Reminder that you can actually physically dike out the cellular antenna/telematics module while keeping the rest of your infotainment system intact using an aftermarket wire harness[0].
I wonder if there's a market for a company that makes affordable custom short extension or Y-splitter wire bundles, using 3D printing to cover all the innumerable automotive and appliance plugs and sockets that exist out there.
It'd make it a lot easier to cleanly (and reversibly) tap some CAN bus cables, for example.
All mozilla did was read the privacy policies. This is not a defense of car companies, but we need a real, detailed analysis of what is actually collected, when it is collected, and where it is stored. I hate tech in modern cars, Mozilla’s reporting here does very little to help anyone understand what is really going on; only what has been noted in the privacy agreement.
Even though this is "just reading the privacy policy", it's pretty damning when your car company says they can collect your sexual orientation, political affiliation, etc. and straight up say that they sell your information.
>we need a real, detailed analysis of what is actually collected, when it is collected, and where it is stored
Unless the companies themselves divulge that information, or various governments team up and force them to, this is the best you're going to get.
Tesla did not rank worse. The article could not find anything bad to say about Tesla's actual practices, so they scrounged some stuff up like "having AI means Tesla bad" and put in the Tesla statement that removing connectivity stops your ability to get software updates — well, yeah... They neglected to mention that any data Tesla collects does not identify you — even better than that, it does not even identify the specific vehicle. They do have the ability to go back and forensically get data for a specific car in special situations (accidents needing investigation for example) but they are so far ahead in privacy it's a joke that the article tried to portray it otherwise.
"They neglected to mention that any data Tesla collects does not identify you" and "They do have the ability to go back and forensically get data for a specific car in special situations"
Are contradicting each other.
Anyways, lets take Tesla out of the mix. The overall point is that every car company sucks.
edit: what's not great is the old infotainment ha, today had a playlist queued via bluetooth, stopped working like great, "suffered" from the radio ads
you can buy hardware for this over radio. just google your model, year, and remote start kit. some of these have 400ft range. i bet most of your remote starts are within that range anyway
Is it even "crack" when what you're actually doing is "just reading plain text requests and responses"? Maybe if you squint the whole "trying to find a valid email address" is cracking, but that's a bit like calling poking at doors to see which one swings open and then walking through it "forced entry".
How can a car brand famed for its reliability have such awful styling (this is subjective, but it seems to be sentiment that many share with me) and now such poor software etc? Such as shame.
Huh. I had to look it up, because I never would have put Subaru at the top of the reliability charts; experience and anecdotes would put it in the lower tier of Japanese automakers (granted, still well above average). But CR says #1 .. for now!
Historically, their history of head gasket issues, cam seal issues, ringlands on turbo cars, the continued use of timing belts, and other issues would definitely not have one placing Subaru at the top of perceived reliability rankings.
A lot of those are distant memories of old designs. Head gaskets have been a non-issue for a decade or more now and timing chains replaced belts a similarly long time ago.
Many of those issues were relevant to the EJ series of engines, which were used in various forms on almost every Subaru model for a very long time, but today pretty much every car uses the FB or FA series of engines.
The article Jalopnik based its piece on (and didn't even link to): https://samcurry.net/hacking-subaru
Previous HN discussion on that: https://news.ycombinator.com/item?id=42803279
Sam Curry is a beast and I'm constantly amazed at how many vulns he finds each year. He's super talented and also gives great talks!
Reminder that Subaru have terrible data privacy terms: https://foundation.mozilla.org/en/privacynotincluded/subaru/
Opt out here if you own one of their cars with connected services: https://subarucustomersupport.powerappsportals.com/Consumer-...
Reminder that you can actually physically dike out the cellular antenna/telematics module while keeping the rest of your infotainment system intact using an aftermarket wire harness[0].
[0]: https://www.autoharnesshouse.com/69018.html
I wonder if there's a market for a company that makes affordable custom short extension or Y-splitter wire bundles, using 3D printing to cover all the innumerable automotive and appliance plugs and sockets that exist out there.
It'd make it a lot easier to cleanly (and reversibly) tap some CAN bus cables, for example.
I left my telematics unit in place, but disconnected its GPS and cellular data antenna plugs.
Should I opt-out if my Forester has been bought used and I've never activated Starlink with my own credentials?
What does that opt out form actually do? That doesn’t look like an actual Subaru website.
Yeah, I had the same question. It seems the form appears here on their suburu.com domain:
https://www.subaru.com/support/consumer-privacy.html
Reminder that literally every car company has terrible data privacy terms.
https://foundation.mozilla.org/en/privacynotincluded/article...
Subaru, despite being awful with privacy, is actually on the upper end of the spectrum.
Tesla, Nissan, Hyundai, Cadillac, GMC, Buick, Chevrolet, Kia, Acura, Honda, Mercedes-Benz, Audi, Lincoln, Ford, Lexus, Toyota, Volkswagen, Dodge, Chrysler, Jeep, and Fiat all ranked worse.
All mozilla did was read the privacy policies. This is not a defense of car companies, but we need a real, detailed analysis of what is actually collected, when it is collected, and where it is stored. I hate tech in modern cars, Mozilla’s reporting here does very little to help anyone understand what is really going on; only what has been noted in the privacy agreement.
Even though this is "just reading the privacy policy", it's pretty damning when your car company says they can collect your sexual orientation, political affiliation, etc. and straight up say that they sell your information.
>we need a real, detailed analysis of what is actually collected, when it is collected, and where it is stored
Unless the companies themselves divulge that information, or various governments team up and force them to, this is the best you're going to get.
Tesla did not rank worse. The article could not find anything bad to say about Tesla's actual practices, so they scrounged some stuff up like "having AI means Tesla bad" and put in the Tesla statement that removing connectivity stops your ability to get software updates — well, yeah... They neglected to mention that any data Tesla collects does not identify you — even better than that, it does not even identify the specific vehicle. They do have the ability to go back and forensically get data for a specific car in special situations (accidents needing investigation for example) but they are so far ahead in privacy it's a joke that the article tried to portray it otherwise.
>having AI means Tesla bad
That's not what was said.
"They neglected to mention that any data Tesla collects does not identify you" and "They do have the ability to go back and forensically get data for a specific car in special situations"
Are contradicting each other.
Anyways, lets take Tesla out of the mix. The overall point is that every car company sucks.
I've found one company that does not suck in this department, so, the point is questionable.
>Are contradicting each other.
Zero knowledge proofs, cryptographic hashes, etc. I don't claim to know what they're doing but it's not necessarily a contradiction.
Can you even buy a car today without all this cloud crap, and with a few buttons and dials remaining?
me personally I like buying older sporty cars
edit: what's not great is the old infotainment ha, today had a playlist queued via bluetooth, stopped working like great, "suffered" from the radio ads
They make these Bluetooth-FM transmitters that you can plug in to the cigarette lighter. Not the best sound quality but reliable.
That's cool relevant to the Taylor swift post recently ha
I am so curious about taking over running the services that perform this for my car? Shouldn't I be able to issue commands to my car myself?
You can't even control the services yourself on a Windows PC anymore, let alone something embedded like a car.
It’s great this was patched, but would love an open source way to remote start my car, without paying for subaru’s subscription.
you can buy hardware for this over radio. just google your model, year, and remote start kit. some of these have 400ft range. i bet most of your remote starts are within that range anyway
https://www.12volt.solutions/products/2018-subaru-crosstrek-...
Is it even "crack" when what you're actually doing is "just reading plain text requests and responses"? Maybe if you squint the whole "trying to find a valid email address" is cracking, but that's a bit like calling poking at doors to see which one swings open and then walking through it "forced entry".
Now do the same for Toyota so I could replace their shitty app with my own.
Why can't automakers hire 1 descent UX designer? If they can't afford it, they could band up and hire one.
How can a car brand famed for its reliability have such awful styling (this is subjective, but it seems to be sentiment that many share with me) and now such poor software etc? Such as shame.
Huh. I had to look it up, because I never would have put Subaru at the top of the reliability charts; experience and anecdotes would put it in the lower tier of Japanese automakers (granted, still well above average). But CR says #1 .. for now!
Historically, their history of head gasket issues, cam seal issues, ringlands on turbo cars, the continued use of timing belts, and other issues would definitely not have one placing Subaru at the top of perceived reliability rankings.
https://www.consumerreports.org/cars/car-reliability-owner-s...
A lot of those are distant memories of old designs. Head gaskets have been a non-issue for a decade or more now and timing chains replaced belts a similarly long time ago.
Many of those issues were relevant to the EJ series of engines, which were used in various forms on almost every Subaru model for a very long time, but today pretty much every car uses the FB or FA series of engines.
They're also vehicles that are often driven hard and tuned, especially the WRX and BRZ.