Well, that isn't totally incorrect, but to me the real message is "security gets the short end of the stick again" - in this day and age, having unencrypted messages flowing over the CAN bus is just stupid honestly..... Implicit trust (which is the flaw) has been the entry point for a TON of exploits.summary: techies get overexcited about imperfect design.
this is completely different from the good old days, when cars were impossible to steal. ?‍
meh. in practical terms, "show encryption" wouldn't really add anything--managing keys for something deployed for decades isn't a solved problem. sensationalist stories aside, the real defense against car theft is the same as it's been for 100 years: the demand for stolen cars is so much smaller than the total size of the car market that a herd defense is sufficient. (some number will be stolen, but the replacement cost is lower than "perfect security" would be.)Well, that isn't totally incorrect, but to me the real message is "security gets the short end of the stick again" - in this day and age, having unencrypted messages flowing over the CAN bus is just stupid honestly..... Implicit trust (which is the flaw) has been the entry point for a TON of exploits.
Locks have costs. How many $1000s are you willing to add to the price of a car? Especially if it's almost certain there will be other ways to steal the car?Its making them pick the lock instead of saying "the front door is locked but if you go around back, the door is open".