• 0 Posts
  • 34 Comments
Joined 1 year ago
cake
Cake day: June 11th, 2023

help-circle
  • Western manufacturing tends to be much more automation heavy. Chinese manufactures don’t bother with buying a $100k machine that can make a car part when they can just hire 10 guys at $10k/yr to make that same part with a $50 drill press and some hand files.

    It’s not that it all strictly balances out, but if we actually gave a shit we could potentially be cost competitive for a lot of price brackets, especially given the costs to move whole ass cars across the Pacific.

    Bear in mind these sub $10k Chinese EVs are not something US consumers would really be interested in buying, they are basically tiny car shaped golf carts with extremely minimalist feature sets. Think ‘no audio system at’ all type interiors.




  • Intrinsically/semantically no but the expectation is that the texts are encrypted at rest and the keys are password and/or tpm+biometric protected. That’s just how this works at this point. Also that’s the government standard for literally everything from handheld devices to satellites (yes, actually).

    At this point one of the most likely threat vectors is someone just taking your shit. Things like border crossings, rubber stamped search warrants, cops raid your house because your roommate pissed them off, protests, needing to go home from work near a protest, on and on.


  • RF analysis is kinda difficult, you’d need to take the car out into the middle of nowhere and have access to fairly good equipment. A tinySA would maybe work if you’re very patient but data transmissions are generally very bursty so it may be difficult to nail down where it’s coming from in a sane amount of time.

    One option would be to try to figure out if there are any FCC filings for your car. All filings will have pictures of whatever module is being used and what antenna systems it uses which may give you a good idea of where it is and what it looks like. There should be an FCC ID mentioned somewhere at the beginning or end of the cars manual. Googling that should bring up some stuff.








  • Yeah, I’d agree with that.

    The point I was making was for people who thought this was cellphone cameras and that it would somehow work even if the camera wasn’t actively running.

    As far as war driving with an sdr you’d probably occasionally find something interesting, but the vast majority would be cameras just pointed back out at the street. I think you’d mostly see stuff where if you wanted to spy it would make more sense to hide your own camera because it’s already public.

    All that said, I would lose my shit if Hollywood did something believable for once and used this for a heist movie.




  • I work on this stuff, short answer, no, it’s not possible. This is just yet another overly complicated tempest attack. Especially with phones the camera link is so short it’s just not radiating enough. They claim 30cm so you basically need the receiver in the same backpack as the phones. As phones get higher resolution and faster cameras this will become even less of an issue. Also, most importantly the camera has to be powered and running for this to work so just don’t take pictures of classified stuff while carrying around a weirdly warm battery bank an unusually attractive eastern European girl gave you as an engagement gift and you’re good.

    The actual target here is some sort of The Thing https://en.m.wikipedia.org/wiki/The_Thing_(listening_device) style attack where someone with a huge budget can get a wildly expensive device really close to a system through a significant human intelligence effort.

    The line of reasoning is valid though. These satellites will have some ability to track and intercept low power intentional emissions like WiFi and cellular packets. While these are encrypted there are still things you can do with the metadata.



  • Part of the issue is the whole thing smells weird.

    Like they won’t talk about their monetization strategy at all but they acknowledge that there will be one. They’re trying to randomly apply crypto to something that’s literally already the one proven blockchain tech, and they started at the height of the crypto token scam industry and it looks a lot like they’re trying to suck up the last dregs of that cycle.

    If you are hammering crypto into things that don’t obviously need crypto you really need to justify it thoroughly. A relatively old company just hand waving all of it should raise all of the red flags.




  • Yeah the security angle gets parroted a lot, I’d call it more of a bad practice thing than a “omg you’ll definitely get haxxord”.

    Otoh USB C as a spec is sort of necessarily a nightmare. It’s not hard to end up with shitty devices that’ll gleefully provide 20V when the system expects 5V and even if it’s just USB A, it’s not that hard to end up with 120/240v going straight into your phone.

    At least with devices you own and control you know if they’re melting things and haven’t spent their lives being kicked/spilled on/cleaned with corrosive solvents or just generally old as hell and unmaintained.

    Personally I bring my own because it’s faster and more reliable, and I have trust issues.