Did you know about the Carista app?
#21
AudiWorld Member
Join Date: Feb 2008
Location: North Seattle
Posts: 134
Likes: 0
Received 0 Likes
on
0 Posts
The cyber security part of me thinks that this app is a perfect pivot point for people to remotely hack your car through your phone. How secure is the app?
#22
But what I worry about is when people leave the bluetooth dongle plugged into their OBD port when they're not using it. THAT is just inviting someone to walk by and start hacking. Of course, most or all computers in the car are turned off when the ignition is off, but there might still be an attack vector there. So I always recommend that users never leave the dongle plugged in when they're not using it, especially when they're not in the car. And of course, this has nothing to do with the app - it's just that the hardware leaves its connectivity open when no app is using it.
P.S. You're in Seattle? And you have a "cyber security part"? I did a Master's at UW, which included cyber security coursework... are you by any chance affiliated with UW?
#24
#25
Guys we've just released a new beta version (beta-7) which adds a lot of B8-specific customization settings. Please check it out here: Beta-Testing | Carista OBD2 - Vehicle Diagnostics and Customization and let me know if everything is working well. If a certain setting doesn't change the behavior of the car, return it to its original value before proceeding with other settings.
#27
AudiWorld Member
Join Date: Feb 2008
Location: North Seattle
Posts: 134
Likes: 0
Received 0 Likes
on
0 Posts
That's good to know that you guys designed the app with security in mind. There's way too many app developers out there that don't even think about it. Yea I definitely agree with the bluetooth dongle being a vulnerability if left attached when not using. I can already think of scenario where a car drives beside you on a freeway (with the bluetooth dongle attached) and starts sending commands to your car == not good.. haha!!
But yea, I'm intrigued. I'm thinking about trying it out. I don't have an Android though. I'll wait for the Apple app.
#28
AudiWorld Member
Join Date: Feb 2008
Location: North Seattle
Posts: 134
Likes: 0
Received 0 Likes
on
0 Posts
When a stable beta-version comes out for the iOS (that's not gonna crash car or brick the ECU) I'd be happy to evaluate it and provide feedback. Let me know!
#29
I'm '09 Informatics Grad from UW. I'm not in Seattle anymore though. I'm currently getting my Masters in Cyber Systems and Operations at the Naval Postgraduate School.
That's good to know that you guys designed the app with security in mind. There's way too many app developers out there that don't even think about it. Yea I definitely agree with the bluetooth dongle being a vulnerability if left attached when not using. I can already think of scenario where a car drives beside you on a freeway (with the bluetooth dongle attached) and starts sending commands to your car == not good.. haha!!
But yea, I'm intrigued. I'm thinking about trying it out. I don't have an Android though. I'll wait for the Apple app.
That's good to know that you guys designed the app with security in mind. There's way too many app developers out there that don't even think about it. Yea I definitely agree with the bluetooth dongle being a vulnerability if left attached when not using. I can already think of scenario where a car drives beside you on a freeway (with the bluetooth dongle attached) and starts sending commands to your car == not good.. haha!!
But yea, I'm intrigued. I'm thinking about trying it out. I don't have an Android though. I'll wait for the Apple app.