Welcome to Netrider ... Connecting Riders!

Interested in talking motorbikes with a terrific community of riders?
Signup (it's quick and free) to join the discussions and access the full suite of tools and information that Netrider has to offer.

Secure your AC now!

Discussion in 'The Pub' at netrider.net.au started by A boy named Sue, Feb 25, 2016.

  1. Troy Hunt: Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs

    Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs
    Wednesday, 24 February 2016

    Last month I was over in Norway doing training for ProgramUtvikling, the good folks who run the NDC conferences I've become so attached to. I was running my usual “Hack Yourself First” workshop which is targeted at software developers who’d like to get up to speed on the things they should be doing to protect their apps against today’s online threats. Across the two days of training, I cover 16 separate discrete modules ranging from SQL injection to password cracking to enumeration risks, basically all the highest priority security bits modern developers need to be thinking about. I also cover how to inspect, intercept and control API requests between rich client apps such as those you find on a modern smart phone and the services running on the back end server. And that’s where things got interesting.

    One of the guys was a bit inspired by what we’d done and just happened to own one of these – the world’s best-selling electric car, a Nissan LEAF:

    ....long article on hacking EVERY Nissan Leaf
  2. It's a big issue. The more internet connected devices there are, the more we need to consider if it was a smart idea to connect everything down to your bog-roll holder to the web with piss poor security. Some things being hacked will be nothing more than a annoyance, while others like your car, pacemaker, or insulin pump could be used to kill or the threat used to blackmail.
    • Agree Agree x 1
  3. If the bog-roll holders of the world got hacked we'd have a zombie state in less than 24hrs ;)

    Seriously though, I don't see the need for this much stuff to be interconnected. What a massive waste of bandwidth. Who cares if my fridge is running at 3.5 degrees? As long as the milk isn't off, Im happy...
    • Agree Agree x 2
  4. You obviously don't ride a Ducati.....
  5. Ummmmm......I must say - those highly parametrised URIs look piss poor.
    The entire point of an API is to abstract and suppress.
    Bleeding out internal routing/execution paths is very bad ju'ju.....

    There is a reason for micro-service architecture.
    APIs are the highest data layer of abstraction.
    Service layer does the 'real work'
    The back-end persists and is stateful.

    Face palm much Nissan?