Re. the radio: Now its a big useless screen that shows me useless data while still hiding all the useful data that I can get over OBD-II. And whats worse, that screen is tied to your fucking cars computer and configures your car so you cant remove it, no matter how much the software sucks. I hate my 2022 CR-V's garbage infotainment screen. Its a shit UI, shit audio quality, and the Bluetooth is bugged to all hell. I already have a computer with me in my car called a phone that does everything but better. And that's not saying much.
I also own a 05 55 AMG, also all mechanical, but oh so impracticable :D
I also like sensors and crash avoidance tech.
So instead of cleanly pulling off my merge into a lane going 10mph faster than me I look like a goddamn moron for zipping over and then hard braking away 20mph of speed. All because some programmers buried in Toyota HQ somewhere spent too much time on the HN or Reddit or whatever circle jerking it in the comments with the "you can never go wrong by braking" crowd. Could have been way worse had it been a spicer situation, like merging into traffic with a disabled vehicle at the end of the merge ramp or just about any other case with equal or great speed differential and equal or lesser margin.
A car should do what I say. I can understand doing something when I have provided no input or perhaps ignore a 0-100% press to prevent wrong pedal accidents but this is just horrible systems design. If I'm traveling at speed and mash the gas it stands to reason I did that on purpose.
A lot of the other stuff, though, I agree with you.
Show me the FARS data that supports these as actually saving lives.
This reminds me of when my father would try to argue that seat belts make people worse drivers. There is a logic to what you are saying. But it doesn't pan out with the data.
https://www-fars.nhtsa.dot.gov/People/PeoplePedestrians.aspx
Your dad's argument about seatbelts is that it will make people worse drivers. My argument is that backup cameras don't reduce fatalities because there are few to begin with, involve low speeds, and the data hasn't show any real improvement.
The point, if you want to save lives, let's start where the biggest savings are. Those are better driving testing and education (I do support these) and breathalyzer interlock devices (support these for offenders, not universal).
You seem to be asking why you don't see this directly in the data, with a number going down. But you do realize the the number of drivers and miles driven have both increased in that timeframe, right? Such that, if the safety had remained the same, the number of incidents would have gone up. Pretty much by definition, that means a number remaining the same means something kept it from growing.
https://www.aarp.org/auto/driver-safety/dangerous-reliance-c...
Reading your link appears to be more fear and caution than data showing things are worse? There is a broken link that ostensibly looks at lane assist and how it can have problems in bad weather. But nothing that says rear view cameras actively cause trouble? Just a fair callout that you shouldn't exclusively rely on them.
But, it was a beauty.
On the other hand, coupes with rear hatches can be particularly bad: https://www.motortrend.com/uploads/sites/10/2015/11/2004-toy...
Looking at the extremes like the Honda CRZ, it does seem to be a low priority area!
There's plenty of kids on my street, and I'm much more comfortable knowing everyone has one when backing out of a driveway, and not just the people who bothered to go get one installed aftermarket.
But the realistic option that worked immediately was mandating backup cameras.
(I would note that even in a world where everyone backed up into their driveways and parking spots, mandated backup cameras would still be a good thing.)
Citation needed. FARS data shows no decrease in reversing fatalities pre vs post backup cameras.
You're also mischaracterizing my argument. The point is, the current test of 50 questions and a 10 minute drive around the block is a joke of a test. Of course you're not weeding out people who aren't fit to drive with such an easy test.
By the way, I don't even know what FARS is. There's no agency by that name that I can think of in my country. Does it collect data on accidents worldwide?
I'm guessing you're from the US. Here's a quote from the NIH.
>"This study indicates that drivers not only attend to an audible warning, but will look at a rear-view camera if available. Evidence suggests that when used appropriately, rear-view cameras can mitigate the occurrence of backing crashes, particularly when paired with an appropriate sensor system."
From the IIHS.
>"Rearview cameras reduced backing crash involvement rates by 17%. Reductions were larger for drivers 70 and older (36%) than for drivers younger than 70 (16%)"
A kid getting hit by a backing up car causes injuries and concussions, and you saying it doesn't "add to child pedestrian safety" to prevent that because they aren't splattered by these incidents is offensively absurd.
I'd feel more comfortable if we'd raise the standards for the driving test so that only responsible people can drive.
To give a programming analogy, this is like saying "we can prevent memory safety issues by only allowing good programmers to use C". Everyone makes mistakes.
Fun fact: if you look at the FARS data for 2017 vs 2023, it appears backup cameras have made no difference at all. All the advocacy websites are referring to old NTHSA reports and none of them are using modern datasets.
Everyone else can enjoy their reflection/replay attacks or whatever.
Honorable mention to Toyota who has still not completely abandoned this simple, functional technology for a clunky fob that can be easily hacked.
FWIW, fobs are not for your convenience. It's for theirs.
Same with touch buttons. Not for you convenience, it's for theirs.
I do think the writing is on the wall for old fashioned keys, though? For one, they don't really give you that much protection. As laughable as poorly done key fobs are, a physical key is a pretty low bar as far as deterrence goes.
It can be annoying to consider, but cultural norms protect cars far more than anything else. Is why many in suburban areas can get away with having their keys in the cars at all times.
Fobs just created another attack vector catering to people too lazy to take it out of their pocket or purse.
Keyless start has another legitimate function besides laziness: it allows you to leave your car locked with the engine (and AC) running while a baby or dog is inside.
Of course, you can accomplish the same by having two keys with you; you decide whether that's another example of laziness. :-)
Some aftermarket remote starts have this feature.
However, in many states it's illegal to leave a car running unattended.
Though one could argue in court the baby or dog could serve as the attendant. Having said that, leaving a baby or dog unattended, AC or not, is just stupid.
Here's the repo: https://github.com/joelsernamoreno/EvilCrowRF-V2
There were early generation keys for VATS/Pass-Key I/II style systems in the ~~80s-late 90s which weren't actually "chipped" but had some protection mechanisms mostly based around resistance. They were a bit useless in that they were very limited in possible values so even without a key one could just guess through them. Beyond that, there were also just cheap bypass modules https://www.the12volt.com/installbay/forum_posts.asp?tid=845.... Really, these were not much different than going after a normal physical key car because of the lack of actual chip. I don't think you were referring to these for these reasons, but I thought I'd cover them anyways.
Actual chipped-but-physically-inserted keys https://www.key4.com/gm-transponder-key-b111pt?srsltid=AfmBO... using chips like Hitag2 https://www.nxp.com/products/rfid-nfc/hitag-lf/hitag-2-trans... started to hit the market towards the late 90s. These still don't signal the chip communication through the metal of the key into the ignition though, they use 125 KHz RFID wireless transponders. The difference between these keys and fobs is, at most, the maximum range and they lack the buttons a fob would have. The underlying operation of the chip operate on the same principle though, there was no such thing as "wired"/"physically transmitted" chipped keys. As such cloning them was indeed as easy as buying some random RFID cloner and beaming it at someone's purse to then drive away. Of course the other attacks on the car systems themselves (i.e. without the key) also still exist but that's beside the point.
If you think you know of a chipped physically inserted key which you believe does not ultimately use an RFID transponder I'd be curious what make/model/year. Maybe there is just some key I've never heard of.
My argument was also to the doors, though. Again, I got used to just leaving keys in the car at all times. I know movies make a cliche of the keys being above the visor, but I legit did stuff like that for a long time.
My grandparent's car didn't even need a key in the ignition to start. You could just turn it and have it get going for a while. He debated getting it fixed, but ultimately really liked how convenient it was.
My father had one of those vehicles with a keypad on the outside. I thought that was super convenient and quite nice. Especially good for traveling, as you didn't have to bother taking your keys with you.
And my argument was largely around norms. I don't like excessive punishment based societies, in general, but I also don't know why or how some grow to accept that some theft is just expected.
Chevy's pre-2008 were in a good spot, maybe 2007 for the avalanche body change? Quite a few Hondas and Toyotas were good through the early teens, especially the 4 cylinders.
I have a late 80s GMC pickup, 2005 Buick, and a Chevy Volt. The only one I have any real issues with is the Volt, though that's only been the last couple years as the battery is getting old; the most frustrating thing is needing to run questionable software on an airgapped laptop just to turn the Volt back on when a high voltage safety flag is flipped tripped in the computer.
Sometimes the platforms that the OEMs don't care about are great because the idiot dick swinging engineers who want to hit their KPIs neglect them. Sometimes they're terrible because they get phoned in. The flagship platforms are usually safe but sometimes they put too much bleeding edge tech in them.
This situation is not a recipe for good code. Now that BLE has audio (the last thing from classic that it lacked), we can begin phasing out BT classic and this mess. However, it will be a decade before anyone can safely drop bt classic interop.
Basically: anywhere you have a Bluetooth stack that supports bt classic, feel free to ASSUME there are RCEs and DOSs lurking. You will not be wrong.
Source: a full blown case of PTSD from having written and debugged a few BT stacks
Of course I don't expect it's implemented anywhere near securely, but in theory it's very possible. Game console companies have this stuff pretty solved.
The infosec community loves their weasel words don't they?
The only other career path other than "meteorologist" where they get it wrong half the time with the burden of proof on the recipient, and everyone looks the other way.
Show your work, or it's not possible.
There are cases where vulnerable code is found, but it may take weeks of tinkering to actually build an exploit that gets arbitrary RCE.
An example could be a buffer overflow that only allows a few bytes to be written. At first, you're likely just causing segmentation faults. DEP and ASLR will make writing an exploit that gives RCE difficult. This is when an attacker "may" be able to do something, if there's an attacker determined enough to figure out a full exploit.
The original researcher might not be interested in spending that time and just wants the vendor to fix it.
https://arstechnica.com/information-technology/2023/04/crook...
minusLik•7mo ago
noman-land•7mo ago
Ccecil•7mo ago
It is an interesting topic for sure.
minusLik•7mo ago