They're swapping out hardware, which is why they're asking money for this to compensate the labor costs. Not saying this justifies it, but the title is misleading.
mirzap · 5h ago
It doesn't matter. If a customer buys faulty hardware, it's the seller's responsibility to replace it with working hardware. If the breaks had a manufacturing defect, you wouldn't expect the customer to pay for the replacement.
TheDong · 3h ago
I've been holding my breath ever since spectre/meltdown for a free cpu upgrade to make up for the slower performance that the mitigations cause.
It's intel's bug, they promised a certain processor speed, shouldn't it be their responsibility to replace it since their own security oversight resulted in the hardware not working as advertised?
Did you expect the same from intel/amd when those bugs came out? Is it different from this situation?
bjackman · 2h ago
We don't actually know how to build the CPU that would replace your vulnerable one.
New CPUs are largely immune to the specific attacks that were published before they were designed. But we aren't gonna get a fast CPU without sidechannels and IMO it's not possible in theory to build a branch predictor that never makes potentially exploitable mispredictions.
In a sense this doesn't change your point but I wanted to take the opportunity to point this out. "This CPU is vulnerable to attack X" just means researchers have found an exploit in practice, which we already knew in theory was there.
This wasn't the expectation before Spectre/Meltdown but now we live in a world where you need to assume a degradation in your CPU's effective performance as we learn about its vulnerabilities and need to apply software workarounds.
I am building "one mitigation to rule them all" called Address Space Isolation but this doesn't fundamentally remove that fact, it just means that when we learn about a CPU's vulns we don't have to build a new mitigation we just have to change the settings on the existing one (and it should be more efficient than the bespoke one would be).
aembleton · 3h ago
> they promised a certain processor speed
How have they advertised that? Was it clock frequency? Their mitigations mean it still runs at that clock frequency.
tlb · 3h ago
The last desktop processor that actually promised a certain speed was probably the 68020. Everything since then has had inscrutable performance characteristics.
TheDong · 2h ago
They promised the performance of their processor more than Hyundai promised that the Ioniq 5 was "carjacking-proof, even if the attackers have specialized tools", and this thread is about hyundai replacing parts of cars for free because attackers can hack into cars. With specialized tools. Which of course they can.
ponector · 3h ago
There is nothing faulty in the hardware, why they should replace it?
Following the same logic: old phones, even iphones can be hacked. Should manufacturers replace the hardware?
discordance · 2h ago
The line between software and hardware is hard to distinguish when we talk about ASICs and FPGAs, but they still should be responsible for core functionality (i.e. locks) as they shipped insecure software.
ponector · 1h ago
But why? Locks are working. They perfectly fulfill requirements for the lock. Open/close with a key, stay closed if tried to be opened without a key.
There is no such thing as secure lock. Any lock could be open without original key. The difference is in the amount of effort.
Still baffles me that KIA sold cars which can be driven away using screwdriver and USB cable.
trenchpilgrim · 4m ago
> There is no such thing as secure lock.
These in fact do exist, but they have properties unsuitable for many use cases, such as taking 8-24 hours to open if you lose the key/combination or a mechanical fault occurs, and being part of a system so heavy the floor beneath them have to be constructed to support the weight. (A friend of mine was a master locksmith for many years and worked on such locks, mostly for government contracts.)
In case of a lockout often the easiest way to open them is a brute force attack using a device called an autodialer.
reactordev · 3h ago
In my opinion, yes, yes they should. If you can’t guarantee security of your device, and you don’t want to update the software, then you’ll need to upgrade the hardware. I think it’s perfectly reasonable to have that under a warranty.
TheDong · 3h ago
> I think it’s perfectly reasonable to have that under a warranty.
The warranty is not that long, and I think the parent comment is talking about 6+ year old iphones that are definitely out of warranty.
If those should get replaced, surely that means each person buys one iPhone in their life, and then just gets free replacements forever, leading to the initial cost of the phone having to go up a lot to account for that.
reactordev · 2h ago
Incorrect. Forced obsolescence lets manufacturers decide where that cut off is. 6+ year iPhone, nope, not going to touch it. Sorry. However, if it’s still serviceable and by some rule less than X years old, that just had a security issue or something publicly disclosed, should do their best effort to repair their customer relationships by making it right.
jader201 · 8h ago
Agree the title is a bit misleading, but addressing what sounds like an exploit still feels like a patch of sorts.
But yeah, “patch” usually implies software vs. hardware.
Either way, agree with other comments that Hyundai should just eat the costs if it prevents theft due to an exploit.
Having said that, given what the car costs, the fee doesn’t seem completely unreasonable.
GlacierFox · 5h ago
Given what the car costs, you'd think they'd do this out of courtesy.
cmcaleer · 2h ago
It seems short-sighted to not do this as a courtesy, given the reputational hit from the Kia/Hyundai Boyz saga just a few years ago. Who wants to be a manufacturer with a reputation for making easy-to-steal cars? Who wants to (for a reasonable price) insure cars made by said manufacturer?
antonvs · 4h ago
Starting MSRP of US$42,600? Seems like there’s some room there to cover manufacturer mistakes.
agilob · 5h ago
Swapping software, pentesting, testing, QA, CI/CD pipelines, image caches aren't free either. Can we then start making more money as software developers to patch CVEs? We clearly should consider holding ourselves to a lower standard. Your requests are getting 5xx errors? Pay me more to fix it, not my problem that your requests is failing.
florbnit · 4h ago
> Pay me more to fix it, not my problem that your requests is failing.
If you are employed in a position where there is a defect in the product then you are already being paid. Imagine going to a restaurant and you get an uncooked frozen steak, and when you tell the waiter they tell you that since the cook will need to spend more time on it you now have to pay extra.
throwaway290 · 4h ago
Look at the price of the car compared to other electric SUVs. This is a mcdonalds type of situation. not a restaurant where you can request to cook a rare steak a bit more and not get charged extra
robinsonb5 · 3h ago
Even in McDonalds if what they give you is defective they will replace it without question once you bring it to their attention.
If it turned out the door locks on the car were defective you'd expect them to be replaced under warranty. If the warranty had expired the situation would, admittedly, be a bit murkier - but you could still make a case that since the locks had always been faulty they'd be the manufacturer's responsibility.
Someone I used to work with had a car a few years ago on which the battery would mysteriously drain for no obvious reason. It turned out to be a defect in the infotainment system's firmware - and he was furious that he was expected to pay for the firmware update to fix it. (The car was long out of warranty, though.)
throwaway290 · 1h ago
> if what they give you is defective they will replace it without question once you bring it to their attention
Go there and request a rare steak or idk steak with kimchi, let is know how it goes!
This is a Korean car and probably secure enough in korea where you usually don't lock your bike and/or house. If it not secure if you park it on the street in SF/London/Magadan/Capetown/Kabul are you sure they owe you a free "fix" for everything that may occur
OutOfHere · 50m ago
That's absurd logic as cybersecurity applies everywhere.
Also, they need to secure it the international markets they're selling it in.
reactordev · 3h ago
>Even in McDonalds if what they give you is defective they will replace it without question once you bring it to their attention.
Tell me you have never worked fast food without telling me you have never worked fast food. You do this, they’ll spit in it.
jpc0 · 2h ago
Are you just a mean person on general that you think bringing a problem to the attention of wait staff would cause them to become malicious?
Be a nice human being and you won’t receive that treatment. If your McDonalds wait staff are generally malicious without any provocation, well vote with your feet, nobody is making you eat McDonalds, the sales numbers will correct he problem.
reactordev · 2h ago
While as noble as that sounds, there’s only so much nice in the tank in a day. Wait staff and fast food workers are treated terribly and so you end up with folks about to snap.
There’s a lot of evidence of this happening in the USA if you just do a search. It’s uncommon, but it happens. At those prices, I’d just rather purchase the item to be made again.
But yes, be a good human.
netsharc · 2h ago
You read some stuff on search and you think it somethings that happens more than it really does.
In general they don't care, it's not coming out of their paychecks, they'll give you another burger, go away now.
When I worked at McDonald's we'd have the favorite burgers pre-made and they'd be left at the warming tray, so orders can be taken care of in maybe 30 seconds, but I guess nowadays that's too wasteful so the burgers are made on demand. There was a day like "Big Macs for $1" day, so we had a line of maybe 50 Big Macs queued, wrapped and ready to eat, that the foreman said "Slow it down with the Big Macs!".
aembleton · 3h ago
> You do this, they’ll spit in it.
I didn't work there long, but I don't remember anyone doing that.
sorokod · 2h ago
Why would the price/cost of hardware replacement be treated differently from the price/cost of software replacement?
birdfood · 5h ago
I want a dumb EV. No infotainment system. Just speakers and a way to plug my device into them. Anything critical to the car should be completely air gapped and require an absolute minimum amount of software, preferably zero.
uyzstvqs · 2h ago
Agreed. I'd actually like to buy an EV, but so far there are no candidates which meet my minimum requirements, which are pretty much what you said + serviceable by any mechanic with aftermarket parts + using Na-ion, not Li-ion batteries. And it shouldn't be super ugly like most new cars are today (e.g. Rivian, VW ID Buzz).
Though I'm pretty sure you can't even legally make such a car anymore, at least in Europe, where certain "smart" features are required for new cars. Perhaps a manufacturer of such an EV could put all of that into one box which the user can simply pull out and discard.
ponector · 2h ago
Such car will not comply with legislation. Or are you talking about car with all sort of tracking systems and driver's assists but no infotainment?
Anyway, that is not what majority want to buy. Even more, a car is not what majority want to buy in the USA. SUV/trucks are desirable.
baq · 5h ago
Nobody will sell you one for cheaper than a whole package.
See also ‘smart’ tvs vs digital signage displays aka dumb tvs.
grishka · 2h ago
While this is partially true, digital signage displays are also designed to run 24/7, which also makes them more expensive than regular TVs.
carlhjerpe · 25m ago
Vertical digital signage products should also have their polarization filter flipped 90° so you can view them with polarized sunglasses, adding another SKU and cost.
Stockholms Länstrafik didn't figure this out so all our timetable displays are pitch black when viewed with polarized sunglasses.
I've noticed that all but iPhones exhibit this behavior at some angle too and they're apparently using "circular polarization" (expensive) which is another one of these "we do it better" things nobody knows about from Apple (or displays in general)
There will always be at least a basic screen in new cars in the US because of backup camera requirements.
bestouff · 5h ago
Yeah, a basic screen with Android Auto + Carplay (just the video passthrough, not the OS with installable apps) would be perfect.
theandrewbailey · 30m ago
I work at an ewaste recycling company. Last week, I was testing a projector, and was using a USBC to DVI cable (one of the most cursed cables I've come across). I said "LOL this won't work" and plugged it into my phone. Sure enough, my phone recognized that a display was connected, and once confirmed, showed what I expected it to!
Plugging a car into a phone should work like that: just a dumb display with maybe a keyboard or touchscreen input device.
solardev · 1m ago
Isn't that essentially what Carplay and Android Auto are? Just over USB?
That’s illegal in the EU, 911 eCall requires an always-on cellular connection with an attached device that records your location. Would you please think of the children?
gambiting · 5h ago
We have a Volkswagen e-Up, it's basically that. Analog cluster, a very small radio screen that also displays the world's smallest reverse camera view, and a dashboard mount for your phone. It's a fantastic little car, I honestly like it more than our 400bhp Volvo XC60.
WayToDoor · 4h ago
The e-Up is great, but there is still the remote control modem installed by default that lets Volkswagen « Cloud » and the app control the car remotely, and get data such as the GPS location of the car.
MaKey · 4h ago
As eCall is now mandatory you can't build a car without a cellular modem anymore.
Except the modem doesn't work anymore because it's 3G-only and 3G networks have been switched off in a lot of places, and VW said they won't offer upgraded hardware for it.
Mistletoe · 5h ago
Check out Slate trucks. I want that too and this seems to be perfect. Has windows you roll down even. Fingers crossed it actually launches.
Yeah I’ve seen these posted here previously! Probably the most appealing new car to me at the moment. Hopefully they take off and we can get them outside the US
I've seen this before, and I like the design. It's cute yet functional. It would fit in well on European roads.
One thing that stands out to me is the front wheels protrude beyond the body. I don't recall ever seeing that on a consumer road vehicle before, at least one designed after the 1930s.
inferiorhuman · 55m ago
Yeah, I'd think open-wheel cars are not road legal in the US but I just checked. Apparently it varies by state. Adding fenders seems simple enough at least. Aging Wheels did a video about the Telo and one thing that stood out to me was that they seemed intent on scaling slowly.
This is a violation of UN regulation 155/156 where the vendor must provide free fixes and updates in case of safety or cybersecurity violations.
I'm mentioning this specifically because the CAN bus is involved, which is mandatory to be safety conform and has to be ASIL-C/D conform. If you cannot guarantee that, you will lose the license.
Without conformance to UN Regulation 155/156, the car manufacturer might lose its license for the underlying car platform (not only the downstreamed models), meaning refunding/damages need to be paid for all buyers of cars of that platform.
So chances are this can be fought in court, and Hyundai probably has to offer free replacement of that defective part.
solardev · 5m ago
The UN has regulations? Who does it have authority over? Who enforces its regulations?
> in 2023 over the “Kia Boyz” attacks that allowed thieves to bypass a vehicle’s security system using a USB cable.
The USB cable happened to have the right size to engage the starter mechanism. Any physical object with similar dimensions could have been used. It really undercuts how absolutely terrible the Kia security design was around that component.
Terr_ · 7h ago
In some vehicles, their "software fix" literally did nothing but move thieves from smashing a window to screwdriver'ing the driver door lock.
More work for the thieves, but hardly a fix to inspire confidence.
TylerE · 7h ago
This is why, back when I owned a Jeep, I never locked it. Figured if someone wanted the 85 cents in change that badly I'd rather they not take a knife to my (plastic) windows.
anonym29 · 7h ago
The "Kia Boyz" saga was primarily motivated by theft of the vehicle itself, not the contents of the vehicle.
Terr_ · 6h ago
Right, and even un-sexy and inexpensive vehicles get targeted these days, because they can be used as tools to commit other crimes, not just a commodity to be resold or scavenged.
themafia · 4h ago
The thing I did not expect is that most of these criminals will gladly connect their phone to the cars entertainment system so they can play their music while they do this.
They can then brag about the number of thefts they've engaged in by the number of Kia vehicles listed in their phones bluetooth connection list.
The surprise is that the police don't seem to understand how to incorporate these facts into their tactics.
charcircuit · 5h ago
A stolen car being a tool is why it is a commodity to be resold.
Terr_ · 7h ago
Knowing folks with this problem, I've been looking into some way of adding some kind of "pulling or removing the door handle without first disabling the alarm triggers the alarm" circuit... but the necessary disassembly is a pain.
wiradikusuma · 9h ago
I understand that development costs are not free, and there's extra hardware involved, but IMO they should take this as marketing cost.
yccs27 · 5h ago
Not even a marketing cost, a delayed engineering cost to fix a fault in the product.
lokar · 9h ago
Yeah, I considered an ionic the last time I was getting a car. Now I’ll never again consider them.
inferiorhuman · 6h ago
The Kia Boys stuff, child labor, and ICCU failures weren't enough? The Ioniq 5 absolutely looks like a compelling car but from my POV Hyundai seems hell bent on snatching defeat from the jaws of victory.
moepstar · 6h ago
I'd add dealerships to the list.
I've had to "experience" those once for our testdrive of said Ioniq 5. Well, never again. "Dubious" is the most friendly word i have for the one that is next to us.
And: the car itself is priced at least 10-15k€ too high for what it is.
sokoloff · 4h ago
I tried to buy an Ioniq 5 when Hyundai had attractive lease offers published. A dealer near me had a car that showed as qualifying and I emailed to verify that it was in-stock and qualifies for the lease offer. That started one of the most Byzantine discussions around “come on in and we’ll create a custom lease package that suits your needs best.” “I don’t need anything custom; I find the published lease offer suits my needs perfectly.” <3-4 more emails made clear they had no intention to sell that car for that lease offer.> Now we have a CPO Lexus and I couldn’t be happier.
inferiorhuman · 6h ago
I watched the Rich Rebuilds review of the Ioniq 5N recently and while I'm underwhelmed by Hyundai as a company I'll disagree with you and Rich about Hyundai pricing these $10-15k too high. Pretty much the only competition is the Model 3 (Performance), and by that metric Ioniq pricing is spot on. Sure the iD.4 exists but VW really flubbed the software on that. And if you're eyeing the 5N over the regular 5, it did the Pike's Peak climb faster than the Tesla (and on a single charge IIRC).
Compared to the Tesla, the Hyundai has an actual interior with physical controls, an 800V charging system, panels that actually line up, and a far bigger dealer/support network. These are things that cost money and even without those things Tesla isn't making a ton of money.
Of course I'm in California so EVs are more expensive to run than ICE cars so it's all moot.
lnsru · 5h ago
I once ordered Kia EV6, but after a year I canceled the order. I am now glad I canceled it. Bi-yearly inspections and coolant change for 600€ are ridiculous ripoffs. ICCU failures are handled really badly in Germany. I really like the EV6 and EV3 cars, but the manufacturer isn’t that attractive anymore
charcircuit · 5h ago
That's easy to say when you aren't the one footing the bill.
Phelinofist · 3h ago
It is easy to say as a customer that already paid money in return for a working/safe/functional car.
antonvs · 4h ago
It’s easy to say as a customer with alternatives.
nsteel · 4h ago
I don't know about the Hyundai Ioniq, but the Kia Niro has no way to permanently disable keyless entry, which would be the obvious, super easy s/w fix. You can disable it each time you lock your car by holding extra buttons on the fob for a few secs, but it's auto re-enabled next time you unlock. It's everything you need to know before you make your smart decision not to buy a Kia. Cheap(er) for a reason.
But looks from their point of view. It's the most stolen car in the UK. The brand doesn't seem to be suffering much. Having terrible security just helps sales!
sokoloff · 4h ago
> Having terrible security just helps sales!
Until it’s banned by regulators or made uninsurable…
nsteel · 3h ago
We are not scared of regulation in the UK. And this car has existed, in the UK, with this flaw, for over 6 years. Quite clearly nobody is interested in doing either of those things you suggest.
Plus the UK is about to reintroduce financial incentives for private EV purchase, they want to push sales, not clamp down on crap products.
hgomersall · 3h ago
My 2021 Ioniq 5 does not have keyless entry at all. You need to press the button to open the door.
king_geedorah · 4h ago
If the ignition and door locks in your vehicle were mistakenly designed in such a way that they are trivially shimmed or could be operated by any key it seems absurd to suggest the customer should pay you to replace these mechanisms with ones that are properly secured. This seems roughly analogous to that situation at least to my understanding.
florbnit · 4h ago
The story has a bad spin yes. But it’s just as much of a controversy if they had require people themselves pay the cost if they found out the cars where shipped with defective breaks. It’s a product error not wear and tear or user error, they should eat the costs, but the cybersecurity framing of it is being used to attempt to push the cost to the consumer.
king_geedorah · 4h ago
This is precisely the point I intended to make with my comment. Perhaps my phrasing was unclear.
stavros · 4h ago
I think the GP is just agreeing.
petronic · 7h ago
“Gameboy-like device” - are they referring to Flipper Zeros with the firmware to exploit RF rolling codes?
No, some dedicated hardware device, about five years old, that looks like a Game Boy.
The flipper firmware is only about six months old, and it is still not as convenient and distributed.
The actual firmware exploit is the same idea.
djmips · 3h ago
Wow, that really is Gameboy-like!
This time the reporters weren't wrong.
technick · 7h ago
More than likely
hecturchi · 6h ago
No, they don't. You need to read the article. It says such devices cost $20k.
petronic · 5h ago
My understanding is that the firmware has some sort of DRM and it’s being sold - not freely distributed. (Admittedly, the comment I saw mentioning cost pegged it at 1k, not 20k for a license.)
Maxion · 6h ago
Could still be a flipper with custom firmware.
gbil · 7h ago
A side question, both this and the VW power unlock payment from the other day, are targeting UK market, so is legislation (lack of it) such in the UK that allows for such practices?
PaulRobinson · 5h ago
Stealing cars is illegal in the UK, however you do it. Just having this "gameboy-like device", in your pocket is "going equipped", and you're going to get arrested on its discovery about your person outside of your abode. No ifs, no buts.
The UK has lots of new cars (plenty of cheap financing around for lease, PCP and HP deals), and there is a low-level epidemic of thefts of vehicles that end up in shipping containers and heading out of the country within hours. [0]
Car insurance is also so high in the UK at background levels that if you end up owning a highly desirable and very easy to steal car (the Range Rover a few years ago, for example), the costs being added to price in the risk of your car ending up in a container heading to the Middle East don't seem - as a percentage - particularly high.
The fact UK has great shipping throughput to the Middle East, Africa, and so on, is both a boon economically, but also it makes great cover for all sorts of shenanigans.
This seems like a clickbait title because I’ve never hear of a hardware upgrade being called a “patch”.
4ndrewl · 5h ago
"The term "patch" came from early use in telephony and radio studios, where extra equipment kept on standby could be temporarily substituted for failed devices." - from https://en.m.wikipedia.org/wiki/Patch_cable
But yeah, the term patch just seems weird in this article. Why not just "upgrade" or "fix"?
wucke13 · 4h ago
I'm not so sure, I thought "patch" originated from hole punching cards to program stuff. A software patch was literally a patch of tape that hides an errorneously punched hole in such a card.
: a switchboard in which circuits are interconnected by patch cords
First Known Use
1934, in the meaning defined above
ziml77 · 1h ago
I find it far more likely that patches--in terms of fixing problems with small, targeted changes--derives from the use of the term for fixing holes in cloth by sewing on another piece of cloth.
kgwgk · 46m ago
Everything is about patching up clothes or other things. I was just commenting on the “patch-cable seems to be way younger” remark.
tiahura · 1h ago
Hence patch cable.
throwaway290 · 4h ago
"Service"?
OhMeadhbh · 8h ago
I don't think the patch is hardware. The hardware they're talking about is the "Gameboy like device" that runs the exploit.
echoangle · 7h ago
> The Verge now reports that Hyundai is offering a security patch for this issue through software and hardware upgrades to Ioniq 5 customers.
You do a hardware upgrade on the car to patch the vulnerability.
commandersaki · 6h ago
The etymology of patch harkens back to Larry Wall's UNIX patch tool for applying diffs to a source code base.
ralph84 · 5h ago
The etymology of patch predates software by hundreds of years.
> "piece of cloth used to mend another material," late 14th century.
> Electronics sense of "to connect temporarily" is attested from 1923 on the notion of tying together various pieces of apparatus to form a circuit.
poemxo · 4h ago
I don't get why companies don't understand how offensive it is to the customer to nickel and dime them, especially after they're already a converted customer. They could easily eat the $60 cost and spin it as positive PR, Apple-style.
It's particularly bad because customers see it as a defect. No one wants to pay full price for defective equipment. The only thing that would make it worse is if this "hack" were reproducible on the flipper zero and they get themselves into another Kia Boys situation.
Hilift · 2h ago
There are two aspects. "Charge" and "costs/who pays". When someone can start a Kia with a USB cable, the owner pays for that. Kia may have a fee for replacing something, but that doesn't factor in the calculus of "there's a reason these people are buying our product, and we assess they will continue to do so."
Note that Kia offered a maximum of $6,125/$3,375 for totaled/damaged vehicles.
The previous formula:
"You take the population of vehicles in the field (A) and multiple it by the probable rate of failure (B), then multiply the result by the average cost of an out-of-court settlement (C).
A times B times C equals X. This is what it will cost if we don't initiate a recall.
If X is greater than the cost of a recall, we recall the cars and no one gets hurt.
If X is less than the cost of a recall, then we don't recall."
The_President · 44m ago
Citation for the final paragraph quote "the previous formula" goes to Fight Club.
bornfreddy · 1h ago
There is also this thing called brand loyalty. After the car manufacturer pulls a stunt like that I will think twice before I buy my next car from them.
charles_f · 5h ago
Does Hyundai consider this as a patch though? I'm wondering if the dealership would present you the bill with a straight face, is that presented as a "more secure" system, or an "additional anti theft device"?
delusional · 4h ago
From the wording of the press release it sounds like they view it as an optional add-on specifically for UK customers who want additional security:
Recently, evolving security threats, including the use of unauthorised electronic devices to bypass vehicle locking systems have become more prevalent in the UK. This is an industry-wide issue and Hyundai is providing appropriate responses in line with industry practices.
As part of the Company’s commitment to supporting our customers, we are able to offer a subsidised software and hardware upgrade for a customer contribution of £49.
mft_ · 3h ago
Hmmm, so recently: ̶ ̶H̶y̶u̶n̶d̶a̶i̶ ̶K̶i̶a̶ ̶V̶o̶l̶k̶s̶w̶a̶g̶e̶n̶ ̶
At this rate, I'll be back to Tesla for any future EV purchase. (Noting that Tesla second-hand prices in Europe seem to have taken a dive over the past while, presumably partly thanks to Elon's shenanighans?)
radiator · 1h ago
Rather because some people parked their Teslas on public roads and later found them vandalized.
blixtra · 5h ago
I’ve now had 2 IONIQ 5s stolen in Berlin, the last a couple months ago. Each seemingly using a keyless access hacking device. That’s enough for me to not see a Hyundai or Kia in my future anytime soon.
And I very much liked the IONIQ 5. But if I can’t keep one more than 2 years, what’s the point? I’ve lost all trust in those companies, upgrade or not.
mijoharas · 3h ago
So, can people tell me what cars with keyless entry systems aren't susceptible to these attacks?
I'm somewhat wary of any of them, but it seems like it's a feature of a lot of new cars, and I can't tell what is "safe" to buy. It was a simple signal amplification thing wasn't it?
Does anyone know if BYD cars suffer from it for example?
whirlwin · 6h ago
Would be interesting to see insurance companies stand on this. Are you expected to pay for the security upgrade or not. Will it be deemed missing as "unpatched - that's your fault".
wjnc · 6h ago
This is a great question. Have been in insurance for 20 yrs now. Cannot phantom why f.e. insurers don’t hold manufacturers responsible for losses due to cloned car keys with inadequate protection. I do know that insurers are generally very hesitant to start legal procedures, especially those that end up in the news. Say, Volkswagen and Stellantis are formidable adversaries as well as national champions, so there is some presumption that getting your right might be difficult. And the bar as I understand it is not technical SOTA, but more something like acceptable practice, so the manufacturer could argue “hey everyone has shitty protection, so suck up the loss”. Perhaps the newest European legislation will help raise the bar / even the playing field.
makeitdouble · 4h ago
Given that many door locks and other portable locks are laughably bad and can be opened with sometimes simple shimmering, or at most basic picking tools, that would mean insurance companies could already have sued Master locks for instance. So at least, bad security is probably not enough for it.
From there, making customer pay to fix bad security doesn't sound like a significant step.
technick · 7h ago
I was just looking at a new Hyundai today. Now I've got something more to consider if they aren't willing to stand behind securing their vehicles at their cost.
JKCalhoun · 8h ago
Love to see a 3rd party step in with a lower-cost replacement.
OhMeadhbh · 8h ago
Hunh. I know what I'm doing this weekend... Scanning ionic VINs to see if they're vulnerable. I bet I could train YOLO to recognize ionics from a drone camera at 50 ft.
mihaaly · 7h ago
Car manufacturers seems to be determined to discourage people from buying their car.
OutOfHere · 9h ago
I guess this means Hyundai goes on the blacklist too.
deadbabe · 3h ago
The car stealing device is $20k, could someone do some math to see what kind of ROI a criminal could expect if they use it to steal cars and part them out?
topato · 7h ago
Jesus, when did commenters on neowin get so stupid? Thank God I'm back to the safety of HN....
Weren't they a slightly subversive tech site a decade or so ago?
dyauspitr · 6h ago
What’s wrong with the comments?
axiolite · 4h ago
Perhaps the guy suggesting that you: "cut off your balls"
It's intel's bug, they promised a certain processor speed, shouldn't it be their responsibility to replace it since their own security oversight resulted in the hardware not working as advertised?
Did you expect the same from intel/amd when those bugs came out? Is it different from this situation?
New CPUs are largely immune to the specific attacks that were published before they were designed. But we aren't gonna get a fast CPU without sidechannels and IMO it's not possible in theory to build a branch predictor that never makes potentially exploitable mispredictions.
In a sense this doesn't change your point but I wanted to take the opportunity to point this out. "This CPU is vulnerable to attack X" just means researchers have found an exploit in practice, which we already knew in theory was there.
This wasn't the expectation before Spectre/Meltdown but now we live in a world where you need to assume a degradation in your CPU's effective performance as we learn about its vulnerabilities and need to apply software workarounds.
I am building "one mitigation to rule them all" called Address Space Isolation but this doesn't fundamentally remove that fact, it just means that when we learn about a CPU's vulns we don't have to build a new mitigation we just have to change the settings on the existing one (and it should be more efficient than the bespoke one would be).
How have they advertised that? Was it clock frequency? Their mitigations mean it still runs at that clock frequency.
Following the same logic: old phones, even iphones can be hacked. Should manufacturers replace the hardware?
There is no such thing as secure lock. Any lock could be open without original key. The difference is in the amount of effort.
Still baffles me that KIA sold cars which can be driven away using screwdriver and USB cable.
These in fact do exist, but they have properties unsuitable for many use cases, such as taking 8-24 hours to open if you lose the key/combination or a mechanical fault occurs, and being part of a system so heavy the floor beneath them have to be constructed to support the weight. (A friend of mine was a master locksmith for many years and worked on such locks, mostly for government contracts.)
In case of a lockout often the easiest way to open them is a brute force attack using a device called an autodialer.
The warranty is not that long, and I think the parent comment is talking about 6+ year old iphones that are definitely out of warranty.
If those should get replaced, surely that means each person buys one iPhone in their life, and then just gets free replacements forever, leading to the initial cost of the phone having to go up a lot to account for that.
But yeah, “patch” usually implies software vs. hardware.
Either way, agree with other comments that Hyundai should just eat the costs if it prevents theft due to an exploit.
Having said that, given what the car costs, the fee doesn’t seem completely unreasonable.
If you are employed in a position where there is a defect in the product then you are already being paid. Imagine going to a restaurant and you get an uncooked frozen steak, and when you tell the waiter they tell you that since the cook will need to spend more time on it you now have to pay extra.
If it turned out the door locks on the car were defective you'd expect them to be replaced under warranty. If the warranty had expired the situation would, admittedly, be a bit murkier - but you could still make a case that since the locks had always been faulty they'd be the manufacturer's responsibility.
Someone I used to work with had a car a few years ago on which the battery would mysteriously drain for no obvious reason. It turned out to be a defect in the infotainment system's firmware - and he was furious that he was expected to pay for the firmware update to fix it. (The car was long out of warranty, though.)
Go there and request a rare steak or idk steak with kimchi, let is know how it goes!
This is a Korean car and probably secure enough in korea where you usually don't lock your bike and/or house. If it not secure if you park it on the street in SF/London/Magadan/Capetown/Kabul are you sure they owe you a free "fix" for everything that may occur
Also, they need to secure it the international markets they're selling it in.
Tell me you have never worked fast food without telling me you have never worked fast food. You do this, they’ll spit in it.
Be a nice human being and you won’t receive that treatment. If your McDonalds wait staff are generally malicious without any provocation, well vote with your feet, nobody is making you eat McDonalds, the sales numbers will correct he problem.
There’s a lot of evidence of this happening in the USA if you just do a search. It’s uncommon, but it happens. At those prices, I’d just rather purchase the item to be made again.
But yes, be a good human.
In general they don't care, it's not coming out of their paychecks, they'll give you another burger, go away now.
When I worked at McDonald's we'd have the favorite burgers pre-made and they'd be left at the warming tray, so orders can be taken care of in maybe 30 seconds, but I guess nowadays that's too wasteful so the burgers are made on demand. There was a day like "Big Macs for $1" day, so we had a line of maybe 50 Big Macs queued, wrapped and ready to eat, that the foreman said "Slow it down with the Big Macs!".
I didn't work there long, but I don't remember anyone doing that.
Though I'm pretty sure you can't even legally make such a car anymore, at least in Europe, where certain "smart" features are required for new cars. Perhaps a manufacturer of such an EV could put all of that into one box which the user can simply pull out and discard.
Anyway, that is not what majority want to buy. Even more, a car is not what majority want to buy in the USA. SUV/trucks are desirable.
See also ‘smart’ tvs vs digital signage displays aka dumb tvs.
Stockholms Länstrafik didn't figure this out so all our timetable displays are pitch black when viewed with polarized sunglasses.
I've noticed that all but iPhones exhibit this behavior at some angle too and they're apparently using "circular polarization" (expensive) which is another one of these "we do it better" things nobody knows about from Apple (or displays in general)
(https://claude.ai/share/e462247c-0ecd-4a07-8ec1-36a4f3c86597)
[0] https://www.slate.auto/en
Plugging a car into a phone should work like that: just a dumb display with maybe a keyboard or touchscreen input device.
https://www.slate.auto/en
https://www.telotrucks.com/
One thing that stands out to me is the front wheels protrude beyond the body. I don't recall ever seeing that on a consumer road vehicle before, at least one designed after the 1930s.
I'm mentioning this specifically because the CAN bus is involved, which is mandatory to be safety conform and has to be ASIL-C/D conform. If you cannot guarantee that, you will lose the license.
Without conformance to UN Regulation 155/156, the car manufacturer might lose its license for the underlying car platform (not only the downstreamed models), meaning refunding/damages need to be paid for all buyers of cars of that platform.
So chances are this can be fought in court, and Hyundai probably has to offer free replacement of that defective part.
https://www.theverge.com/news/757205/hyundai-ioniq-5-securit...
> in 2023 over the “Kia Boyz” attacks that allowed thieves to bypass a vehicle’s security system using a USB cable.
The USB cable happened to have the right size to engage the starter mechanism. Any physical object with similar dimensions could have been used. It really undercuts how absolutely terrible the Kia security design was around that component.
More work for the thieves, but hardly a fix to inspire confidence.
They can then brag about the number of thefts they've engaged in by the number of Kia vehicles listed in their phones bluetooth connection list.
The surprise is that the police don't seem to understand how to incorporate these facts into their tactics.
I've had to "experience" those once for our testdrive of said Ioniq 5. Well, never again. "Dubious" is the most friendly word i have for the one that is next to us.
And: the car itself is priced at least 10-15k€ too high for what it is.
Compared to the Tesla, the Hyundai has an actual interior with physical controls, an 800V charging system, panels that actually line up, and a far bigger dealer/support network. These are things that cost money and even without those things Tesla isn't making a ton of money.
Of course I'm in California so EVs are more expensive to run than ICE cars so it's all moot.
But looks from their point of view. It's the most stolen car in the UK. The brand doesn't seem to be suffering much. Having terrible security just helps sales!
Until it’s banned by regulators or made uninsurable…
Plus the UK is about to reintroduce financial incentives for private EV purchase, they want to push sales, not clamp down on crap products.
https://www.rtl-sdr.com/flipperzero-darkweb-firmware-bypasse...
The flipper firmware is only about six months old, and it is still not as convenient and distributed.
The actual firmware exploit is the same idea.
The UK has lots of new cars (plenty of cheap financing around for lease, PCP and HP deals), and there is a low-level epidemic of thefts of vehicles that end up in shipping containers and heading out of the country within hours. [0]
Car insurance is also so high in the UK at background levels that if you end up owning a highly desirable and very easy to steal car (the Range Rover a few years ago, for example), the costs being added to price in the risk of your car ending up in a container heading to the Middle East don't seem - as a percentage - particularly high.
The fact UK has great shipping throughput to the Middle East, Africa, and so on, is both a boon economically, but also it makes great cover for all sorts of shenanigans.
[0] https://www.containerlift.co.uk/cracking-the-code-uk-police-...
But yeah, the term patch just seems weird in this article. Why not just "upgrade" or "fix"?
The term patch-cable seems to be way younger.
patchboard
: a switchboard in which circuits are interconnected by patch cords
First Known Use
1934, in the meaning defined above
You do a hardware upgrade on the car to patch the vulnerability.
> "piece of cloth used to mend another material," late 14th century.
> Electronics sense of "to connect temporarily" is attested from 1923 on the notion of tying together various pieces of apparatus to form a circuit.
It's particularly bad because customers see it as a defect. No one wants to pay full price for defective equipment. The only thing that would make it worse is if this "hack" were reproducible on the flipper zero and they get themselves into another Kia Boys situation.
Note that Kia offered a maximum of $6,125/$3,375 for totaled/damaged vehicles.
The previous formula:
"You take the population of vehicles in the field (A) and multiple it by the probable rate of failure (B), then multiply the result by the average cost of an out-of-court settlement (C). A times B times C equals X. This is what it will cost if we don't initiate a recall. If X is greater than the cost of a recall, we recall the cars and no one gets hurt. If X is less than the cost of a recall, then we don't recall."
Recently, evolving security threats, including the use of unauthorised electronic devices to bypass vehicle locking systems have become more prevalent in the UK. This is an industry-wide issue and Hyundai is providing appropriate responses in line with industry practices.
As part of the Company’s commitment to supporting our customers, we are able to offer a subsidised software and hardware upgrade for a customer contribution of £49.
At this rate, I'll be back to Tesla for any future EV purchase. (Noting that Tesla second-hand prices in Europe seem to have taken a dive over the past while, presumably partly thanks to Elon's shenanighans?)
I'm somewhat wary of any of them, but it seems like it's a feature of a lot of new cars, and I can't tell what is "safe" to buy. It was a simple signal amplification thing wasn't it?
Does anyone know if BYD cars suffer from it for example?
From there, making customer pay to fix bad security doesn't sound like a significant step.
Weren't they a slightly subversive tech site a decade or so ago?