A Defensive Computing Checklist    by Michael Horowitz
HOME | About | Domain Names | VPNs | Rules of the Road | DC Presentation | ChangeLog | Stats |




All software has bugs, the software in cars is no exception.


September 21, 2023: U.S. Cities Have a Staggering Problem of Kia and Hyundai Thefts. This Data Shows It. by Aaron Gordon for Vice. Engine immobilizers are a basic anti-theft device that costs about $100 and prevents cars from being hot-wired. The car industry has widely adopted immobilizers. Anti-theft devices are required by law in Canada and Kia and Hyundai use them in Canada. However, they are not required in the U.S., so ... from 2011 to 2021, Kia and Hyundai manufactured many of their cars without immobilizers making them trivially easy to steal. In 2015, just 26 percent of Kias and Hyundais sold in the U.S. had immobilizers. In total, some nine million vehicles in the U.S. are vulnerable. This has resulted in a stolen car crime wave unlike anything the U.S. has seen in generations. 17 cities have filed lawsuits against Kia and Hyundai. Many insurance companies stopped selling policies for the affected vehicles.

April 13, 2023: Cities Sue Hyundai, Kia After Wave of Car Thefts by Joseph Pisani in the Wall Street Journal. Cleveland, Seattle, St. Louis and at least five other cities allege that the auto makers did not install anti-theft technology to cut costs. This makes the cars easier to steal and their cities less safe. There has been a surge of joy riders stealing these cars, damaging property and draining police resources. One lawsuit said "The security system for these cars is so substandard that it can be exploited by a middle-schooler." State Farm stopped accepting new customer applications for some Kia and Hyundai vehicles, citing a rise in costs. Cars from the 2022 model year are safe, but if you own one, you have to hpe that the bad guys know how to tell the different model years.


March 25, 2022: Honda bug lets a hacker unlock and start your car via replay attack by Ax Sharma for Bleeping Computer. Some models made between 2016 and 2020 can have key fob codes sniffed and re-transmitted .The vulnerability, according to researchers, remains largely unfixed in older models. In 2020 a researcher had reported a similar flaw affecting some Honda and Acura models but he claimed that Honda ignored his report. Honda has not verified the information reported by the researchers and cannot confirm if their cars are actually vulnerable. But, should the vehicles be vulnerable, "Honda has no plan to update older vehicles at this time," .

July 11, 2022: Hackers can unlock Honda cars remotely in Rolling-PWN attacks by Bill Toulas for Bleeping Computer. This is not the same bug as above from March 2022. Quoting: "A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely. Called Rolling-PWN, the weakness enables replay attacks where a threat actor intercepts the codes from the keyfob to the car and uses them to unlock or start the vehicle ...The researchers tried to notify Honda of the vulnerability but could not find a contact for reporting security-related issues." Honda initially denied the problem, then admitted to it, but they pointed out that this does not let someone drive the car away. As to fixing the issue, Honda said to buy a newer car.

October 10, 2022: What you should know about the Honda key fob vulnerability by Sue Poremba for Security Intelligence. Quoting: "Even though this vulnerability became news over the summer of 2022, the vulnerability was found in 2012 Honda cars and should be assumed to affect every Honda on the market today. Whoever has access to these codes has permanent access to unlock the car doors and possibly start the vehicle. Today, Rolling-PWN appears to only target Honda vehicles ... "


The Defensive Computing approach to Tesla is probably to not buy one of their cars. This story exposes the corporate mind set: Tesla exaggerated EV range so much that drivers thought cars were broken by Jon Brodkin for Ars Techncia July 27, 2023. Inundated with complaints, Tesla created a "Diversion Team" to cancel appointments. This was also covered by Karl Bode of Tech Dirt: Tesla Lied About EV Range, Then Created A Team Built Specifically To Undermine Customer Attempts To Get Help on July 28, 2023.

May 22, 2024: Teslas Can Still Be Stolen With a Cheap Radio Hack - Despite New Keyless Tech by Andy Greenberg for Wired. Tesla has an optional PIN-to-drive feature that requires the owner to enter a four-digit code before starting the car. This security feature is off by default. All Tesla owners should turn it on as the cars remain vulneralbe to relay attacks.

April 6 2023: Special Report: Tesla workers shared sensitive images recorded by customer cars by Steve Stecklow, Waylon Cunningham and Hyunjoo Jin for Reuters. Tesla cars have cameras on both the inside and the outside.

As to Tesla safety

  1. April 28, 2024: Lawsuits test Tesla claim that drivers are solely responsible for crashes by Trisha Thadani for the Washingto Post. The paper "obtained" dash-cam footage of Tesla crashes that offers details of vehicles allegedly on Autopilot. At least eight new lawsuits and a federal investigation contend that Tesla's technology invites drivers to overly trust the automation. The article starts with dash-cam footage from July 2022 that shows a Tesla traveling south on the northbound side of a highway.
  2. August 17, 2023: Tesla knew Autopilot weakness killed a driver – and didn't fix it, engineers claim by Brandon Vigliarolo of The Register. Fifty-year-old Jeremy Banner died in 2019 when his Tesla Model 3 smashed into a tractor-trailer in cross traffic. Autopilot had been activated ten seconds prior to the collision. In a civil lawsuit brought against Tesla regarding the crash two Tesla Autopilot engineers have claimed the automaker's leadership not only knew the software was unable to detect and respond to cross traffic, it did nothing to fix it. This crash bears remarkable similarity to a 2016 accident that killed Joshua Brown, whose Tesla Model S with Autopilot activated failed to notice an 18-wheeler tractor-trailer traveling crossing a highway.
  3. August 1, 2023: Steering failures are Tesla's new federal safety worry by Jonathan M. Gitlin for Ars Technica. The National Highway Traffic Safety Administration's Office of Defects Investigation is looking into a potential problem with the power steering in the model-year 2023 Tesla Models 3 and Y. There have been a dozen customer complaints. But, just add it to the list: This year NHTSA's ODI also opened probes into complaints of sudden unintended acceleration, and another is looking at the propensity for steering wheels to detach. That was not a typo, the steering wheels are falling off.
  4. 17 fatalities, 736 crashes: The shocking toll of Tesla’s Autopilot by Faiz Siddiqui and Jeremy B. Merrill for the Washington Post. June 10, 2023. Tesla's driver-assistance system, known as Autopilot, has been involved in far more crashes than previously reported. 736 U.S. crashes since 2019 involving Teslas in Autopilot mode according to their analysis of National Highway Traffic Safety Administration data. The number of such crashes has surged over the past four years. Tesla and Elon Musk did not respond to a request for comment.
  5. Report: Tesla Autopilot Involved in 736 Crashes since 2019 by Sebastian Blanco for Car and Driver. June 13, 2023.
 This page: 8 views per day (over 452 days)   Total views: 3,392   Created: March 5, 2023
This Page
Last Updated

May 28, 2024
Site Page

Site Page

Website by
Michael Horowitz
Copyright 2019 - 2024