This is bullsh*t
Snaky lanugage in that article
At this point, some of our more security-minded readers might need to have a lie down because, yes, that language does essentially mean there would be no proper security controls preventing someone from remotely connecting into a car.
this is already true, they just pretend its not.
Are they dumb? Interfaces with publicly available documentation doesn’t mean that they don’t have access control/authentication.
Hiding the documentation doesn’t actually change anything security-wise, except that nobody can review these interfaces.
Hackers are gonna hack, no matter if they have a documentation or not.
@hedge It’s really telling that having an API that allows controlled access to the car’s state is equivalent to “no security” when uh… that’s how the rest of the world works.
A tad more complicated as car software does need to be much less prone to security vulnerabilities than a random software (as it has the responsibility to handle human life)
But yeah… what about their existing telemetry? same thing could be argued.
It mentions there are federal regulations working through congress, which to be honest is better for everyone in the end as long as it’s not nerfed.
