> One caveat, if you use bluetooth to connect your phone to the car DCM will use your phone to connect to the mother ship and presumably send your data. I only use my iPhone cable to connect to the car which does not have this effect.
A random post on a forum is not evidence that Toyota has found a magic way to exfiltrate data over a bluetooth connection without turning on hotspot/etc.
It's not evidence against it either. Presumably CarPlay and Android Auto could implement a network interface through the application layer, or even activate Bluetooth tethering at the system level as they are privileged apps.
But they could also do this over USB, so something doesn't add up.
RNDIS was a mechanism for tethering over USB, and you could certainly pair "Bluetooth Network Adapters" for years and there's a profile for it. So there's at least precedent for it. That makes it pretty plausible to me.
There's still a fuse for the DCM even in this car but:
- It has an internal battery and will keep running for quite a while after pulling the fuse. This is a safety feature in case you get in a crash that disconnects the 12V battery
- It will break your in-car microphone as discussed. Repairing that requires opening up the dash
- That won't do anything for disconnecting the GPS antenna
Storage space is limited. There's a black box for accidents that keeps a rolling window of data. That's not the dcm. Outside of that, how much telemetry can you store? What's the retention when there's no cellular connection? And importantly, where is it stored?
My guess is that the dcm, having a battery back up and a cellular connection, is also the telemetry store. No evidence other than it's the cheapest and most reliable way to do it.
At least for Subaru, the dcm also connects to all antenna so removing it disconnects gps antenna. For other cars, I'd still expect removing the dcm to be good enough for 95% of people given the current expectation from car companies that no one would want to remove the dcm.
That's an interesting point but consider that bandwidth is also limited when we're talking about an always on system that's in every vehicle sold. And until recently storage was remarkably cheap.
If you log 32 bytes once per second that's only 962 MiB per year uncompressed. But 32 bytes is a lot (or depending on what you're logging not very much), once per second is almost certainly more frequent than necessary, and almost all vehicles spend the vast majority of their time turned off.
For example logging RPM every 100 ms, 8 bits gets you reasonable but not perfect accuracy and you're looking at 300 MiB per year of continuous operation. It's just not much of a storage requirement for quite detailed telemetry.
Good point, but in practice I think the only way onboard data could be exfiltrated is by a dealer while the car is being serviced. If you DIY or hire an independent mechanic, this seems unlikely.
They don't. They have all internet traffic dragnetted and satellite imaging and radar far beyond what is publicly disclosed. They don't need to check in with some low res crap that insurance companies use to nickel and dime you. If you're trying to escape surveillance and control from TLAs then you better start your moon base plans soon.
The kind of organized crime that those people should be focused on are also resistant to this kind of tracking. The cartels and gangs just use burner cars that they dump, possibly with the keys and title still in it. Good luck doing much with the log but you've got the log and even the entire car to try and gather all the evidence you want. This tracking is mainly for hemming up small fry and productive citizens.
That also means it isn't passed to your phone via android auto / carplay. Phone GPS is much worse than car GPS for road navigation. It's basically unusable.
My Ford ~(2018 era SYNC system) has GPS and Bluetooth but no cellular modem.
It still technically is used for telemetry... but only when you get into a wreck. It'll ping the onboard GPS at that time for coordinates, then place a voice call over your paired cellphone to 911 with TTS coordinates and information about the wreck.
"Attention. A side crash with rollover has occured in a Ford vehicle. Multiple impacts detected. The maximum speed change was 38 miles per hour. Airbags deployed. Detected ONE seatbelt fastened. Press 1 at any time for location information, or press 0 at any time to speak with vehicle occupants."
In a perfect world they wouldn't collect it either, but I'd rather Apple have it than the car manufacturer (or rather, only Apple vs both Apple and the car manufacturer)
Also even with no modem, if you use CarPlay on your phone _via Bluetooth_ then the car will just use your phone's internet connection, so I only use CarPlay via a wired USB connection.
Aside from that the car works great, everything is 100% functional. I suppose I don't get OTA updates, which I'm fine with.
Wow, that is evil that they steal your data to send telemetry back via carplay. I always assumed that was possible so I have never actually hooked my phone up to a car but it really saddens me that it actually happens. There is 0 requirement for my phone to pass along raw internet access to the car in my opinion.
I have a Skoda and the GPS module was broken and that messed up a lot of the systems in the car, I couldn't use the adaptive cruise control, no traffic signs recognition and no SOS module. And apparently CarPlay sometimes uses the car's GPS module, so navigation was also a pain. I'd have to start the navigation from outside the car, otherwise it wouldn't use the phone's GPS.
I don't need something to protect the privacy of others from me, I need something to protect my privacy from others. The majority of people who use smart glasses are not going to be using this - where is the product that will protect me from them?
> Make an RSA key of 4096 bits. Call it your personal key.
This is bad advice - making a 4096 bit key slows down visitors of your website and only gives you 2048 bits of security (if someone can break a 2048 bit RSA key they'll break the LetsEncrypt intermediate cert and can MITM your site). You should use a 2048 bit leaf certificate here
Amateur question: does a 4096 not give you more security against passive capture and future decrypting? Or is the intermediate also a factor in such an async attack?
I thought FS only protected other sessions from leak of your current session key. How does it protect against passive recording of the session and later attacking of the recorded session in the future?
If using a non-FS key exchange (like RSA) then the value that the session key is derived from (the pre-master secret) is sent over the wire encrypted using the server's public key. If that session is recorded and in the future the server's private key is obtained, it can be used to decrypt the pre-master secret, derive the session key, and decrypt the entire session.
If on the other hand you use a FS key exchange (like ECDHE), and the session is recorded, and the server's private key is obtained, the session key cannot be recovered (that's a property of ECDHE or any forward-secure key exchange), and none of the traffic is decryptable.
The certificate is for authentication of the server. It has nothing to do with the encryption of the data.
Basically forward secrecy is where both the sender and receiver throw away the key after the data is decrypted. That way the key is not available for an attacker to get access to later. If the attacker can find some way other than access to the key to decrypt the data then forward secrecy has no benefit.
Unless details were intentionally changed that narrows it down to two companies that are not US based, despite being traded on Nasdaq. The other two are a ETF and SPAC
Worth noting, because many people seem to assume these folks are based in SV
> If that's the case, then there's not much to see here
They could have demonstrated the POC without sending data about the installing host, including all your environment variables, upstream. That seems like crossing the line
reply