[mdlug] IOT Connectivity/Security Questions

[Peter Bart]

Good Morning All,
	I am wondering what extra security measures I should be taking to
secure a connected device I have installed in my personal truck.

	It is an Autosync
<https://www.btdieselworks.com/collections/autosync/products/2015-2018-autosync>
that plugs into the OBD port to provide added functionality an/or unlock
built in hidden features. It also connects to user designated WIFI
networks. According to the user manual the AutoSync permanently saves
your WiFi credentials and will automatically update itself whenever the
vehicle is parked within range of your WiFi network and the engine/key
has been off for >5 minutes.

	In my limited understanding of WIFI/networks that means the Autosync is
constantly searching for the saved WIFI network, and in doing so is
broadcasting a signal. To me that is a vulnerability that needs to be
secured. Also; during the initial setup of the Autosync; a mobile
handset is used to connect to the Autosync generated WIFI network to
complete the installation. After I completed the installation of the
Autosync I searched for the Autosync WIFI network with a computer not
used during the setup. I could not find the Autosync hotspot, so far so
good then. During the setup procedure, I use the mobile to connect to
the Autosync hotspot and then go to 10.10.0.1, which then prompts me to
connect to my WIFI hotspot. At that point I think the mobile
disconnected from the Autosync hotspot, and the Autosync started the
setup/update process. The update process was displayed on the vehicles
screen. The location I chose to place the physical box; slighly smaller
than a pack of cigarettes; is behind a steel reinforced plastic panel
under the steering column. So it has steel in every direction; floor,
doors, firewall; except possibly straight up so even if it was
broadcasting the signal can't get out? I could wrap it in foam and put
it in something as simple as a tin can? Any thoughts?
-- 
Peter Bart
<peterbart.ch at gmail.com>