> I never understand this arguement. I hear it in the form "we should just regulate cars to be safer", why dont you just buy a safer car?
I don't understand your argument. Do you expect every potential car buyer regardless of tech literacy to go to a dealership with an SDR setup on-hand, asking if they could test-out the key fobs, capture some signals, try to figure them out and look for common vulnerabilities on the new models? Do you expect the seller to explain the technical details of the key fobs at a depth you can be sure there's no vulnerabilities?
Determining that the key fobs were implemented securely is not something the buyer or even the seller will be able to determine. I would imagine a regulator has the ability to inspect them as they're being designed/built.
> if you go to buy a car you should have some simple considerations [...] Is it common for this car to be stolen?
By the time vulnerabilities are found and people start stealing them, there should already be plenty sold and roaming the streets.
I don't understand your argument. Do you expect every potential car buyer regardless of tech literacy to go to a dealership with an SDR setup on-hand, asking if they could test-out the key fobs, capture some signals, try to figure them out and look for common vulnerabilities on the new models? Do you expect the seller to explain the technical details of the key fobs at a depth you can be sure there's no vulnerabilities?
Determining that the key fobs were implemented securely is not something the buyer or even the seller will be able to determine. I would imagine a regulator has the ability to inspect them as they're being designed/built.
> if you go to buy a car you should have some simple considerations [...] Is it common for this car to be stolen?
By the time vulnerabilities are found and people start stealing them, there should already be plenty sold and roaming the streets.