Mobile security features?

   #1  

mikeme

Verified VCDS User
Verified
Joined
May 2, 2014
Messages
167
Reaction score
83
Location
Alexandria/fairfax county VA
VCDS Serial number
C?ID=99408
There has been some attention in the press and at computer security events related to security (or lack of) in automotive networked computing devices.

most of the described non-owner access demonstrated is via the OBD connector.

since the VCDS-Mobile includes wireless access, do you have a description of the security features in place?

can I install and leave the VCDS-Mobile installed and have assurance that it cannot be used by a third party to access and modify information in the installed car?

Thanks in advance for the reply.

Mike
 
   #3  

Uwe

Benevolent Dictator
Administrator
Joined
Jan 29, 2014
Messages
48,925
Reaction score
33,653
Location
USA
VCDS Serial number
HC100001
Much depends on what mode you leave the HEX-NET interface in.

If you leave it access point mode, it's not terribly secure. You still have to enter a password to access the browser-based VCDS-Mobile, but anyone with a laptop running VCDS could talk to it.

If you leave it in infrastructure mode, the security is determined by whatever network it's connected to. So if you're away from networks you've added to it that would mean it's pretty much inaccessible. Of course if someone has broken into your normal network(s), they could emulate one of your networks somewhere else, but if someone is going to go to that much trouble to access your HEX-NET, you've got other problems.

Personally, I don't worry about security while driving. Unless someone is pacing me, I'm not in range of anything long enough for anyone to do much hacking. Where I'd worry is when I park the car somewhere. But in that case, the ignition is off and most control modules won't talk. Moreover, you can configure your HEX-NET to go to sleep when the car's ignition is off, in which case it's inaccessible via WiFi.

Lastly, remember that the HEX-NET doesn't give a hacker arbitrary access to the OBD-II port. With the browser-based VCDS-Mobile, he can do what VCDS-Mobile can do. With VCDS, he can do what VCDS can do. In order to do more, he'd have to hack through all of our stuff before he could begin hacking at your car.

-Uwe-
 
Back
Top