[mdlug] IOT Connectivity/Security Questions
Carl T. Miller
carl at carltm.com
Mon Apr 19 06:08:30 EDT 2021
Hi Peter,
From the sounds of it, your device is only a hot spot
until it is configured to connect to a network, then
it is no longer a hot spot. If you want to test this,
just get a wifi signal tester app for your smart phone.
Try it both at home and away. Also check how far
away the signal goes.
Search for "faraday cage for a cell phone" if you want
protect it from any wifi connections. You would need
to remove the faraday cage when you want updates
to occur.
Good luck!
c
On 4/18/21 9:59 AM, Peter Bart wrote:
> Good Morning All,
> I am wondering what extra security measures I should be taking to
> secure a connected device I have installed in my personal truck.
>
> It is an Autosync
> <https://www.btdieselworks.com/collections/autosync/products/2015-2018-autosync>
> that plugs into the OBD port to provide added functionality an/or unlock
> built in hidden features. It also connects to user designated WIFI
> networks. According to the user manual the AutoSync permanently saves
> your WiFi credentials and will automatically update itself whenever the
> vehicle is parked within range of your WiFi network and the engine/key
> has been off for >5 minutes.
>
> In my limited understanding of WIFI/networks that means the Autosync is
> constantly searching for the saved WIFI network, and in doing so is
> broadcasting a signal. To me that is a vulnerability that needs to be
> secured. Also; during the initial setup of the Autosync; a mobile
> handset is used to connect to the Autosync generated WIFI network to
> complete the installation. After I completed the installation of the
> Autosync I searched for the Autosync WIFI network with a computer not
> used during the setup. I could not find the Autosync hotspot, so far so
> good then. During the setup procedure, I use the mobile to connect to
> the Autosync hotspot and then go to 10.10.0.1, which then prompts me to
> connect to my WIFI hotspot. At that point I think the mobile
> disconnected from the Autosync hotspot, and the Autosync started the
> setup/update process. The update process was displayed on the vehicles
> screen. The location I chose to place the physical box; slighly smaller
> than a pack of cigarettes; is behind a steel reinforced plastic panel
> under the steering column. So it has steel in every direction; floor,
> doors, firewall; except possibly straight up so even if it was
> broadcasting the signal can't get out? I could wrap it in foam and put
> it in something as simple as a tin can? Any thoughts?
More information about the mdlug
mailing list