Hacker News new | past | comments | ask | show | jobs | submit login

I think you're in a desktop computer "whole product is one computer" moddel. A car is a set of computers, almost nothing in a car is central to itself.

There's probably a body controller ECU that ties into engine ECU and driver's key systems. So theives would just generate and flash a new key/cert, that'll be certainly possible.

Infotainment? That's almost literally an aftermarket parts. American reviewers tend to see it as integral part of a car or even a central computer, surely it's important in terms of product experience but architecturally it's more like a printer over Ethernet than a laptop integrated display.




> There's probably a body controller ECU that ties into engine ECU and driver's key systems. So theives would just generate and flash a new key/cert, that'll be certainly possible.

This sounds like the old desktop mentality you mentioned. You can’t just reflash things to bypass a secure boot process – the entire point is to prevent things like that! You’d design the driver’s key to pair with the various onboard systems and those systems to do a challenge-response cycle during the boot process so someone can’t easily drive away without the key or resell those parts, with both sides using a private key which never leaves that component. Yes, that kind of design can still be attacked but the goal here is to make it more expensive than it’s worth: needing a flatbed to take it somewhere for a rogue EE to work on it, for example, just isn’t going to make sense except for the most expensive luxury vehicles.

This brings me to:

> Infotainment? That's almost literally an aftermarket parts.

Yes, and those cost money. The entire point is that you don’t need to make it perfect, just expensive. If someone has to replace the display and speakers, that means they’re making less profit on the sale and making it more obvious that the vehicle was stolen which increases risk and reduces the number of buyers, especially for the most valuable vehicles.


> This sounds like the old desktop mentality you mentioned. You can’t just reflash things to bypass a secure boot process – the entire point is to prevent things like that!

The actual real problem I failed to explain is manufacturers don't want to deal with networked authentication, broken physical keys, or day-to-day repair shop operations, so they keep most of the processes offline and send out re-pairing tools that leaks. Very few cars require breaking chain of trust to swap out parts which makes "If they need to create a custom engine controller, ..." part unrealistic as of now. It takes few more years before Apple starts delivering cars.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: