• Clent@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      7
      ·
      10 months ago

      No. That’s not how it works. That’s not how any of this work.

      A car does not automatically accept commands to devices it connects to because of some inherent trust. The car would be programmed to only accept commands from devices it expects to send it such commands.

      Anyone who allows the toaster to not only command the car but alap unlock the car should be fired and blackballed from the industry. That’s not a whoopsie, learning experience. That’s an unforgivable level of incompetence.

      • DragonTypeWyvern@literature.cafe
        link
        fedilink
        English
        arrow-up
        18
        arrow-down
        4
        ·
        10 months ago

        The kind of mistake someone on a work visa working 85 hours a week and sleeping in the office so they don’t get fired might make you say?

        • Clent@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          8
          ·
          9 months ago

          Interesting that the Lemmy hive mind wants this to be true, yet another indication that this place does not have a strong technical knowledge base. But no, this wouldn’t be the decision of a single person. That isn’t what this exploit is but again, trying to explain things to people who don’t understand the technical side of things isn’t a winning battle.

        • Clent@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          From the toaster you’d still need to find a way to access a trusted device. This is going to require an exploit. But first the toaster needs meet some specific requirements, like does it have a web server or shell. If it’s a simple device that merely broadcasts its state it likely does it meet these requirements.

          If your WiFi thermostat is broadcasting its default SSID, that means it is not connected to your WiFi. At most you can take control of the device but it won’t get you onto the trusted network any faster than hacking their WiFi directly. Best to go for a device already on the network.

        • Grippler@feddit.dk
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          9 months ago

          In the case of tesla, you’d still need the API token to the specific car (which requires username and password) to send any commands to it. It doesn’t actually take commands directly, from anything, it’s all done through teslas servers via the API. Getting access to local network makes no difference, you need the token to do anything with the car. You can’t even send commands via BT to the car.