this post was submitted on 12 Mar 2024
695 points (97.4% liked)

Technology

59440 readers
5230 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 16 points 8 months ago* (last edited 8 months ago) (7 children)

Or you could click the setting. Or not login to a website you didn’t expect to see. Or most scammers won’t bother because it’s risky and not scalable: you need to be physically present. This doesn’t seem like a likely vector.

The recommendation of being notified when new keys are created, is a good one though.

… except I could swear it already does

[–] [email protected] 25 points 8 months ago (6 children)

Proprietary software is often locked down to be idiot proof and tamper proof to the average consumer. Actually disabling the wifi (not just turning off SSID broadcasting) or other exploitable points might require a deeper level of access than just the settings page.

And it's not websites people are concerned about. There's a pretty common hacking concept where you attack the weakest connected device. If your car connects to your garage door opener, your coffee maker, your washing machine, all your smart devices - they only need to get access to one to get access to all of them since those devices are 'trusted'. Your car doesn't know why your coffee maker says 'unlock' but it's gonna listen, it trusts your coffee machine.

[–] [email protected] 4 points 8 months ago (5 children)

No. That's not how it works. That's not how any of this work.

A car does not automatically accept commands to devices it connects to because of some inherent trust. The car would be programmed to only accept commands from devices it expects to send it such commands.

Anyone who allows the toaster to not only command the car but alap unlock the car should be fired and blackballed from the industry. That's not a whoopsie, learning experience. That's an unforgivable level of incompetence.

[–] [email protected] 14 points 8 months ago (1 children)

The kind of mistake someone on a work visa working 85 hours a week and sleeping in the office so they don't get fired might make you say?

[–] [email protected] -4 points 8 months ago

Interesting that the Lemmy hive mind wants this to be true, yet another indication that this place does not have a strong technical knowledge base. But no, this wouldn't be the decision of a single person. That isn't what this exploit is but again, trying to explain things to people who don't understand the technical side of things isn't a winning battle.

load more comments (3 replies)
load more comments (3 replies)
load more comments (3 replies)