On 19.3.2014 16:20, Carsten Haitzler (The Rasterman) wrote:
sure. but in the case of ivi, it'll neever protect your car. its for infotainment. at least thats ostensibly the purpose. if ivi is meant to totally take over all functions of a car... including door locks etc... it's going to be a big problem.
IVI should be protected by the same key system as the car itself, but in addition it can use other means such as NFC (we implemented a demo version of this for TLM).
I don't want to enter any passwords when I enter the car, currently IVI is unlocked by my key fob and recognizes me. And that's how car already recognizes driver's setting preferences, driver seat configuration, etc.
For passengers, NFC/BT is good way to authenticate. 10 pieces of 4 kB NFC stickers cost 30€. You can save one in bank's vault for recovery.
the problem is - with phones, no one expects to have to pay 200eur to unlock it. same for a pc. also a phone is a $500 or $1000 purchase. a care is $20,000-$100,000 or more purchase. and phones are not parked along on the side of a street for hours, days or weeks at a time... etc. :)
I think my phones are pretty much bricked if I forget the device lock code. Maybe it is possible to reflash the device at service.
Even my Samsung Galaxy Tab 10.1 has full storage encryption and long device lock password and I don't know how it could be recovered if lost (I don't use any NSA...ehm.."cloud recovery" services).
you can't apply the same assumptions on security to both ivi/cars and phones/tablets/pc's or even tv's etc. (tv's might be much more likely to be publicly unattended though).
At best what you should get in case of "recovery" is completely DoD grade wiped device. If my device gets lost, I want to get a remote kill switch for it so that it can never be used by anybody again. Isn't this becoming mandatory in California?
My data is much more valuable than the hardware it resides on. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
