On Wed, 19 Mar 2014 17:51:37 +0200 Jussi Laako <[email protected]> said:
> On 19.3.2014 16:20, Carsten Haitzler (The Rasterman) wrote: > > sure. but in the case of ivi, it'll neever protect your car. its for > > infotainment. at least thats ostensibly the purpose. if ivi is meant to > > totally take over all functions of a car... including door locks etc... > > it's going to be a big problem. > > IVI should be protected by the same key system as the car itself, but in > addition it can use other means such as NFC (we implemented a demo > version of this for TLM). > > I don't want to enter any passwords when I enter the car, currently IVI > is unlocked by my key fob and recognizes me. And that's how car already > recognizes driver's setting preferences, driver seat configuration, etc. > > For passengers, NFC/BT is good way to authenticate. 10 pieces of 4 kB > NFC stickers cost 30€. You can save one in bank's vault for recovery. yes - but ivi wont be authenticating access to the car (ie the door), so security is less of an issue compared to a fob that can open the car door and turn it on. > > the problem is - with phones, no one expects to have to pay 200eur to unlock > > it. same for a pc. also a phone is a $500 or $1000 purchase. a care is > > $20,000-$100,000 or more purchase. and phones are not parked along on the > > side of a street for hours, days or weeks at a time... etc. :) > > I think my phones are pretty much bricked if I forget the device lock > code. Maybe it is possible to reflash the device at service. > > Even my Samsung Galaxy Tab 10.1 has full storage encryption and long > device lock password and I don't know how it could be recovered if lost > (I don't use any NSA...ehm.."cloud recovery" services). factory reset from bootloader then re-setup account login+pw for play/market and u can get all your apps back... :) in fact android handsets, last i played, were able to fastboot from an sd card. on thsi sd card you can put any custom os image (normally a zip file) and this os can mount and mess with the host os - it could just reset screenlock mode on the host. as long as it can get fs access to the internal storage. if it's encrypted and you forget your encryption key... then you're in trouble. factory reset method then for you. :) > > you can't apply the same assumptions on security to both ivi/cars and > > phones/tablets/pc's or even tv's etc. (tv's might be much more likely to be > > publicly unattended though). > > At best what you should get in case of "recovery" is completely DoD > grade wiped device. If my device gets lost, I want to get a remote kill > switch for it so that it can never be used by anybody again. Isn't this > becoming mandatory in California? > > My data is much more valuable than the hardware it resides on. yeah. the nsa agrees with you. :) but most people disagree. everyone who uses facebook or any google services are giving their data away for free all day in return for a service, and if they paid for the service, it'd be fairly cheap to cover the costs, so they don't believe their personal data is worth much at all, if you imagine how much it'd cost to pay to have a "local only facebook" running... as they give it away for free at the drop of a hat to those offering shiny trinkets in return for it. -- Carsten Haitzler (The Rasterman) <[email protected]> _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
