Hello,
What kind of security measures are implemented in AutoPi?
I am worried that by connecting my car to the network, it will allow thieves to hack into the wireless raspberry and unlock the doors or roll down windows.
Is there any way to completely disable such functions as opening doors, windows, in essence, anything that would allow stealing my car?
I am a developer and I don’t trust any software to protect against such malicious attacks, there are and always will be software vulnerabilities, for example, Tesla had one last year: https://www.openvehicles.com/vuln-tr-20181203b
So I am looking to limit what can be done with AutoPi even if my device is hacked.
for a user’s perspective, if someone wants to hack your car to just open doors or roll down windows, I’m fairly certain it’s easier for them to simply smash the window
In order for someone to be able to roll down your windows, they need to know the commands - I have a EV and AutoPi doesn’t (yet) support “sending commands” to the car but for other cars I’ve seen some pictures where you can have a button on the web UI that will execute predefined commands.
If you’re worried about getting your car stolen, make a geofence script. That way you can at least track where they’re taking your car
That is, if the AutoPi is hidden. If they can just unplug it, even that wouldn’t make sense. I have a 3-way OBD2 splitter in my car and to most people (even guys at service center!) they didn’t notice that I “swapped” the OBD2 connector. AutoPi is now hidden inside the dash.
Seems like legitimate concern. Not sure what version you plan to use but if you use the LTE version at least that will be on a different network and maybe you can have set up through VPN. I don’t know because I have yet to get autopi as I am still researching as well. Additionally, I would recommend seeing if you can disable ssh and change default password. Again I am not sure the details on how autopi is configured out of the box before you start modding. Not mention I would be concerned about IoT in general. Who’s to say autopi.io backend does not get compromised. As with any tech you just have to recognize that if anyone is that pressed they will find a way. You just have to take your own precautions and be smart about how you secure your solution. That said it would be good if autopi had some type of MFA solution in order to connect and manage the system.
