Anyone used simaservis1108
08-15-2021, 10:47 AM
#61
Three Wheelin'
I, on the other hand, am a software developer with 30+ years experience in various disciplines including, but not limited to, embedded systems, compilers, database internals, oauth2 implementations, performance optimizations, cloud services, massively parallel complaining initiatives, DevOps, SecOps, etc, etc, etc. So I have some passing familiarity with this stuff.
Assuming simaservice or whoever is doing what I described, or a variant thereof - and which I did myself to my own PCM, as did asellus and several others, there is no concern w.r.t. the PCM unit. The conditional branches are simply SHA2 signature checks for the FEC container.
The level of sophistication needed to place a payload on the PCM unit is extremely high, requires QNX tools - which are not free - and has minimal payback. In short it's not worth the time to try to do something nefarious.
The laptop, OTOH, is a far easier target.
Assuming simaservice or whoever is doing what I described, or a variant thereof - and which I did myself to my own PCM, as did asellus and several others, there is no concern w.r.t. the PCM unit. The conditional branches are simply SHA2 signature checks for the FEC container.
The level of sophistication needed to place a payload on the PCM unit is extremely high, requires QNX tools - which are not free - and has minimal payback. In short it's not worth the time to try to do something nefarious.
The laptop, OTOH, is a far easier target.
There is a universe of difference between doing the procedures yourself and allowing someone to remote into your car. I'll go ahead and take the blame for the misunderstanding. The procedure itself is one thing but it was always the remote access that had my spidey sense going off.
Anyway, I don't feel like arguing anymore, maybe over a coffee or glass of whiskey but this venue is useless for actual intelligent discussion, as we're all finding out. As another topic I'd be interested in your 30 years how much of an emphasis you specifically placed on security as a developer. I've seen it vary widely, but you have to know that security and developers don't always see eye to eye; generally, the developers job is to make things work, and there hasn't always been an emphasis on "baking in" security and even then, it's too much to ask for every developer to consider all angles of the code they're building. I'm sure this trajectory has changed over the course of your career.
But the only thing I'll leave with is that it's not necessarily a safe assumption that sophistication and/or level of effort is a barrier. An exploit/payload only needs to be developed once. If there's ANYTHING to be gained by it, someone will be paying attention.
Who cares if he's from Serbia dude? No, not "racism" baiting but Serbians are actually good people... Contrary to what the media portrays. The way I see it is he's a guy with a skill set trying to earn a living. Is that such a bad thing? Do you know how many parts off your car come from Eastern Europe?.. Meaning countries that are still crumbled from the USSR? Answer: A lot.
The only difference is an American dude offering this service would charge $999 for a base model and $1299 for a Turbo S... Lambo? $1999. That's the difference.
The only difference is an American dude offering this service would charge $999 for a base model and $1299 for a Turbo S... Lambo? $1999. That's the difference.
But statistically speaking, there does happen to be a prolific cyber threat from that part of the world, just saying.
Last edited by manifold danger; 08-15-2021 at 10:53 AM.
