As we noted previously, it means that many Kia owners may be unable to remotely unlock their vehicles or warm them up during an especially nasty winter storm hitting much of the country this week.
Cars had remote unlock and start decades ago (if not OEM, then aftermarket systems were and still are widely available), with zero dependence on what appears to be the company's servers. The only advantage I can fathom for being able to unlock and start a car over the Internet instead of only by being within radio range seems more oriented towards attackers and other user-hostile scenarios ("your car has now become a subscription, please pay to unlock it"). Have we gone backwards...?
When Tesla decided generously to temporarily grant residents fleeing a hurricane an upgrade that allowed full usage of their battery.
People's lives were literally in the hands of an optional, upsold firmware softlock.
The fact that it's come to that is completely appalling. When the manufacturer of your car has the power to save your life because if they didn't they'd suffer bad publicity is disgusting.
And the fact is, the only reason why hackers are able to gain access to vehicles, the only reason for any of it is because companies have decided cars need to be a service provided by them so they can keep making money after the initial purchase.
People buy cars so they can travel freely without relying on others. Making cars reliant on a third party server for something as basic as the ingition goes against the entire premise of owning a car.
>People's lives were literally in the hands of an optional, upsold firmware softlock
People's lives are literally in the hands of optional firmware softlock all the time in medical devices that you can find in hospitals. If the hospital doesn't pay for x feature or for support technicians to service them, then some people could actually die.
Saving lives or not, you can't blame a company for not giving you for free features you haven't paid for.
I blame companies for creating pricing structures that deny people the full use of hardware they supposedly own. I know it's standard practice. Lots of standard practices are bullshit, and this is one of them.
I would like to hijack the comment chain to point to the right to repair movement in agriculture [1]. There will be some hearings in Nebraska [2] about the issue where lobbyists will try to shoot it down again.
> If you don't complain, you have no right to complain.
A beautifully stated maxim I’ve never been able to articulate. As an immigrant from the USSR to the US, I believe this mentality is what separates the First World from the Second.
>Saving lives or not, you can't blame a company for not giving you for free features you haven't paid for.
Who's fault is it? The person who dies because they couldn't afford a firmware unlock which in most cases is a sunk-cost that's locked purely to produce profit?
Sorry -- that's too much of an ethical/moral opinion -- and honestly edges near victim-blaming; making lots of money in life isn't something that is guaranteed by any shot.
I'm of the opinion that anyone with actionable ability to change a situation -- and then chooses not to act on that ability -- is to blame for the situation progressing.
I hope and wish for public companies to attempt to act altruistically -- and the ones that don't should be held responsible by their audiences. The BioMed profit schemes out there are devious and for-profit-engineereed, no doubt about that; commonality doesn't make those practices morally appropriate, though.
Unless you are telling me that tesla sells cars for a loss (like an inkjet printer), the Tesla owners already paid for the feature. It just has been limited for some extra margin which clearly is not essential else the car would not have been sold to begin with.
Its plain rent seeking and frankly should be illegal.
Walk a mile in manufacturer shoes. Let's say you run a company producing a hardware product. And you invest in developing a software feature which improves your product. It costs money. This software feature also needs tiny modification of original hardware product by replacing couple parts with better ones with price difference of 0.001 cent/per piece . So your options are:
Start producing two separate models of you product, greatly complicating supply chain and logistics
Discontinue old product and produce only improved version
Produce only new HW but introduce software switch, to allow users to keep purchasing cheaper product without new feature, while simultaneously allowing users who need new feature to pay premium to cover your development costs
The Tesla softlock was not a feature, though, it was an artificial limitation being placed upon the operational capacity of your car. It's like Dell selling somebody a laptop with two of its eight processor cores turned off, and then forcing them to pay a fee in order to turn the cores back on.
I agree with the OP that it is a disgusting business practice at best, and totally indefensible.
Seems like a waste of resources to build a car capable of 300-400 miles but software lock it to 200 miles. Ideally not okay but obviously we live in a profit seeking world and Elon and co are no different.
Didn't the option just cover the AOA disagree indicator? AFAIK even the planes with that option only read from the pilot flying's AOA sensor before their fix was implemented.
Exactly. There's so many expensive treatments, devices, software, etc. that don't get offered to everyone. Unfortunately everything has a price
My workplace is currently struggling to sell a more expensive device, where in the majority of the cases it will offer no advantage over the original device, but in some cases it will be life saving.
Naturally, many health services are dragging their feet on wanting to buy our device.
I thought on the checkout page Tesla was pretty explicit that they were selling a 75 kWh model with discounts thrown in for artificially software-restricted 60 kWh version.
If an ICE brand sold two trims of the same vehicle - the cheaper one with the smaller tank or worse fuel economy, is it as appalling and aren't they endangering the drivers of the budget version?
I have trouble putting my finger on exactly why this feels wrong, but to me, the idea of buying a car - buying anything that has hardware in it that I have to pay extra to activate, it just seems wrong. I suppose it's the sense of wastefulness, or perhaps the idea that the extra widget could break and take down other things along with it.
Consider how you would do this with a battery. The battery has to have extra cells in order to have extra capacity, and the software allows the user to use or not use the extra cells if you pay for the privilege. But if one of those extra cells fails, the entire battery pack does as well.
In your example, the hardware IS configured differently, and there's no sense of waste or increased failure therein. You bought a car with a crappier engine or a smaller tank, and that's what is in it. There's no software key to fix it. Something about the idea of software letting you access hardware you already paid for (even if you didn't pay for the software to use it), just feels wrong.
It feels wrong because it is wrong. When you buy physical things, you should be paying the total cost for the hardware to be manufactured, distributed, and finally recycled or disposed of. When you buy something, you should own the hardware and should be free to do what you want with it.
I would like governments to make this clear in law, but I understand why some people feel might feel this is an overreach.
We can try and avoid buying hardware that has software restrictions, but without laws ensuring we can run whatever software we want on our hardware, manufacturers will take these rights away from us.
We are living in an age of environmental catastrophe, and I think we need to appreciate our physical things more, build them to last, and have laws that help us get the most out of the things we build.
Intel don’t have production runs of CPUs with different clock speeds. They make a batch, test them then work out the clock speed that batch is good for. Then sell them at a variety of prices. You can overclock and 90% of the time it’ll be fine. Maybe it dies after 5 years instead of 10. Or maybe after a week. In the case of Tesla maybe that move took brought forward the EOL of the battery by 2 years or maybe 2 weeks. Even our bodies don’t work that way - our brains prevent us from using our full strength except in extremis because if we did our muscles and tendons would be seriously damaged. Soft limits are everywhere.
The word for CPU manufacturers making multiple SKUs is “binning”. Every processor wafer made could attempts at an 8 core beast, but if 1 isn’t working, they disable another and sell it as a 6 core. If the chip isn’t stable enough for hyperthreading, that feature is disabled. Unstable at high frequencies? The turbo clock is lowered.
Are the manufacturers benevolent in this? Not always. Sometimes an 8 core chip will be locked to 4 just to make more lower end SKU pieces available for purchase. Or Intel disabling overclocking so you have to buy a “K” processor that costs more.
But when people say things like:
> When you buy physical things, you should be paying the total cost for the hardware to be manufactured, distributed, and finally recycled or disposed of.
They’re ignoring the fact that soft limits actually can make manufacture cheaper. The reason Intel/AMD/etc don’t have a separate silicon template for every SKU is it’s too wasteful (money wise). Each run has a setup cost, and if that can be lowered by reusing the same wafer template, they do that. It’s cheaper to have less manufacturing SKUs and just disable features later.
In addition, when soft limits are used on chips, it actually prevents waste. Imagine if the yield on an 8 core wafer was 70%. That means only 70% of the produced chips works at spec. The other 30% would be tossed if binning didn’t happen. By binning, that 30% can be sold (with reduced feature sets).
They do make software limitations to make it fit inside their product line. If only one out of eight cores is dead it’ll likely get sold as a 6 core chip not a seven core. If the clock stability limit is slightly too low it will get binned 10% lower for no technical reason.
If they didn’t do this everyone would be returning the 6 core versions of a chip until they get lucky and get the 7 core. People already do this a little with overclocking capable chips.
Maybe you’d argue they should sell a 7 core chip as well for a slightly higher price but that also means having more product lines and increased manufacturing costs as a result.
On the other hand, the extra cells give you more wear-leveling, right? So, in theory at least, a 75KWh battery limited to 60KWh has a longer lifetime than the unlocked one.
It's not wear levelling, but yes, my understanding is that Li-ion batteries still last longer if you don't fully top them up and don't fully discharge them.
What kind of warranty does Tesla have on the batteries? Is it conceivable that a firmware change that prevents fully topping up or fully discharging the battery statistically saves Tesla money in its warranty costs?
> Something about the idea of software letting you access hardware you already paid for (even if you didn't pay for the software to use it), just feels wrong.
isn't this what iPhones do, at the end of the day? in effect, by not being able to load applications of your own choosing, you accept the implicit limiting effect of the software you're given, similar to the bargain (?) described here.
AMD and Intel have been doing this for longer than I've been buying computers. You go to your local computer shop and want to buy a 486. You have a choice between buying a 486DX that is expensive and can perform floating point arithmetic quickly, and a 486SX is cheap and cannot. The 486DX and 486SX are the exact same hardware, but the SX has the X87 FPU disabled. You might say well yeah, but that's just a computer, not a car, but in 1990 you could easily spend $20,000 on a home computer with all the bells and whistles, which would be in the ballpark of $40,000 in 2020 dollars.
Intel, AMD, and NVidia still do this. If anything, they're better at it today than they were back then.
To preface, I think the 60 kWh models were unpopular, and Tesla eventually removed them from the lineup.
But your argument suggests that auto manufacturers will be penalized for making premium features easily upgradable, and lauded (or at least given a free pass) for selling premium features that are pain in the butt to get upgraded, even when it’s artificial busywork.
E.g., the navigation maps on my 2013 Lexus can only be updated by the dealer and carry a $1,500 fee. There are obviously easier ways to make the navigation upgrades easier, but I suspect if Lexus made it too easy, that would land them in hot water with the same kind of argument (and probably generate quite a bit of wrath from the dealers).
> I have trouble putting my finger on exactly why this feels wrong, but to me, the idea of buying a car - buying anything that has hardware in it that I have to pay extra to activate, it just seems wrong. I suppose it's the sense of wastefulness, or perhaps the idea that the extra widget could break and take down other things along with it.
Wastefulness may be distasteful, and you are welcome to boycott companies you feel are wasteful, but I don't think wastefulness should be a crime. If it's cheaper for Tesla to store unusable battery cell tech in your car than to throw it in a landfill, do we really want to make the landfill the cheaper option?
> If it's cheaper for Tesla to store unusable battery cell tech in your car than to throw it in a landfill, do we really want to make the landfill the cheaper option?
The end result is the same, isn't it? An unused battery cell that is driven around until the car is scrapped and goes to landfill. The case could even be made that carrying that extra weight for the lifetime of the car is more wasteful than throwing it away at the start.
I think more likely, if such wastage were a crime or at least financially discouraged, Tesla would do the obvious thing and just design a more modular battery with a way for them to either install or not install the extra battery cell, which is a much more desirable outcome than the current situation of wasting battery cells.
Wasting the planet's finite resources should be discouraged, either by law or financial disincentives.
I agree that it feels wrong but what about this scenario:
A company produces an item with two features A and B.
It costs the company $200 to build a fully featured item.
It now builds two of them for the market but also realizes not everyone needs both A and B. Yet they'll still need to earn back the production cost of $400. So instead of selling fully featured items for $200 they sell one soft-locked version with only one feature for $100 and the fully featured one for $300. More people who can benefit from the product/more customers while still earning back the $400.
> I have trouble putting my finger on exactly why this feels wrong, but to me, the idea of buying a car - buying anything that has hardware in it that I have to pay extra to activate, it just seems wrong.
In the 1970's Opel sold a model (the 'Kadett') that had an optional RPM indicator. But in reality all cars had that indicator installed, if you paid to buy the option the dealer would remove a blank plate that obscured the indicator.
This has been happening for a long, long time. Back in the day, we had an voice-mail system with a certain amount of storage. When you paid to increase the storage a technician came on-site and removed a bolt that allowed the hard drive head to move farther into the disk. Camera manufacturers are a recent example. There are firmware "hacks" that allow you to access more advanced features from a less expensive body.
Are these things bad? Maybe, but if you were the manufacturer would you rather source 2 (or 15) different components or just use 1 and modify it to fit the need and price point?
> the idea of buying a car - buying anything that has hardware in it that I have to pay extra to activate, it just seems wrong.
I made this point in another thread but this seems to be appropriate too.
If you use an iPhone or android you are under a similar regime. The hardware is capable of running any set of instructions that can exist. But it is artificially restricted to the subset found in the app store.
You can pay an extra fee to partially unlock it. You still cannot fully utilize it though.
But that's not the correct analogy. It's more as if Ford would sell you a pickup where part of the loading area is fenced off and if you pay extra they send you a key to take out the artificial smallifier they added. Or they sell you a car that refuses to fill up unless you buy the $50/month "extra fuel" subscription.
Am I the only one that remembers cars getting hijacked *while driving* because core systems were connected with the entertainment system [1]?
The whole 'lets smartify everything', 'control everything' or even 'collect usage information' is exhausting. We have collectively given up our freedom in the name of 'comfort' and often for features that nobody really needed but became mainstream.
I certainly agree with what you're saying. However, isn't this standard in many devices nowadays? Your iPhone can run any set of instructions, but it is artificially restricted to the subset found in Apple app store. It's the same thing in the car.
In general it can be assumed that any apparition of software in any piece of hardware is just a case of practical implementation of "organised scarcity".
I wonder how long before there is a large enough backlash from customers that "works fully offline" becomes a marketing label.
That's a really silly and wrong way of looking at it. Tesla has down society and you a great service by including additional capacity in your car above what you payed for. If they choose to let you have it for free, pat on the back for them. If not, then it is no different at all from someone dying in a Ford Focus that was only front wheel drive where all-wheel drive would have saved their lives.
by including additional capacity in your car above what you payed for.
The batteries have been already manufactured and you physically have them in your possession as they are there in your car; they just chose to artificially cripple their capacity in software.
If not, then it is no different at all from someone dying in a Ford Focus that was only front wheel drive where all-wheel drive would have saved their lives.
If the FWD version also came with all the parts that the AWD one has, but they were simply disabled in software and only acted as dead weight, people would be just as furious (and no doubt someone would find a way to reenable it.)
While agree the focus metaphor isn't a great one but you are also miss-selling the Tesla situation here.
Tesla restricts your battery usage for battery life purposes.
This allows them to sell you a vehicle that has a charge matching what they claim while also having a battery life matching what they want it to be.
SSDs work similarly. You don't sell 1 TB of SSD storage you sell slightly more than 1 TB worth. Then you wear level between cells to ensure the whole thing lasts a lot longer. (Batteries are nice because losing a cell isn't losing data but the fundamental strategy isn't anti-consumer)
Letting you use the extra batteries will create more warranty issues later which are not subsidized at the price you pay for the car.
Imagine cars came with governors for instance that could restrict speeds and acceleration to limit wear and tear on a vehicle and provide the consumer with a lower cost upfront thanks to less warranty work needed. Similar concept.
They choose to artifically cripple their capacity in software so more people can afford the car. Apparently they should only be selling the most expensive version according to you?
The amazing thing is realizing that despite the increasing dangers and actual disasters involved, more and more things are going to be put on the Internet.
The equation everywhere is "the cost of the security is always too high because the failure of security is always an unusual situation and something that usually works and is cheaper will win in the marketplace."
This is more or less exactly the scenario that played out in Texas this week, Feb 14-19 2021. All the players (gov, regulators, power generators) decided that it was too expensive to weatherize the network for a 0.1% chance event.
It’s how capitalism works nowadays: I win or you lose. As long as everything is going well, like normal weather or excessive growth of house prices, the capital owners make a lot of money. But when something predictable goes wrong, the bill is left to the consumers and tax payers.
What's described in the article is not a security problem. It's an availability problem. I would argue consumers DO care about the availability and I see lots of cloud based systems with local fallbacks.
When IKEA introduced cloud devices, IKEA hardly a company known for high prices or using expensive stuff in their products, they had local fallbacks. Their product is competing with the reliability of less expensive devices controlled with a light switch. Locks are another case where if you reinvent the wheel and get significantly less reliability people will be mad.
Yes, business continuation and disaster recovery is often considered a security discipline for this exact reason. Not every disaster is a hurricane or an earthquake; there are plenty of man-made threats to availability.
Although I imagine there’s a nonzero amount of people who have lost their keys already, and have been relying on the app rather than pay for a replacement.
This could be (partially) remedied through periodically requiring the user to pair the key and phone (bluetooth, wifi?).
It's kind of an annoying solution, but it sounds like a bit of a security risk to just let someone permanently stay logged in to an app like that without requiring authentication every once in a while.
I have a 2021 Subaru and can start and lock/unlock the doors from a phone app. But, I cannot put the car in gear without the key present, and it will not run for more than 10 minutes without manually starting the car from the driver's seat with the key even if the engine is already running.
I wonder if there are any car manufacturers boasting a 'dumb car' lineup. The current trend is pretty worrying. And sadly, it seems to get even worse with EVs. For some reason car manufacturers seem to want to market their EVs as 'smart-cars'. Which I find cringe worthy.
No, they originated from Romania models and have nothing to do with original Renault models AFAIK. I own Dacia Sandero 2015, it's as dumb as possible and I love it. Not sure about latest models, I know that there's some smart stuff added, like remote engine start, but AFAIK no Internet connectivity yet, just radio channel (and, of course, it's optional).
Do you mean buttons on key fobs? That's not what this is about. This is apps on phones that let you access the car. Why would you want to do that? Range of the signal, additional functionality (you can see the fuel level for example), and you don't need to have your key fob to use it.
Not having your key fob is huge for... Well... Accessibility by multiple definitions of the word. ADHD for instance makes it very easy to forget your keys and very easy to remember your phone.
This is a pretty flimsy argument for always having your car connected to the internet. Could people with ADHD not drive cars until the era of smartphone apps?
Well anecdotally, my teen drivers are constantly misplacing their keys. They never seem to lose their phones. I don't remember losing my keys all that often as a teen myself, but it definitely happened a few times.
It's not a "gosh darn it, they can't drive a car!" kind of thing it's more of a constantly late because they keep losing track of their keys kind of thing.
Bluetooth definitely doesn’t have adequate range in pretty much any scenario where I would want to use the “connected” features of my car, like remote start and finding the car’s location.
That's a "want" not a need. And that want, like a lot of wants in the tech world, was bought by making a pretty large attack surface theoretically that seems to have been taken advantage of, in the same way people "want" the internet of things and are surprised at how it is abused too.
I think techies need to understand that sometimes, it's better to be cold for five or ten minutes than find out the car's servers are down, or the battery in their fob is dead, or they are in a place where the car can't connect to the net. The high potential cost of convenience is there, even if it is rare.
There's very few things in our lives that are genuine, existential needs. You probably can do away without a car completely, as illustrated by pre-industrial societies.
I for one genuinely enjoy getting my arse in the warm vehicle rather than scraping the iceball of a car for 15 minutes.
Why would I need to control my car from more than 50m away? That seems like a luxury, at best. It’s being pitched in comments on this article as a necessity when it absolutely isn’t. It definitely isn’t worth also giving up control to everyone else in the world.
> It definitely isn’t worth also giving up control to everyone else in the world.
Lots of consumers disagree!
I find being to see the state of my car and control it remotely very useful. I’m happy to accept the downsides for the additional functionality. I think many consumers agree, given how much they’re willing to pay for it.
I feel like there's a group of consumers like myself who do agree but aren't being given options.
I'm personally dreading buying my next car because everything is #internetofshit, software-locked features and shitty touchscreens that are totally unsuited for using while operating a vehicle.
My current car isn't connected to the internet and my next one won't be either. I'm hoping the companies come to their senses before my next purchase, but I'm not holding my breath.
The downsides being full remote takeover in the worst case, which has the potential to kill you. It seems unlikely you're happy to accept the downsides.
Remote start is a luxury! And I wish I had it when I was parking far away from the office. Imagine walking a few miles to your car in a frigid Chicago winter. And then you get to sit in a cold car for even longer.
Many people drive to work and park in a spot more than 50m from their desk. Being able to remotely spin up heating a few minutes before leaving work would make a big difference in comfort in the winter.
For me SMS work reliably. And when it does not work, it usually indicates huge overload which means that Internet is long gone. May be different hardware with different cellular operators.
If Kia's don't have a local override using a key or fob (?) it's just a simple misapplication of technology. Even where you are would want to control locks from the internet, security concerns be damned, you need a high availability way to open the lock locally.
New technologies aren't nessecarily robust against misapplication
> The only advantage I can fathom for being able to unlock and start a car over the Internet instead of only by being within radio range seems more oriented towards attackers and other user-hostile scenarios
Your car might be parked further away than the radio distance, especially if you're living in a big city with few parking spaces. There are also a lot of scenarios where you are not at home but want to preheat your car anyways.
Yes, exactly. I‘m very happy my Hyundai has this feature as city parking more often than not means walking a few minutes to my car. Being able to pre heat, check the battery level, etc remotely is a feature I would not want to miss.
We have indeed gone backwards. Most homes and businesses have LANs, and yet almost every app works in a client/remote-server model, adding dozens of SPOFs where there need not be any.
Is it not the same with most aspects of software as consumption reaches economic critical mass?
Systems designed by and for users lose control to business interests.
Leading to streaming over media ownership, as we become renters in every domain.
Movies, shows, music, video games. “To improve the consumer experience” reads ever closer to “with DRM we can charge subscriptions in perpetuity (telemetry’s just a bonus!)”.
Why would I want or require internet to play a single player computer game? At least with cars, perhaps we’ll begin to see some pushback.
Battery life is partially a reason. If your car would be online 24h, it’d drain 12V battery faster. And you cannot trust iOS or Android not to kill your app in the background, when it’s waiting for the car to be awake to communicate. Servers can queue that for you.
I've tried multiple times, including contacting the corporate branch of the automaker and talking to multiple dealers, scouring the forums, and everything else in an attempt to disconnect my car from their online services (in theory, depending on the automaker, the hackers can completely brick your car).
My car isn't from Kia, but this is not unique to Kia. I eventually personally found the microcontroller and shorted the modem myself, after doing extensive work to figure out how to do it without breaking anything else.
It's a cellular antenna, like you'd find in your smartphone. And if I remember correctly it's soldered to the microcontroller, in a tight space with lots of wires (not to mention any potential metal contact points).
The antenna on the body of the car is for XM/FM/AM radio and is only a receiver. It's not connected to the cellular modem in any way at all as far as I can tell (apart from being attached to the same car).
It'll vary for each manufacturer, but in my case shorting the modem was trivial once you knew which pins to connect.
Yes I assumed it was a separate antenna. My point was they are probably about the same work to identify, and rendering it non-functional would seem to be a safe way to not mess with anything else. It just seemed superficially easier/safer, which is why I asked.
I would wager that this is by design - if you stop making payments on your car, they basically have lojack built in that would help them repossess it. That's why they make it nearly impossible to disable.
It’s possible. This was highlighted a few years ago in Canada when someone had their car disabled remotely over a fee dispute. That was a Kia incidentally.
Remote unlock is the least of the problems here, the real issue is that cars have no business being connected to the vendors servers at all. This could have been entirely solved locally by pairing the car to one or more phones using BT/WiFi. How remote does it have to be, you don't really want to be able to start your car if you're not in WiFi range.
Yeah, I also like the ability of third parties like Teslabout to provide dashboards of your car usage. Personally, I want "personal telemetry" in all my devices: if protocols like Solid ( https://solidproject.org ) were more well-established, they'd be a great way to have this sort of functionality without relying on the vendor to store/process all the data.
Solid still requires data to be stored somewhere thought, someone needs to host the pod -- and the chances are, it'd still be one huge vendor-owned pod.
You could say: "but I want to configure my car to upload data to a different pod" -- but this is possible today. If there were an interest, the car could ask for WebDAV / sftp / webhook address + credentials, and put telemetry there. But manufactures don't do that because there is not enough interest for this feature to justify development + support costs.
The problem is UX: if data privacy laws forced the issue, I think we could come up with a nice way to specify the pod that is accessible to non-techies.
Agreed, those are reasonable additional features. And critically, they aren't necessary for the car to function (so they could, and should, be optional).
That was an extreme example. My point was more that it's technically possible to enjoy your car and have privacy. There's just no incentive for car manufacturers to not control your data. If there was user friendly was to have control of the data by running on either your own computer or have it hosted somewhere without having to think about it that would be ideal.
This could be done via ZigBee, you'd plug in a transceiver to your home local home network your phone could connect to you or access via BT. Or maybe the keyfob itself can act as a ZigBee transceiver?
I love technology. I think it's great. I think it's the bee's knees.
My house thermostat is failing. Many segments on the display don't work, the programmable bits no longer work, I woke up to a frigid house last week.
I went on amazon.com and looked at thermostats. Internet connectivity galore, fancy phone apps, full color LCD displays, dashboards and logging, the works.
I bought an $18 model that has a weekend/weekday programmable schedule. I know I can't trust these vendors. They care entirely too little about my security.
Some day I may sit down and build myself arduino-based thermostat, but that day is not today.
> Remote unlock is the least of the problems here, the real issue is that cars have no business being connected to the vendors servers at all.
Why do you think that? It provides valuable functionality that I use, such as journey logging, fuel status, access from an app, and so on. You need an intermediate server run by the vendor. I can't give it my phone's IP address, can I!
Maybe something simpler like a stun/turn server would be enough. Or something with no infrastructure (or recurring fees) at all, only working in my local network (like my printer).
What is there to manage? Plenty of devices work just fine on local networks without the need of a mothership to act as a bridge. Just look at almost any Apple P2P service, such as AirDrop, Wifi Password sharing, Handoff, AirPlay etc
I'm not sure you understand the use-case here - Apple P2P services are about working on a local network. But that doesn't apply here, does it? My car and my phone obviously aren't on a local network, are they? How do you propose to establish a local network remotely? Some kind of VPN? You'd need to establish a connection via some kind of centralised server... run by a vendor.
As the previous poster mentioned, that can be achieved with much simpler STUN/TURN servers provided by the vendor, that don’t take active part in sending commands etc, they just provide a basic pipe to route traffic through. Frequently they can even provide that pipe by just providing some help to link two devices so they can do direct P2P.
In this environment the vendors doesn’t get to watch and inspect the content of what’s transmitted, their devices don’t phone home, and the service is trivial to restore because they’re pretty much stateless.
Sounds like you've accepted the vendors do really need to run a service, and it can't be local, and now you're just debating how big that service needs to be.
There is a mothership -- it is just built into an Apple device, and Apple spent a lot of effort getting this all to work, and they can only get it to work because they control all sides.
Try setting up a generic wlan-compatible printer and a macOS laptop on a local network. I have such setup, and it is just fails every once in a while for no reason.
I would not recommend this to anyone over well-run centralized server.
Well, yes, if you refuse to connect your phone to your car then you will need an intermediary to connect your phone to your car. The vast majority of people would be fine with a setup that syncs their phone and car when they're in the car, though; I assume I'm not that rare in that I always plug in my phone when I get in the car in order to use it with the dashboard anyways (Apple CarPlay / Android Auto), at which point it might as well sync any info I want.
If you want to remotely start your car to warm it up from a mile away, then by definition you're not going to be sitting in your car connected with a physical wire, are you?
And whatever your IP was the last time you plugged in may have changed by now. Do phone networks even let you accept incoming connections from non-approved services?
Does not compute.
> The vast majority of people would be fine with a setup that syncs their phone and car when they're in the car, though
I think demand for wireless car functionality in practice in the market (it's often an optional extra - people pay real money for it) shows you you're wrong.
> If you want to remotely start your car to warm it up from a mile away, then by definition you're not going to be sitting in your car connected with a physical wire, are you?
Oh, yes, in that case we're totally talking past each other and you have a completely valid point. I was originally responding to:
> journey logging, fuel status, access from an app
which should be perfectly doable locally, but agreed that [very] remote start is likely to need some sort of intermediary.
> I think demand for wireless car functionality in practice in the market (it's often an optional extra - people pay real money for it) shows you you're wrong.
Possible; it certainly wouldn't be the first time that I had very different preferences from 99% of the population without noticing...
I'm not sure that's clear. Almost nobody custom orders options on cars anymore. They take what's in stock or readily available at the dealer, and those are mostly the fully-loaded models.
Yes, they are buying it and paying for it, but do they really have a choice?
> Almost nobody custom orders options on cars anymore. They take what's in stock or readily available at the dealer
I think this is a uniquely American thing. In Europe, Asia, etc, most people custom order a configuration on a website that’s then built at the factory and delivered to the dealer where they pick it up.
According to the original article [1] (The Drive one is just a poor rewrite), Hyundai is also affected.
>After the publishing of this story, numerous Hyundai and dealership employees contacted BleepingComputer to state that Hyundai was also affected by unexplained outages.
>In emails sent by Hyundai Motors America to Kia dealerships on Saturday and seen by BleepingComputer, Hyundai stated that multiple systems were down including their internal dealer site, hyundaidealer.com.
I mean how else would ransomware authors demand payment? Classical solutions are too easy to trace. This is one of the worst byproducts of crypto. Turns out permissionless means people you don’t want using the system, using the system for things you don’t want them doing. Who’d have thought.
Monero. Its designed to be far less tracable than BTC and many exchanges exist online that trade XMR for BTC. I am surprised BTC still has this large presence in the blackmarket.
XMR has too little plausible deniability at the onramp and offramp, and is getting delisted from exchanges. Like any money laundering business the process relies on plausible deniability. Think Los Pollos Hermanos.
Monero markets itself to criminals. Bitcoin to speculators and ancaps. You can hide your BTC gains by saying you made some leveraged trades in Malta. You can’t hide your Monero gains. Ironically it’s what makes it better at its job that makes it less useful.
You feel that way, but its not a complete reality.
For more than half a decade many bitcoin invoices have actually been paid with Monero and we don't have a way to quantify that except to participate in forums where people talk about what they do. The merchants wouldn't even know if thats what happened.
For every XMR.to that shuts down, another has already risen and is just waiting for marketshare.
There are also trusted bridges between blockchains.
And people are still working on trustless bridges compatible with Monero, which will really unlock its value and make exchanges completely ignorable.
Ultimately the state will never accomplish its goal of strongarming the intermediary.
Monero is compliant with all FATF goals. The state has gotten used to surveillance of digital transactions over the past 50 years by deputizing financial institutions, this was a temporary convenience for them and now digital transactions don't require financial institutions, which is simply a reversion to a mean with a millenium of precedent. For now they can strongarm the intermediary as they havent even noticed that they’ve just been taking a convenience for granted, but the reality is pretty clear: the state will have to deter whichever activities they dont like by actually investigating and stopping that person as regulating/strongarming the intermediary wont be a tool they have anymore.
Trust me the boundary between the shadow market and the real economy (where such systems would be illegal) is where the friction will always be and remain. Trade away, have fun, as soon as you try and convert to real money they’ll come down on you like the sword of Damocles fell. The only reason this isn’t more frictional is because the government has bigger things to worry about. They simply don’t care about you. The second that changes you’ll be trading in the digital equivalent of suitcases full of prepaid gift cards.
This isn’t a new game lol, it’s been played to death and one side has a lot more experience than the other.
That’s not the direction things are going. All of our representatives are bagholders now after being recipients of those thanksgiving day conversation and they are more aligned to increasing the utility instead of hampering it. You’re stuck in the wrong decade.
There is no utility that isn’t better achieved classically. When that changes I’ll join you on the other side, and won’t hamper my ability to earn money by investing in tilting at the windmills of decentralization - I prefer to approach technology beginning with a problem and looking for a solution as opposed to the opposite - but as always I wish you the best of luck.
I’d suggest you’re in the wrong century, I’m thinking when Isaac Newton lost all his money in the south seas bubble. 1700s?
> I prefer to approach technology beginning with a problem and looking for a solution as opposed to the opposite - but as always I wish you the best of luck.
yeah we've been over this before, when a client outside the US wants to pay find me another way to convert an international wire transfer (high degree of delay including increased scrutiny) to a domestic wire transfer (low degree of delay, no scrutiny) that doesn't use a cryptocurrency network.
the transaction fees alone of that one use case makes the native cryptocurrency scarce, even if that native cryptocurrency is not what was used to settle the transaction.
and I've done inter-Europe transfers too, the SEPA system is not what its cracked up to be. It is even more fragmented, transactions between some combination of SEPA nations can take 2-5 business days just like the US ACH system.
from what I know about this discussion is that each use case is its own conversation, so I randomly chose this one out of a hat.
> I am surprised BTC still has this large presence in the blackmarket.
The people buying goods online are not usually very tech savvy, so you lose a lot of potential customers by requiring a difficult-to-acquire cryptocurrency. Those selling the goods usually know what's up though, so they're still going to be doing the BTC->XMR->BTC->exchange swap in order to hide their identity.
edit: You would be surprised how dumb some people are online though. Nowadays folks are a bit wiser, but the original silk road got taken down because they used hotmail, lol.
> so they're still going to be doing the BTC->XMR->BTC->exchange swap in order to hide their identity.
Wouldn't this just shift the risk to the exchanges who are now holding tracable proceeds of crime?
To my knowledge, there is at least some amount of identity verification on the major exchanges, so presumably that they're fronting with stolen identity documents and the exchange is the one "holding the bag" so to speak?
Mmm it's not too hard to get use a decentralized exchange to get cash overnighted for BTC sent to a PO box that was made with a fake name and cash. You can't really spend/deposit that cash easily, but at least it's not crypto anymore.
Also, it's pretty much impossible to fraud Coinbase/Gemini/etc. since you need to hook it up to your bank account, right. Ergo, no one is sending BTC (even if it's "clean") to an exchange hooked up to their bank account. If someone is thorough it's highly unlikely that clean BTC will get them imprisoned, but the IRS might take a hefty cut that vendors of course would prefer to circumvent.
Many vendors also don't cash out until they're completely clean, if they can afford to.
I’m as anti-Bitcoin as the next guy, but I still don’t see how it enables all these ransomware attacks. If the federal government were serious about pursuing this why not just follow the public, immutable transfer record and indict and sanction everyone associated with any entity along the way?
Not being able to do business with any business that does business in the United States is a pretty big deal. Not to mention your executives not being able to travel anywhere with an extradition treaty.
“All outputs in the Bitcoin transaction with hash <...> are illegal to redeem.”
This, however, means that criminals (who don’t care about the law) can still use these segregated Bitcoin to transact between themselves — as long as miners aren’t punished by including the illegal transactions in new blocks.
That seems like the bare minimum but I expect that at some point a ransomware will hit a high enough profile target that the federal goes through the effort of actually tracking down recipients.
I guess I don't really understand what the plan is, since all bitcoin transactions have a permanent record that are publicly viewable by all. You can't hide bitcoin, every transaction they were involved in is recorded. If they ever want to turn the bitcoin back into real currency they need to go through an exchange to convert it, and the gov can just ask the exchange for the info / bank account of the person associated with the bitcoin.
When you transfer to a bank account, it cannot move out of the country's jurisdiction without triggering multiple regulatory touchpoints. It's not easy to cash the money out overseas.
But when you transfer bitcoin, it's done once to a virtual ID. The person receiving doesn't need any online account. You can't trace anything here. It's just "sending from wallet id X to wallet id Y". wallet id Y is just a cryptographic key known to the sender and receiver. Yeah so this "virtual ID" is replicated across the network, but who cares. It doesn't point to anyone yet.
After this single step, there is no jurisdiction. The hacker can travel and cash it anywhere in the world outside jurisdiction of the host country's law enforcement.
But in the case of a financial crime targeting us interests the Us claims pretty much universal jurisdiction and they assert strong influence over global banking.
So how do the coins evade that since any transfer is traceable on the blockchain?
You can tumble bitcoins. You can use decentralised and/or dodgy exchanges to change bitcoin into other cryptocurrencies, and then back after breaking the trail.
I own a 03 Ram 2500 with a 5.9 Cummins engine. It has 250,000 miles and from the forums it can easy get to 1 million miles. There is no infotainment system to show the truck's age, distract you, or break from a bad solider joint. I've fixed everything myself on that truck from the transmission to the axle seals. The vehicle is actually increasing in value because it has a grand fathered in diesel engine. I have no idea why someone would buy a car with so many confusers (AVE for computer) that will only give you grief down the road (literally).
Liking one specific generation of technology is just being a modern amish. I'm pretty your old truck is an abomination for some old timer. New tech will be tested and bad ideas will be eventually abandoned down the road, this is how it works.
His truck is an environmental abomination, and almost certainly not as safe as a more modern vehicle, not to mention the hundreds of hours (thousands?) he's had to pour into understanding his vehicle and performing his own maintenance.
You make trade-offs, which is fine until you pretend like your set of trade-offs is the best set, and everyone else is wrong.
Diesel actually is a more efficient engine than gas. It produces less CO2 than gas too per mile. The only thing is the visible black smoke that comes out of my tailpipe every time I pass Tesla. JK, my other car is a Model 3. I just YouTube all my questions.
diesel might be a bit more efficient, but produces more nitrogen dioxide (and other oxides) which are harmful to humans and the environment, which is why they are being banned in some parts of europe.
There's a lot of symmetry with farmers buying 40 year old tractors. For exactly the same reasons. I really hope the pendulum swings the other way if even just a bit. I mean, there are still new dumb-phones being made. So maybe there's hope for dumb-other-things as well.
Hate to break it to you, but a zener diode on your ECM can fail short, which burns up the pcb trace for the power. And the ECM is glued together, and it's ridiculously hard to open up without damaging it further, and it has a flexible pcb that can split if you flex it too much once you get it open. (I have one sitting 5 feet from me).
My car is a 2007 and I've kept it around for similar reasons. The one thing that scares me the most about having a car that old is safety. Newer cars are a lot heavier and stiffer, so even cars that are considerably smaller could annihilate mine in an accident.
It's not quite to this extreme, but IIHS did a test (https://www.youtube.com/watch?v=xtxd27jlZ_g) a while back that showed the difference in safety standards between a 1959 Bel Air and a 2009 Malibu. The Bel Air is about 5% heavier.
Probably less of a worry in a 3/4-ton truck though.
Cars are really going in the wrong direction overall. I do like a car with some tech like power windows, memory seats etc but I do not want to connect it to the internet. I have my smartphone for it already. I want my car to be dumb. Add Key, it works. No key, you are locked out and you can call someone to unlock it for you.
Btw, not to mention that New Cars are becoming too expensive compared to say 15-20 years ago due to all this "tech" while the engines are becoming crappy with plastic (shout out to famous youtuber Scotty Kilmer if anyone knows him :))
i'm not sure how much the tech adds to the price of the car. More likely the price increase is due to much stricter crash safety standards then existed 20 years ago. If crappy plastic makes an engine more reliable, economical, powerful and cheaper, then most people are willing to give up on some durability.
The original buyer is covered by the warranty so doesn't care about the plastic parts that will, likely, not wear out in the first couple of years anyhow.
The next sucker down the line though is in for some severe finacial pain.
I don’t buy it. People were saying the same thing 15+ years ago and I’ve owned several cars from the 2000s, 2 of them for over a decade. 2 Toyotas and a BMW, all had water pumps and bearings wear out. The water pump has plastic but the plastic’s life is longer than the bearings in the pump. Water pumps, wheel or u-joint bearings, and emission sensors were the only issues.
So, let’s assume the perpetrators get their ransom in Bitcoin... how are they ever going to be able to spend these coins? It’s not like the transactions are anonymous. So what will the rest of the world be able to do about it? Can the target wallets be blocked? Monitored?
They can buy Monero with it. Many exchanges exist that convert between the two. Once its in Monero, they can buy BTC again and it's very hard to prove the two are related.
Huh? Aren't we following addresses (If you have the private key to an account that accepted a ransom, chances are you are the same person (or in cahoots enough to be legally in trouble)
You dont know if they sold a ledger to someone that trusts their network
You dont know if a transaction was an exchange for something on a different blockchain
And even when you do know that, that just increases the ways for them to obfuscate and unlink. If they got ethereum or an erc20 token, it goes into an AMM, a layer-2 system or straight into Tornado.cash and its gone. Even if you did compromise Tornado Cash somehow in the future, you wouldnt know of the note was sold offline to someone else or again about the original depositor selling their ledger/private key.
If the funds were used to pump a different token, you wouldnt know if the criminal had different funds under their real identity that was just a benefactor of the price appreciation in the pumped token, indistinguishable from any speculator that got lucky. Tokens rallying in price 5,000% is not uncommon, someone with $100,000 in clean funds that already own the to-be-pumped token can sell a 50-bagger for $5,000,000 with no suspicion.
If that sounds too contrived, it doesnt even account for cloud mining at a loss and earning slightly less new bitcoin over time.
Or buying a bunch of actual mining machines and really mining new coins because the chinese vendor doesnt care about tainted US/EU coins. Can we even say that when one of those states seizes and auctions the coins off, that they are magically clean... everywhere? If the Myanmar disputed government did an bitcoin auction, would chainanalyis systems even factor that in, are those clean? Would you even know or would you still be following transactions around like “aha! I see you!”
Your assumption is that the original funds needs to be invisible and never tied to anyone’s identity, when thats not the vector at all.
Following a transaction around tells you nothing, and reintegration of tainted coins is exceptionally easy in unlimited-enough amounts.
Even major exchanges that require KYC still often have 2 BTC/daily thresholds before they require identification to increase that. Thats currently $120,000 per account per day. And thats the worst and one of the slowest ways of getting liquid given the possibilities of them freezing funds and requiring the user to be more careful and also quick.
If you receive Bitcoin which was originally received as a ransom, could you be held legally liable even if you weren't the thief? I suspect that such ransomed crypto would be forever tainted, as would anything ledgers that touched it. The US has a number of laws to criminalize comingling of money gained from criminal enterprise, doesn't it? This makes owning any crypto potentially dangerous imo.
Then you should be obfuscating the origin of your earned bitcoin just like the criminals
Or is the reality that criminal and non-criminals funds are already being obfuscated regularly because bitcoin is 12 years old and people already thought of this problem a decade ago
Isn’t the whole issue here that you can’t obfuscate the origin of the Bitcoin? The transactions by Hyundai to buy the Bitcoin would be known; the transfer of those bitcoins thereafter ad infinitum are all documented in the ledger. There is no obfuscation. As others said, the only way out is to trade for another crypto that has secrecy (Monero).
when you trade your bitcoin out for Monero, someone else has received your bitcoin and its their problem.
did you just frame that person, or are the other people following the bitcoin transactions between addresses just wasting their time. do those people even know that one of the series of transactions they've been following for years was a trade for Monero? no, they don't.
this reality is indistinguishable between legal and illegal transactions.
for anyone passing by: the scenarios so far are based on starting with bitcoin, briefly swapping to monero, and ending with clean bitcoin. many people start with Monero, and only get the amount of clean bitcoin they need when necessary to pay for things, which completely alters the problems and solutions.
Right, that’s my point: the recipient of those Bitcoin is receiving stolen property / dirty money. I’d expect that the US government could easily seize the property (as they already do for cash) and potentially imprison the recipients.
I don't know the details of the tracing, but let's say I control the wallet that is to receive the ransom. Wouldn't it be "trivial" for me to sell some to e.g. a Chinese millionaire, who in turn would transfer me some money from his Cyprus bank account to mine? Or replace "Chinese" with any country where there's less "Know your customer" requirements. It's probably not even that hard for a Chinese millionaire to pay one of his housekeepers a lot of Yuans to borrow her identity card to open that account...
All of that is traceable too. And, no. Some chinese millionaire is not going to wire you cash in return for a private key. What if you vanish? What's he going to do - sue you? This stuff only happens when they know where you live and your kids go to school.
Money laundering IRL is hard - and compared to cold cash, bitcoin is accepted in very few places so it cannot be easily off ramped
So I am going to guess bitcoin in crime is mostly like stolen artworks. Someone steals the painting and a newspaper says "20 million dollar painting stolen" and they can use it as a deposit on a drug deal (maybe at 200k worth).
At a guess bitcoins are passed around from phone to phone, part-cash part-BTC (like part cash part shares buyouts). Just the ten minutes wait for the transaction to clear probably involves people nervously fingering guns.
Of course, signal analysis helps here too. If I am right then there is a ring of transactions all of which are dirty, and if you break one through poor ops sec (same phone used for drug deal and for day trading) then you get a ton of good info. If someone used a burner phone for that one transaction then it's hard - but how many ur ed phones were turned on just once in a given city at a specific ten minute window. And now how many phones were on that same cell tower when that came online .
Have there been any attempts to deal with this kind of thing within Bitcoin? Like, could everyone agree to blacklist specific coins that were known to have been paid as random? Would it be plausible for a large government to introduce regulation to demand any proper exchange to refuse coins originating from a ransom? Or is that just impossible?
This is probably easier than "normal" money laundering due to the traceability of BTC. But it flounders on the usual problems of money laundering (for example the biggest money laundering locations globally are London and NYC.)
We can solve money laundering but it needs political will - write your congressman!
> We can solve money laundering but it needs political will - write your congressman!
Is this one of those things that's completely trivial as long as you're willing to completely throw privacy out the window and make life more difficult for completely legitimate transactions, or is it really "just" political will?
Political will is a big part of it. No one wants to say it, but money laundering is very profitable for all parties involved. Additionally a big chunk of that money will be bribed to and from very powerful people, who don’t want to see that flow reduced.
There’s been plenty of examples of politicians deliberately hampering corruption and fraud investigations because they might embarrass the current government. Semi-recent good example is Theresa May hampering the serious fraud office in the U.K. [1].
Lots of this work can be don’t in a privacy sensitive manner, and without impacting legitimate transactions, but that would require the political will to do more than just pay lip service to the problem.
It doesn't stop a government trying. If an exchange is in their jurisdiction then what choice do they have? It would depend how many governments would enforce it - so probably goes back to the political will question in some comments above.
How can companies not have ransomware in their threat models, with a tested recovery plan and tested offsite backups?
Too many big corps have been victimized to think that it can't happen to anyone. You must assume it will happen, and when it does you must have a plan to recover.
Offsite backup is not enough. I have done consulting on many projects and on every one of them, someone getting access to certain servers would be able to sabotage backups as well.
If your data is important, you should replicate your backups to an append-only storage with a long retention period.
I've been using S3 in "Compliance" retention mode, which coupled with Glacier is cheap, and more importantly lets me sleep at night.
You can also do just fine with an LTO tape drive. The main problem is that people want automated convenience and automated convenience can be hacked before people notice.
An LTO backup tape on a shelf might as well be stored in Fort Knox as far as a hacker is concerned.
It would be hilarious if, as a consequence of cryptocurrencies (sadly in this case because of a very nefarious use), companies started taking security more seriously.
Somehow I hope that when, say, Toyota sees this someone somewhere pushes for better recovery plan / offline backups, etc.
One of the reasons I chose Home Assistant instead of SmartThings, despite costing more for the initial setup and taking more work to get going, is that SmartThings has to call home to Samsung servers and there are lots of stories of problems people have had when the Samsung servers are down.
Home Assistant really is amazing. It has integrations [1] for anything you'd want and works on tons of devices. Hosting it locally on an old raspberry pi 3, has been controlling thermostat, lights, and (as of 2 weeks ago) sprinklers.
Internet anonymity won't last forever. When it proves impossible to prevent escalating economic damage, the pressure to identify culprits and hold them criminally responsible will prove inexorable.
Only stop? Make them behave erratically and dangerously...
I'm sure a few "out of control" cars causing mayhem would attract sufficient attention. The question then is whether it'd make the manufacturers reconsider their "always connected" stance, or just cause them to lock down things in a user-hostile fashion even harder.
Now you know one of the answers to the question of why am I scared of self-driving cars...
It does sounds like they are deep enough in to stop things like replacement car keys, programming replacement body control modules, ECUs, etc. Not as dramatic, but Kia/Hyundai can't hold out long as-is.
Liquidity question. If you send a crook a bunch of btc, and they eventually use that btc, isn’t it pretty easy to trace the transactions all the way? How do these people get to liquidate or use these ransom payments without leaving a long papertrail of everything they did with the money?
I think they'd usually use one of the non-KYC exchanges to move the money into an anonymous cryptocurrency, and then out to whatever they wanted. I'm not sure why they don't skip the intermediate step and just ask for Monero or whatever. Maybe they think the mark will be more familiar with BTC and thus more likely to deliver?
They use money mules. Hundreds or thousands of regular people who have access to a Bitcoin ATMs with the promise of a small comission. They hire them in forums. They hand over to other proxies and you lose the trace at that point. At least, most of it.
Nonsense, nobody does this after they already have bitcoin. Such mules are used when you want to receive and cash out illicit bank transfers into bitcoin.
Ok, I am a bit confused. Which model Kias connect over the internet? I have a 2017 Kia Niro, and you have to manually run an app to update information if you are so inclined.
Also, I can pay my bill at kmfusa.com right now, so what does the article mean about not being able to pay on the loan?
Thanks. One part of the article is false, the payments at kmfusa.com are going through.
I will say the standard two e-mails they send aren't being sent. They sent the "Kia Motors Finance Payment Authorization" from speedpay.com, but have not sent the "Thank You - Your Payment Has Been Processed" email from KMFUSA@servicing.kmfusa.com.cname.campaign.adobe.com yet. Odd. Money was taken out of my checking account.
Not for me. (I own a Kia Soul, electric.) Many owners use a similar feature to get their car to warm up at a specific time, though. I haven’t used it myself, though, being too disorganized to know ahead of time when I want to use the car. But I find it very useful to be able to keep an eye on the charging status, so I can return to the car when the battery is full enough.
Of course, if the intruders have the means to disable my car remotely, that is a much more serious issue.
I think all the noise from people complaining about it is the bigger deal. That results eventually in the general public learning that Kia has lost control to hackers, which eventually hurts car sales.
Not exactly. Tens of billions of dollars worth of BTC changes hands everyday and percentage of transactions associated with ransomware is absolutely minuscule.
But what's the value in it? I'm trading Bitcoin and related ecosystem (from ETH or DEFI nowadays to crypto related securities like MARA, RIOT, CAN, etc. I always hold some crypto) since 2012 and made very good returns compared to the initial investment. But never ever saw a widely adopted use case for any coin other than speculation.
There are always promises, wishful-thinking, hypothetical demand for a use case but it never materializes. Here are some:
BTC: Trade (edit: for goods and services)? No use since price is too volatile. Store of value? Tell me again after this bull run. Besides, what's different than LTC, or even Doge that defines a different value proposition?
DEFI: The infrastructure is there but people just use it to speculate. Never heard a real business borrowing in DEFI to finance, for example, shop renovation. The only use case I can come up with is miners borrowing to buy miner hardware, since returns will be in crypto and will be implicitly hedged against crypto price inflation. Other than that, trading SUSHI or UNI or whatsnext is the only way.
NFT: What happened to CryptoKitties between last bull run and this one? NFT actually guarantees the uniqueness of the outer shell, not what's inside. Rare gaming items might be a use case, but why a game maker would use something it can't control, or fully extract value is beyond me.
But I think the ransomware attack is more on the Kia internal servers rather than on the cars themselves. The inability for people to unlock their cars remotely seems to be a side effect rather than a main target of the hacker group.
The bitcoindollar, negotiated by nation states with hacking syndicates to price all their contracts in bitcoin, forcing nation states to continually purchase bitcoin and is a key demand driver of bitcoin, and vital to diplomacy and hegemonic peace.
Crypto would be spectacularly popular then. But majority of criminals totally okay with cash and normal money laundering using temporary companies and banks.
For the doubters of bitcoin arguing the lack of utility here it is. Hackers may be illegal but they are still part of the global economy, providing the service of enforcing security compliance.
The anti-American terrorists were making money off opium and yes, this was part of the global economy for better or for worse. Just because we ignore illegal things like prostitution, drugs, extortion, and such doesn't mean they do not affect the prices of legal things associated with them.
IF Kia pays the ransom, then they are arguably playing a willing part of the economy of Bitcoin.
In a way it reinforces that the status quo has some kinks that could be adjusted every now and then. I'm not saying it's good. It's just a feature of humanity.
Cars had remote unlock and start decades ago (if not OEM, then aftermarket systems were and still are widely available), with zero dependence on what appears to be the company's servers. The only advantage I can fathom for being able to unlock and start a car over the Internet instead of only by being within radio range seems more oriented towards attackers and other user-hostile scenarios ("your car has now become a subscription, please pay to unlock it"). Have we gone backwards...?