HackerTrans
TopNewTrendsCommentsPastAskShowJobs

user945234

no profile record

comments

user945234
·3 lata temu·discuss
On the contrary unfortunately, it's all secret for the average consumer.

People that never worked in the industry greatly underestimate how much it really costs in R&D and production to make a car. Adding "authentication" and "encryption" in this environment is way more complex and has more implications than importing yet another library in a web app.

Even so a few manufacturers go to a great deal of effort to secure their stuff while others are using 20y old architecture because it works and it saves money.

I want to say that "premium" brands are much better, but there are a lot of exceptions. However cars with lower margins and lower overall cost will be worse.
user945234
·3 lata temu·discuss
Throwaway account. I have actually worked on this sort of stuff. These topics are well known in the industry and have been for a surprising amount of time (decades).

Some premium brands will have the immobilizer await proper crypto from the key reader. In this case the key reader is just there to read the key and pass on the message, there is no decision being made outside of the immobilizer.

Some premium brands will also have immobilizers in other places, like the gearbox. It too will await proper crypto to shift into gear.

Some premium brands will have signed CAN/FlexRay/Ethernet frames that will prevent message spoofing, though that isn't only for this situation.

Most of the time the Gateway module has a static firewall - basically fixed routing tables so only modules that need to will be allowed to talk to each other.

Finally some premium brands will have an HSM both in the key and in the immobilizers to keep the material safe.

There is a lot more to this topic obviously but the reason some brands don't have this (and other countermeasures) is simple: cost.