Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>"Hackers will be able to pull the data off the USB stick and reverse-engineer it. They'll get an insight into how these cars receive their software updates and may even find new vulnerabilities they can exploit," he told the BBC.

So? Never thought I would hear a "Security Expert" argue for, and not against security through obscurity. Perhaps this is not the best source for critique.




Also they could download the bin from the car itself.


No, that's not how it works. In some cases sure, but this is not something you just do out of the blue like plugging in a USB.


If the USB stick accidentally contains private keys for signing, that might be of concern.

The more important concern is the phishing issue.


Sure, but there is no evidence of that, so why even bring it up as an example/excuse as to why anyone would argue this way? It is totally unfair to assume that the content has not already been signed prior to distribution without evidence.


Unfortunately modern "news" is not based on evidence, merely the event of a claim.


> If the USB stick accidentally contains private keys for signing, that might be of concern.

That would still be a problem if the updates were only distributed to repair shops, however (you'd need someone on the inside, but given the number of people involved, that probably wouldn't be too hard).




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: