of the US economy in twenty years compared to what it would be under current policies. The problem is that a lot of people who are already in the US would find themselves needing to actually *compete* for jobs. The short-term disruption would suck, especially for those who have been living at or beyond their means on the expectation that they'll always make more money next year than this year instead of living modestly and saving up. Those people, and especially their children, would still have a better life in the end... but short-term thinking is the S.O.P. in this country.
The auto manufacturers are looking for this data themselves -- this is a matter of public record in some cases, and widely acknowledged privately in others -- and so it is logical that they will choose their commercial partnerships in light of that. If Google want to keep that data for themselves but someone else will implement more integrated telemetry that lets the manufacturers spy on drivers and send the data to insurers, the second person is probably going to win the deal, unless and until the privacy regulators start stepping in.
As for ads, just tracking the locations someone visits regularly is a treasure trove of mineable information, and you can probably tell a lot about someone from their driving style as well. Of course, the implications of commercial services literally tracking our every move are pretty unpleasant for some of us.
My existing car dashboard:
Essential information I actually need when driving
No other junk
No other distractions
What do I win?
Yes, that definitely all sounds like a good idea and an excellent way to promote road safety. Can I subscribe to your newsletter?
The information isn't that interesting either, the most likely use would be applications to help people
The most likely use of collecting data about vehicles and driving style is probably selling it to insurers for a huge profit.
The next most likely use of collecting data about vehicles and driving style is probably selling it to advertisers for a huge profit.
Somewhere down the list there are probably things to do with law enforcement.
Somewhere near a footnote on page 17 there are probably things that will actually help make cars better for their owners, or least make future versions of cars better for their future owners. Auto manufacturers already do a huge amount of both simulation and real world testing during development of a new vehicle, using vastly more sophisticated and comprehensive systems than anything fitted to a production car you or I would drive on the road. There is only so much extra they could learn from large scale collection of real world driving data that they can't already determine from other sources.
There might be a decent argument for some sort of black box style recording for all cars, to help with investigating after something went wrong and hopefully make the roads safer for everyone in the long term. But like any black box, the integrity of that data would be important, so some remotely accessible system that is also hooked up to all kinds of infotainment widgets is probably the last place you would want it.
Information about the car is what CONSUMERS want.
Are you sure about that? What little actual user research I've seen suggests that most customers don't think much of in-car "infotainment" systems generally. The same research suggests that these systems are almost never a deciding factor in sales, except in the wrong direction if they are so bad that they stick out or, in a few cases, because of security or privacy concerns.
And really, who can blame those customers, when these systems almost invariably look awful and work even worse, even in very expensive prestige vehicles? It bends my mind that luxury car brands spend so much money getting metalwork and paint colours and seat shapes just right, but then throw in a "high tech" system that looks like the love child of a 1990s "under construction" web site and a first generation iOS app written by your neighbour's 14-year-old kid.
One day I really want to walk into a dealership for one of these brands and when they do the spiel about how great their high-tech keyless entry and infotainment systems are, see if they're willing to bet me the car that I can't compromise their system in some significant way in under 24 hours. Given I've worked in several relevant industries and have some idea of how low the standards are in the auto industry in this area, I find it disturbingly possible that I might actually be able to do that. But even if I couldn't, it would be fun watching the sales guys squirm, a bit like the SEO people who spam me saying they can get my business onto page 1 of Google in our field, when I reply that we actually are on page 1 of Google in our field and but when I searched for SEO I didn't see their site on the first page.
Thanks for the ideas, but yes, we've pretty much exhausted the sensible options, at least with the current card payment service we use. We do wonder whether that service might itself be part of the problem -- if having a programmer-friendly system so taking card payments on-line make it easier to take payments, naturally it also makes it easier to take fraudulent payments, and I wonder whether these new services' own "reputations" within the industry affect their custoemrs' fraud ratings on whatever systems check these things.
As for the crooks angle, of course there is always the problem with services being used to validate illegally obtained credentials, but in this case it is likely that every one of those users was legitimate. We're in a niche market, and the access patterns of the users in question are far too consistent with normal use and unlike anything someone just testing out a card would be likely to hit by accident -- we're talking dozens if not hundreds of page views looking up specialised information in specific, logical orders here. Also, while we see quite a few failures in month 2, in a frustrating proportion of the cases that mysteriously fail it's a subscriber who's had many months of continued membership and/or been known in our field and/or been in touch with us personally at some point, i.e., a good customer who was probably very happy to continue subscribing (but might not get around to doing it again for a while if the failed payment means hassle to stay signed up).
Pretty sure the word "fuckwad" is over the line for practically all people. That's not "any sort of criticism" at all; it's just a personal insult.
Terse, yes. Contains the word "fuckwad", no. Personal insults are neither professional nor efficient.
8 Catfish = 1 Octo-puss