So you have hackers mass compromising rooted android os around the world hoping for an overlap with Volkswagen users with the app, so that they can hack the app to unlock a car hopefully located near them instead of just opening the first car you find with a suction cup on the glass.
you have hackers mass compromising rooted android os around the world
Not necessary. You only need to compromise one. Any one without some sort of integrity service. And it ain’t that hard. Pick one of many with poor security practices.
instead of just opening the first car you find with a suction cup on the glass
If you really want to be picky about it, block out the unlock feature and any potential ‘phone as key’ functionality. Leave starting the air conditioning and information.
It means that if you are so obsessed with protecting a user from making an informed decision about their own security, then you could gracefully degrade in your ‘horribly insecure context’ instead of just bombing out completely.
Ok, I am the hacker from France that compromise the golf in Florida. Now what? Do I start the engine to pre-condition the car from across the ocean? You know you cannot even drive with the app, just start the engine… There is no reason at all for going all the way and doing this. None.
So you have hackers mass compromising rooted android os around the world hoping for an overlap with Volkswagen users with the app, so that they can hack the app to unlock a car hopefully located near them instead of just opening the first car you find with a suction cup on the glass.
Ok, got it
Not necessary. You only need to compromise one. Any one without some sort of integrity service. And it ain’t that hard. Pick one of many with poor security practices.
You cannot start a car with a suction cup.
I can’t start my car with my car’s app either.
If you really want to be picky about it, block out the unlock feature and any potential ‘phone as key’ functionality. Leave starting the air conditioning and information.
…okay? I can. What is that supposed to mean here?
So you want them to break the app, rather than just securing it?
It means that if you are so obsessed with protecting a user from making an informed decision about their own security, then you could gracefully degrade in your ‘horribly insecure context’ instead of just bombing out completely.
This has absolutely nothing to do with “informed decisions”?
Ok, I am the hacker from France that compromise the golf in Florida. Now what? Do I start the engine to pre-condition the car from across the ocean? You know you cannot even drive with the app, just start the engine… There is no reason at all for going all the way and doing this. None.