• RealFknNito@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    10 months ago

    I simplified the concept which might seem misleading to you but the outcome is exactly the same.

    You can get access to the home network through weakly secured devices. If you can get past a weak device, trusted by the network, you can send commands through the network and to other devices as if you were a typical user. If your car can be unlocked from your computer (or phone) over the network, a hacker would only need to get past your coffee maker on that same network to be able to tell your car to unlock.

    In other words, the Internet of Things can often be a liability if you don’t know how to secure points of access to your network. If you installed a smart thermostat and it’s still broadcasting the default SSID, that’s a glowing weakspot for a hacker. Who would need WPA2 security for that, right?

    • Clent@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      From the toaster you’d still need to find a way to access a trusted device. This is going to require an exploit. But first the toaster needs meet some specific requirements, like does it have a web server or shell. If it’s a simple device that merely broadcasts its state it likely does it meet these requirements.

      If your WiFi thermostat is broadcasting its default SSID, that means it is not connected to your WiFi. At most you can take control of the device but it won’t get you onto the trusted network any faster than hacking their WiFi directly. Best to go for a device already on the network.

    • Grippler@feddit.dk
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      9 months ago

      In the case of tesla, you’d still need the API token to the specific car (which requires username and password) to send any commands to it. It doesn’t actually take commands directly, from anything, it’s all done through teslas servers via the API. Getting access to local network makes no difference, you need the token to do anything with the car. You can’t even send commands via BT to the car.