7 comments

[ 2.4 ms ] story [ 18.5 ms ] thread
Is there an exploit? I've always wanted to explore the inner workings of my car's computer system, but I don't know how.
Seems like early 2000s cars were the last of the good cars. You had full airbags by that point but cars were mostly still just basic fuel injected internal combustions engines with sensible transmission choices that had seen probably decades of iteration at that point. If you wanted some crazy infotainment its not hard to roll your own with the standard sized stereo slots in those cars. No telemetry. No "driver aids" behaving nondeterministically. Mechanical linkages vs by wire. Just a car. Starts with a key. Exactly what is says on the tin and nothing more or less.
Bluetooth stacks are very complex due to the initially-vague 1.1 spec and the need for thousands of per-device quirks handlers. Even as specs were tightened, old device interop remains needed. If you implement a stack precisely as per spec, about half the devices out there won’t work with it (no exaggeration).

This situation is not a recipe for good code. Now that BLE has audio (the last thing from classic that it lacked), we can begin phasing out BT classic and this mess. However, it will be a decade before anyone can safely drop bt classic interop.

Basically: anywhere you have a Bluetooth stack that supports bt classic, feel free to ASSUME there are RCEs and DOSs lurking. You will not be wrong.

Source: a full blown case of PTSD from having written and debugged a few BT stacks

I’m half excited about this, and hoping I can exploit the infotainment on my Octavia 4
> The attacker may also be able

The infosec community loves their weasel words don't they?

The only other career path other than "meteorologist" where they get it wrong half the time with the burden of proof on the recipient, and everyone looks the other way.

Show your work, or it's not possible.