alt Hacker NewsIt's not good that they allow anyone that happens to be in your car briefly root access. It'd be live having an always-on laptop in your office with a open shell on it.
They should have provided some mechanism for the real owner to approve updates if the updates aren't all trusted by default.
Replies
brookst • today at 1:57 PM
How do you validate “the real owner” if having the keys isn’t enough? That sufficient to steal the car.
You could do a PIN/password, but if it is never used during operation, nobody will know it. Ask anyone who’s had a head unit that needed a PIN after losing power.
➕ show 1 reply
Who cares? The valet could do any number of other attacks, like stealing the car, sabotage, adding a tracker, whatever. Threat modeling is important, otherwise security can harm one's own goals. Sometimes you have to briefly trust another person. I'd rather have an open shell inside a locked room when the alternative is no access at all.