Hacker News new | past | comments | ask | show | jobs | submit login

There's an industry standard (?) for Digital Keys:

* https://carconnectivity.org

* https://carconnectivity.org/digital-key/

Perhaps moving to that will help with security since everyone won't have to re-invent the wheel. (Of course implementation bugs are still possible.)




But then if there is a vuln in the industry standard system, then all cars will be affected.


We do the same with TLS, SSH, etc. As long as we have smart people at the helm I don't see a reason to be worried.


The threat model and security considerations there are too different between those examples.

TLS and SSH are not generally run on disconnected systems that may never get firmware updates, as just one obvious difference.


There's The Update Framework (TUF) for that, so maybe at some point cars will be able to update easily.


Sounds like a case where formal methods might be both appropriate and funding might actually be available for that.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: