On 19.3.2014 7:23, Carsten Haitzler wrote:
secure device would even disallow jtag override), or we leave a hole, that requires a fair bit of effort and jumping through hoops, but allows you to regain control of your device, BUT this means that this hole is known and can be used to break the password of the device owner.
At least my car came with a key card for unlocking the IVI system in case it becomes locked (for example if battery goes empty or is disconnected). This card is supposed to be stored in safe place, not in the car.
It is not much different from SIM card's PUK code. If you enter it incorrectly five times, your SIM is bricked forever.
Some cars allow reprogramming key system in case keys are lost, but it usually costs around 200 EUR and needs to be performed at official dealer.
There's always risk in these, there was recently a case where BMW's were being stolen in about two minutes by using key system reprogramming API left open in the OBD port (and OBD II port was powered up also when the car wasn't). This was, IIRC, partially fault of standardization body because they required for certification the port to be always powered...
Some cars come with a special programming key fob, if you loose all your keys and the programming key fob, your car is bricked.
If you leave a backdoor, someone can always utilize it. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
