[Ovmsdev] Moving to a production cycle
tom at carrott.org
Sun Feb 25 15:43:49 HKT 2018
On 25/02/18 11:24, Greg D. wrote:
> Agree, WiFi's MAC is not useful as a passphrase or password, but I don't
> think that we need to go to blowing fuses to solve this.
> Michael, you are absolutely right that we shouldn't leave an open wifi
> hotspot sitting there; it's an invitation for abuse. But if we have a
> static passphrase pre-set, and there is nothing one can do with the
> module in that state - plugged in but not configured - I think that the
> window for that abuse is going to be vanishingly small.
I think the concern here is someone plugging it in but never configuring
it. The OVMS invites anyone passing to take control of it, which given
it will trivially control the car, is something we should be careful
with. For example, if you plug in and then forget about it, someone
could come along and connect to the wifi and perform the initial
configuration using the helpful web configuration wizard. Once they've
configured the module, at least for some cars, they can simply use it to
unlock the car.
This scenario doesn't really require a targeted attack, as it's just
stealing the vehicle or it's content, not trying cause the car to crash
by loading malicious firmware. It doesn't require any skill as it's just
using the standard OVMS features.
Perhaps the module should give up if it doesn't get configured within
say 30 minutes and shut off the access point and go to sleep.
Alternatively we could put a big warning on the box "configure module as
soon as possible"? Or both. The warning on it's own seems like a cop-out
given we can limit the exposure with a timeout.
> Since wifi can be either a client or an AP, not both, anyone using wifi
> for management can't use it as a client, since there is no easy way to
> move it back to being an AP. Ok, I suppose an SMS command could turn on
> AP mode... Is that the intent?
I've made some ESP8266 based data loggers that were both access point
and station connected to another network at the same time. This wasn't
intentional so I didn't spend long exploring how well it worked before
turning off the access point.
More information about the OvmsDev