|
noticed yesterday evening that the EV charger in a parking lot was having trouble: sure let's run the interface .jar as administrator, what could possibly go wrong?
|
#
?
Aug 1, 2019 12:13
|
|
|
|
| # ? Apr 27, 2024 00:58 |
|
|
Shifty Pony posted:noticed yesterday evening that the EV charger in a parking lot was having trouble:
|
|
#
?
Aug 1, 2019 13:14
|
|
|
D. Ebdrup posted:would that be a way around the firewall that all the manufacturers of cars with in-vehicle entertainment systems are totally and definitely implementing without any flaws between it and the can-bus used for controlling the car? uh what? why would the charger be communicating with the entertainment system?
|
|
#
?
Aug 1, 2019 13:38
|
|
|
i wouldn't be at all surprised to learn the charging port had a data pin that let the charger talk to the canbus
|
|
#
?
Aug 1, 2019 13:52
|
|
|
infernal machines posted:uh what? they're thinking about that def con talk from a few years back where you could take over Chryslers through the cell-connected infotainment for EVs the normal thing is to have every aspect of the car controllable remotely, which means there's an interconnect between the traction battery system and the cell network, and an interconnect between the traction battery system and external EV chargers
|
|
#
?
Aug 1, 2019 13:54
|
|
|
flakeloaf posted:i wouldn't be at all surprised to learn the charging port had a data pin that let the charger talk to the canbus https://en.wikipedia.org/wiki/SAE_J1772#Signaling reading up ont his
|
|
#
?
Aug 1, 2019 13:56
|
|
|
i'm aware of the jeep hack, etc. and there's been a bunch of stuff on hacking the tesla infotainment system (can bus comms are handled via limited api calls iirc)
|
|
#
?
Aug 1, 2019 14:00
|
|
|
infernal machines posted:i'm aware of the jeep hack, etc. and there's been a bunch of stuff on hacking the tesla infotainment system (can bus comms are handled via limited api calls iirc) yeah but is anyone at tsla, like, running afl on the charge port poo poo?
|
|
#
?
Aug 1, 2019 14:07
|
|
|
i haven't seen much about charger comms. afaik the vehicle sends a vin to the supercharger for billing/auth but i haven't seen anything explaining the protocol
|
|
#
?
Aug 1, 2019 14:12
|
|
|
at its most basic the only communication between the car and the charger is it putting various resistances across a signal line to say how much current it can supply / draw, which you probably couldn't hack, but i'm sure there's way more complex systems now and they're probably connected directly to the CAN bus just because they CAN be 
|
|
#
?
Aug 1, 2019 14:51
|
|
|
Taking over an EV charger would probably be a decent credit card mitm attack, since there are a bunch of brands and if you just did the “oops sorry the new system needs your data updated, scan this qr or visit this link to continue” and most users would happily enter their cc details
|
|
#
?
Aug 1, 2019 15:06
|
|
|
^^that's phishing not mitm, good idea though
|
|
#
?
Aug 1, 2019 15:24
|
|
|
Shame Boy posted:at its most basic the only communication between the car and the charger is it putting various resistances across a signal line to say how much current it can supply / draw, which you probably couldn't hack, but i'm sure there's way more complex systems now and they're probably connected directly to the CAN bus just because they CAN be Yep nobody would run a network over a simple power cable 
|
|
#
?
Aug 1, 2019 15:37
|
|
|
Trabisnikof posted:Taking over an EV charger would probably be a decent credit card mitm attack, since there are a bunch of brands and if you just did the “oops sorry the new system needs your data updated, scan this qr or visit this link to continue” and most users would happily enter their cc details right. also how likely is it those terminals are properly walled off from the rest of the charger owner's network?
|
|
#
?
Aug 1, 2019 15:49
|
|
|
i have no idea why but amazon recommended me the very crazy book "Project: Soul Catcher: Secrets of Cyber and Cybernetic Warfare Revealed" just now and with a title like that i just had to look inside (so i'm going to get a bunch more recommendations i'm sure). right at page one of chapter one, it's amazing: "every computer hacking technique is applicable to humans" lmao man don't you hate it when you just wake up and before you've even had your coffee you get a stack overflow and have to go back to bed and start over again
|
|
#
?
Aug 1, 2019 15:54
|
|
|
Shame Boy posted:
fevers are just the result of a dos attack
|
|
#
?
Aug 1, 2019 16:00
|
|
|
Shifty Pony posted:right. also how likely is it those terminals are properly walled off from the rest of the charger owner's network? If they are running their application as admin, and not as some sort of service account, its probably safe to assume they have little to nothing between their endpoints and their colo/cloud.
|
|
#
?
Aug 1, 2019 16:03
|
|
|
then the look inside preview does that thing where it skips to near the end of the book, and where it decided to land was this... test? because apparently you're supposed to be using this book to teach a class??  well do y'all know how a "psychotronic virus" works? i'm sure that's covered in the CISSP test or something right
|
|
#
?
Aug 1, 2019 16:07
|
|
|
Shifty Pony posted:noticed yesterday evening that the EV charger in a parking lot was having trouble: its cool I'm sure uac is enabledhahahahahahaha
|
|
#
?
Aug 1, 2019 16:08
|
|
|
Shame Boy posted:then the look inside preview does that thing where it skips to near the end of the book, and where it decided to land was this... test? because apparently you're supposed to be using this book to teach a class?? .....uhhhh, did they switch the actual text with something from a conspiracy theory book? Are they going to want you to discuss HAARP next?
|
|
#
?
Aug 1, 2019 16:09
|
|
|
CommieGIR posted:.....uhhhh, did they switch the actual text with something from a conspiracy theory book? Are they going to want you to discuss HAARP next? i think something got lost in translation here, it literally is a conspiracy theory book about how the CIA can hack your brain, i'm just posting it cuz i find them fascinating, especially since this dude is coming at it from a CS background so everything is through the lens of computer hacking
|
|
#
?
Aug 1, 2019 16:18
|
|
|
CommieGIR posted:If they are running their application as admin, and not as some sort of service account, its probably safe to assume they have little to nothing between their endpoints and their colo/cloud. also looks like there is no native credit card handling on the kiosk itself, so there's no pesky PCI DSS compliance requirements making them not do dumb poo poo.
|
|
#
?
Aug 1, 2019 16:28
|
|
|
Shame Boy posted:i think something got lost in translation here, it literally is a conspiracy theory book about how the CIA can hack your brain, i'm just posting it cuz i find them fascinating, especially since this dude is coming at it from a CS background so everything is through the lens of computer hacking That makes a lot more sense. Shifty Pony posted:also looks like there is no native credit card handling on the kiosk itself, so there's no pesky PCI DSS compliance requirements making them not do dumb poo poo. Yeah, the common solution to PCI DSS now is: "Let someone else do it." We're PCI Compliant now!
|
|
#
?
Aug 1, 2019 16:29
|
|
|
Shame Boy posted:then the look inside preview does that thing where it skips to near the end of the book, and where it decided to land was this... test? because apparently you're supposed to be using this book to teach a class??
|
|
#
?
Aug 1, 2019 16:35
|
|
|
in less crazy news, my credit union now has a big red box on the online login page: please attain a level of hyperawareness higher than our plane of consciousness about the text scams (reading the link it's just people trying to trick you into entering your pin by pretending to be a fraud protection text)
|
|
#
?
Aug 1, 2019 16:40
|
|
|
I need a Hyperaware to run my Virtual Awareness on.
|
|
#
?
Aug 1, 2019 16:41
|
|
|
Shame Boy posted:in less crazy news, my credit union now has a big red box on the online login page:
|
|
#
?
Aug 1, 2019 16:44
|
|
|
what good is an important announcementnt if you can't wrap it in several layers of officious bullshit thank you for deleting win32.PUPkin
|
|
#
?
Aug 1, 2019 16:50
|
|
|
win32.puckins
|
|
#
?
Aug 1, 2019 17:07
|
|
|
op, i think that box might not be red 
|
|
#
?
Aug 1, 2019 17:11
|
|
|
Shame Boy posted:well do y'all know how a "psychotronic virus" works? i'm sure that's covered in the CISSP test or something right
|
|
#
?
Aug 1, 2019 17:14
|
|
|
D. Ebdrup posted:op, i think that box might not be red what color do you see? i see a pinkish red, like right on the border between red and pink but imo still red, but my monitor's color temperature is probably all sorts of hosed up  according to the css it's #d33679 e: goog says that's "dark pink" apparently, ok
|
|
#
?
Aug 1, 2019 17:16
|
|
|
ewiley posted:Yep nobody would run a network over a simple power cable it at least has the decency to look shocked about it
|
|
#
?
Aug 1, 2019 17:37
|
|
|
CommieGIR posted:
well tbf making inconvenient stuff Someone Else's Problem is practically a foundational principle in business. ewiley posted:Yep nobody would run a network over a simple power cable these are actually very useful if you need low latency, jitter, and packet loss instead of raw throughput. good ones have mandatory AES encryption and can be easily re-keyed if you don't trust their key assignment. only real downside is speed drops pretty dramatically if you have them behind a surge protector. I used to use a pair to bring a solid network connection into my office because there's no way I'm going to route my work (encrypted as it may be) over a wireless connection. my new place has cat6 in the wall so now I used them to put a printer in a more convenient spot where there isn't a close jack.
|
|
#
?
Aug 1, 2019 18:02
|
|
|
Shifty Pony posted:well tbf making inconvenient stuff Someone Else's Problem is practically a foundational principle in business. from what i've heard power-line network stuff like that is very popular in europe because a lot of their buildings (especially the old ones) are made of solid materials instead of cardboard and tape and so attenuate wifi real good
|
|
#
?
Aug 1, 2019 18:04
|
|
|
Shame Boy posted:from what i've heard power-line network stuff like that is very popular in europe because a lot of their buildings (especially the old ones) are made of solid materials instead of cardboard and tape and so attenuate wifi real good more likely it's because there are much stricter limits for wifi AP power output over there. 2.4 and 5.8 aren't slain by two walls, which would be the more likely case in smaller EU residences
|
|
#
?
Aug 1, 2019 18:08
|
|
|
Shame Boy posted:from what i've heard power-line network stuff like that is very popular in europe because a lot of their buildings (especially the old ones) are made of solid materials instead of cardboard and tape and so attenuate wifi real good this is my situation, I use them to unify the upstairs and downstairs wifi. I'm in the US but whatever the floor is made of does slay my base stations (prewar high-rise) haveblue fucked around with this message at 18:25 on Aug 1, 2019 |
|
#
?
Aug 1, 2019 18:21
|
|
|
Shifty Pony posted:noticed yesterday evening that the EV charger in a parking lot was having trouble:
|
|
#
?
Aug 1, 2019 18:22
|
|
|
BangersInMyKnickers posted:its cool I'm sure uac is enabledhahahahahahaha there's no UAC to turn off in XP friend "documents and settings" changed to "users" in Vista, cmd.exe doesn't handle the docs/settings symlink very well, the mouse cursor is pre-vista, and the low virtual memory dialog also changed between XP and vista burning swine fucked around with this message at 18:30 on Aug 1, 2019 |
|
#
?
Aug 1, 2019 18:26
|
|
|
|
| # ? Apr 27, 2024 00:58 |
|
|
lol poo poo thought that was vista/win7
|
|
#
?
Aug 1, 2019 18:36
|
|