Comment by EvanAnderson
1 day ago
> Noooooooooo! No apps, please!
I wish devices could have web servers and web-based UI rather than thick "apps" that end up rotting when device manufacturers arbitrarily decide that old software won't work anymore (cough, cough-- Apple-- cough, cough).
I know we can't because "security", no end-to-end over the Internet anymore, etc. >sigh<
It seems like we've engineered the networking and software ecosystem to promote disposable "smart" devices. It's almost like somebody profits from it. Hmm...
Why, we of course could if we cared. Let the car offer a wifi access point. WPA3 is secure enough, but you can of course have an extra layer of TLS inside it.
For the extra paranoid, a car could have a USB socket that pretends to be a wired network interface, offering DHCP.
Run a web server for car diagnostics and maintenance when connected to this interface. Do it from the comfort of your laptop, or anywhere anytime using your phone. Zero chance of remote exploits, if you set the things correctly on the car side. An ESP32-based system with $5 BOM would suffice to provide this.
Not with off the shelf protocols. Yes WPA3 is plenty secure, but any AP advertising the same SSID with the same key would allow the device to connect. So how do you know that you're connected to your car, and not to the black hat AP next to it?
From there, you can have as much TLS as you want, but that still won't give you server identity unless the server certificate is signed by someone you already trust. So a generic web browser would be screwed, because you either add SlateTruckCertificateAuthority to the globally trusted list, and then you still have to deal with revocations and certificate expiry, or you use some other CA that is willing to delegate. There's no good support for self-signed certificates or pinned certificates, and even if there were, the initial connection would be tough.
Unfortunately this really isn't a well-solved problem. Bluetooth can get you part of the way there, but it only offers really good security in theory (in practice it is constantly having issues) and it is intrinsically limited.
First of all, the SSID and password should be unique. Then, you can have a QR code printed in the owner's manual, and inside the glove compartment, or something. There's a standard for QR codes for connecting to wifi, so you don't have to type in the long and cryptic password.
But I don't see much incentive to produce a fake wifi AP for me to connect to with my car diagnostics. I'm not going to punch my bank account and password into it anyway. If I'm misled to alter the battery charging settings for someone else's car, or for a pretend mockup of the car controller, I don't see what the perpetrator could gain from it.
Then there must be a button on the car dashboard, or near, which I should press to activate the AC (it does not need to be up all the time), and press again to switch it off. This can serve as an easy way to check if there's doubt. The interface may have a function like headlights on / off as a simple way to check that the connection works.