billwanhua
本站元老
- 注册
- 2005-07-07
- 消息
- 15,186
- 荣誉分数
- 4,723
- 声望点数
- 373
拿一个手机,根据KIA 车牌号码,30秒就能操控任何车,还可以假装owner找到车主的一切个人信息,甚至开启汽车的摄像机
I don't know, but I do know I need any of my cars, electronics, door lockers as less smart as possible.
WHO knows if there's a backdoor or a flaw or any loop holes somewhere out there
A new proof of concept released this week—simply called Kiatool—is probably the most powerful attack against any Kia we've seen yet.
There's a couple of issues here. First is the glaring threat to the vehicle itself. I mean, let's cut right to the chase—you can unlock and start the car with just the license plate. That... really bad. Like a relay attack on steroids. And it could all done without the owner ever noticing a thing (except for an eventual missing car or belongings).
Even scarier is the privacy issue at play. The exploit allows the attacker to fetch information about the owner's name, phone number, email address, the location of the vehicle, and, in some cars, even allows the vehicle's cameras to be accessed remotely.
In theory, this would allow for an attack chain that lets a driver pull up to a car at the grocery store to get the plate, silently add a burner email account to the owner's Kia account, find its location later on, then check the cameras to make sure nobody is around when they want to snatch it. Or, worse, use it to target the owner. Scary stuff.
I don't know, but I do know I need any of my cars, electronics, door lockers as less smart as possible.
WHO knows if there's a backdoor or a flaw or any loop holes somewhere out there
A new proof of concept released this week—simply called Kiatool—is probably the most powerful attack against any Kia we've seen yet.
There's a couple of issues here. First is the glaring threat to the vehicle itself. I mean, let's cut right to the chase—you can unlock and start the car with just the license plate. That... really bad. Like a relay attack on steroids. And it could all done without the owner ever noticing a thing (except for an eventual missing car or belongings).
Even scarier is the privacy issue at play. The exploit allows the attacker to fetch information about the owner's name, phone number, email address, the location of the vehicle, and, in some cars, even allows the vehicle's cameras to be accessed remotely.
In theory, this would allow for an attack chain that lets a driver pull up to a car at the grocery store to get the plate, silently add a burner email account to the owner's Kia account, find its location later on, then check the cameras to make sure nobody is around when they want to snatch it. Or, worse, use it to target the owner. Scary stuff.
最后编辑: