| ▲ | cakealert 6 days ago |
| Why are so many car manufacturers incapable of using cryptography properly? |
|
| ▲ | tamimio 6 days ago | parent | next [-] |
| Car manufacturers are like automation/control manufacturers; they existed before cybersecurity and never caught up to the pace. If you ever audited any SCADA system, you will see nightmares. For cars, some new models of popular brands (not specifying any), you can access the CANbus from the headlight where you can reprogram the ECM to your new key. It's that simple to "own" a modern car. |
| |
| ▲ | dfex 6 days ago | parent | next [-] | | PREACH! Currently sitting in a control room at a greenfield manufacturing facility trying to describe why even VLANning the control network would be a good idea to some controls engineers who want a plant-wide subnet for all PLCs that will be remotely supported by 6 different vendors. The struggle is real | | |
| ▲ | protocolture 6 days ago | parent | next [-] | | Loosely aware a controller manufacturer who wanted a bluetooth/wifi based password recovery utility with a fixed or predictable recovery key. They were asked what their exposure would be if someone walked into a datacenter and used their phone to disable all the airconditioning systems. | |
| ▲ | giantg2 6 days ago | parent | prev [-] | | Do they want the passwords for all their systems to match so they don't need to remember as many? | | |
| ▲ | dfex 6 days ago | parent [-] | | My suspicion is that they want all the passwords on this site to match the one they use with all their other customers too. Saves money on password management. |
|
| |
| ▲ | Terr_ 6 days ago | parent | prev | next [-] | | > It's that simple to "own" a modern car. On the other hand, it's been a great excuse for a hobby project with 12V relays and learning how to write code for an ESP32. :P I still haven't yet figured out which CAN-bus to tap and which undocumented byte-messages to interpret... but entering the Konami Code on the steering wheel to unlock the ignition is quite plausible. Or an NFC/RFID tag over a hidden reader, or an active bluetooth connection to my phone, etc. Whatever the case, quite enough to stop the average thief that would target a cheaper vehicle like my own. You could also skip the ESP32, and have a purely analog switch tucked away. | | |
| ▲ | waste_monk 6 days ago | parent [-] | | >but entering the Konami Code on the steering wheel to unlock the ignition is quite plausible. The left, right, left, right part I can see, but surely up, up, down, down, would be difficult on most steering wheels :) | | |
| ▲ | reorder9695 6 days ago | parent [-] | | What about media controls? My steering wheel anyway has up and down buttons for skip songs |
|
| |
| ▲ | bbarnett 6 days ago | parent | prev [-] | | I've seen one-manufacturer, 2024 models at least, which requires two keys in range, before a third key may be programmed. Good idea, don't know how effective it is in reality. | | |
| ▲ | bayindirh 6 days ago | parent | next [-] | | Needing two keys for a third one is not new. My 25 year old car needs two keys for adding the third, old Fiats has “red master” keys which are also required during adding keys. | | |
| ▲ | serf 6 days ago | parent | next [-] | | Honda/Acura/Toyota have used similar systems for years; this is one of the reasons why cloning a key costs less flagged hours than making a new one for an owner that lost all of them : when you lose all of them you need to get the actual computer out and pair it with the ecm directly, when you clone them there is a ritual that can be done with the other keys+ the new one. | | |
| ▲ | tonyarkles 6 days ago | parent [-] | | > ritual I cannot think of a better word to describe the process. The ritual may involve some chanting. Thank you for that :D | | |
| |
| ▲ | dzhiurgis 6 days ago | parent | prev [-] | | Man wish we could copy that key onto smartphone (Apple needs to add flipper zero's tech to iPhone) for easy keyless access. | | |
| |
| ▲ | rootusrootus 6 days ago | parent | prev [-] | | That's common, and it's often a bit stricter. E.g. my Ford Lightning has a pocket you have to put the fob into for this kind of activity. For certain things you need both fobs, so you do one, and then the other, as part of a sequence in the programming. Just being in range isn't good enough. |
|
|
|
| ▲ | dylan604 6 days ago | parent | prev | next [-] |
| Proper security is a total pain in the ass, and makes things nigh impossible to use in the manner people want to use them. This naturally makes things more expensive to recover from oopsies. This is why YubiKeys will only ever work for people technical enough to understand them. Normies will loose it at the first chance, and then be locked out of everything. At that point, YubiKeys will be banned by Congress from all of the people writing in demanding something be done about their own inabilities to not be an ID10T |
| |
| ▲ | theamk 6 days ago | parent | next [-] | | As far as car security is affected, "normies" really don't care what the algorithm is. The entire UX is "press button to open car, go to dealership if you need new key" and it allows a wide variety of choices re algorithms. The only reason they use KeeLoq (with whopping 32 bits of security!) instead of something normal, like I dunno, AES-128 or something, is because they are trying to save $0.50 in parts on the item they sell for $100. Oh, and because they don't like any change and don't have organizational ability to use anything recent, like other poster says. | | |
| ▲ | fc417fc802 6 days ago | parent | next [-] | | > The entire UX is "press button to open car, go to dealership if you need new key" Ironically proper security in this case would likely improve the user experience as well. The car provides a 64 bit (or larger) secret value and you manually program a standardized fob with it. No need for custom parts that are only available from the dealer. | |
| ▲ | Terr_ 6 days ago | parent | prev | next [-] | | I wonder if it's less about the cost of silicon, and more about the energy budget for a device that uses a button-cell battery. Even if it's a problem with off-the-shelf stuff, I imagine a car-manufacturer could easily get something all nice and tiny and special-purpose. | | |
| ▲ | theamk 6 days ago | parent [-] | | The encryption only needs to happen when button is pressed, and I am pretty sure the radio energy consumption will be much higher that CPU one. Airtags transmit much more frequently than car remotes, use similar batteries, and yet do proper security. | | |
| ▲ | selkin 6 days ago | parent [-] | | Modern keyfobs keep listening and transmitting all the time, as you no longer need to push a button. Just get close enough to the car and it opens. | | |
| ▲ | Terr_ 6 days ago | parent | next [-] | | A terrible "feature", since it means someone can steal your car just by relaying the signal from outside your home at night, or an accomplice walking near you as you're entering the grocery store, etc. I've become a big believer in leveraging some security features of the physical world, as it seems it's been long enough that everyone's forgetting Therac-25-style problems. (Or, perhaps more accurately, nobody cares because they aren't liable.) | | |
| ▲ | imp0cat 6 days ago | parent [-] | | It's not as bad. Modern keyfobs actually detect motion and if they are motionless for a while, they stop transmitting the signal to both save battery and prevent such attacks. For old keyfobs, you can get a battery sleeve with integrated motion sensor which does the same (cuts power when fob is not in motion for a while). Alternatively, some cars let you disable the feature and just use the keyfob as you would use an older one - then you habe to push the button anytime you want to unlock the car. |
| |
| ▲ | 6 days ago | parent | prev [-] | | [deleted] |
|
|
| |
| ▲ | dylan604 6 days ago | parent | prev [-] | | > (with whopping 32 bits of security!) Ha! DVDs at least had 48 bits. /s |
| |
| ▲ | giantg2 6 days ago | parent | prev | next [-] | | Proper security doesn't need to be perfect security. In the case of car manufacturers, most of their fob implementations are borderline negligent. | |
| ▲ | glitchc 6 days ago | parent | prev [-] | | You're right. Sometimes I get tired of typing my sudo passwords and wish there was a faster way. Biometrics are not bad. | | |
| ▲ | jeroenhd 6 days ago | parent [-] | | It really depends on the way biometrics are implemented. If you're doing it Apple style, where a dedicated chip validates biometrics and uses encryption and signatures to prove to the OS that the user is who the say they are, they're as good and trustworthy as the software you're running on them (which in the case of macOS for instance requires full trust). If you're doing the "fingerprints implemented as a webcam" or software based facial recognition from a shitty webcam, you're risking quick and easy bypasses. Still good enough for a computer you leave at home (as long as you don't need to protect yourself against shady law enforcement) but definitely not that secure. From what I've been able to gather online, nobody but Apple and phone manufactures seem to care much about actually doing biometrics securely, including the biometrics hardware companies. It's such a shame because it's definitely possible to do better. |
|
|
|
| ▲ | nullc 6 days ago | parent | prev | next [-] |
| Cryptography is actually difficult for the requirements of a key fob. The principle issue is that requiring two way communication greatly increases hardware cost and lowers range/reliability. You also would prefer to minimize or eliminate any volitile storage on the devices. Also you very much want to absolutely minimize the data sent, both for battery life and range/reliability reasons. And whatever volatile storage the devices have you need to have some way of handling it being reset when its lost due to a dead battery or replaced device. So standard replay resistant protocols like "door sends a random challenge, fob signs/decrypts/encrypts it and sends the result" are excluded due to the two-way requirement. The next obvious set is along the lines of "device sends an encrypted counter, door enforces that the counter only goes up" requires nonvol storage in both devices, and then gets tripped up when the fobs counter goes back down due to being reset. (also harder to implement multiple fobs, as they each need unique state). |
| |
| ▲ | cyberax 6 days ago | parent | next [-] | | > Cryptography is actually difficult for the requirements of a key fob. No, it's not. > The next obvious set is along the lines of "device sends an encrypted counter, door enforces that the counter only goes up" That's already how rolling codes work. Running a strong crypto algorithm (even Ascon/Speck would be fine here) requires negligible power. The issue is that this system is still susceptible to jam+replay attack. An attacker can jam the transmitter signal, while recording it at the same time. The user assumes that the button press just didn't register and tries again. The attacker also jams this and records the code. But then the attacker replays the _previous_ code that they stored, keeping the latest code for their future use. This can _also_ be fixed with a simple capacitor-powered timer circuitry, charged during the keypress. The device can stay completely inert at all other times. | |
| ▲ | fc417fc802 6 days ago | parent | prev | next [-] | | Agree about the requirements but disagree that it's difficult. Two way communication and a few KiB of nonvolatile storage on the fob shouldn't be a deal breaker when an ESP32 dev board runs under $10 (an ESP32 being massive overkill for the described use case). The device sending an encrypted counter is also trivially easy. There's no reason a modern vehicle can't store hundreds (or thousands, or tens of thousands ...) of { u64 fob_id, u64 fob_key, u64 fob_counter } triplets. Push it up to 128 bits if you're paranoid, it won't have a meaningful impact on resource usage. Case in point regarding the car storing state, the (broken) rolling window algorithm they use requires that the car track the window and accept presses that are out of sync by a decently wide margin. That's likely more complicated and resource intensive than simply enforcing that the nonce only ever goes up. The rational conclusion is that the manufacturers are either incompetent or malicious. I firmly conclude the latter given that the fobs they offer that are actually secure introduce vendor lock in and a charge to replace a key. | | |
| ▲ | nullc 5 days ago | parent [-] | | What you're describing is basically keeloq which is one of the most common rolling code systems. It sends a 28 bit serinal number a 4 bit button code, 2 bit code for repeat and low battery, and a 32-bit encrypted part with an incrementing sequence number. The rx enforces the sequence goes up. You press button to open. Attacker lets the first sequence go through and the door opens, while the button is still down the attacker jams your second transmission while capturing it themselves. Now they have a code they can use to open again when you're not around, assuming you don't use it again in the meantime. If you wonder how vulnerable systems keep getting deployed without it being malicious, you don't need to look any further than the nearest hotshot that thinks everything is "not that difficult" and that everyone else is incompetent. Security of any kind is just hard. The defender must defend against any possibility while the attacker needs just one vulnerability. How much cost and range and battery life are worth losing when the attacker can just punch through a window with their fist? | | |
| ▲ | fc417fc802 5 days ago | parent [-] | | You misrepresent my position. The attack you describe isn't the one being discussed here. Unless I've completely misunderstood, the algorithm itself was broken here. As to the attack you reference. It's active and touchy to pull off. It doesn't particularly concern me but of course would be better if it weren't possible. To that end I'm not clear why there's a double transmission with two distinct and independently usable codes? What am I missing? I thought the attacker jammed, recorded two user attempts (ie two distinct button clicks, neither being permitted through initially), then rebroadcast the first attempt while retaining the second for later. > The rx enforces the sequence goes up. Except that there's apparently a rolling window to support recovering from desync. Which to me sounds more complicated and error prone than a simple nonce that can only ever go up. Really though the manufacturers ought to (IMO) accept the extra dollar or five on the BoM that it would take to get proper two way communication. |
|
| |
| ▲ | SoftTalker 6 days ago | parent | prev [-] | | If only almost everyone carried a computer with a radio and local storage and a good battery with them almost everywhere | | |
| ▲ | nullc 6 days ago | parent [-] | | with a battery life of two years? and durable against going through the washing machine? | | |
| ▲ | SoftTalker 6 days ago | parent [-] | | If you want simplicity and ruggedness we should never have moved away from steel keys. | | |
| ▲ | hollerith 6 days ago | parent [-] | | Very few keys are made of steel. Brass is the most common material. | | |
| ▲ | SoftTalker 6 days ago | parent [-] | | The problem with brass is that it wears away and the small shavings of metal gunks up the lock mechanism. Mercedes used steel keys to avoid this. |
|
|
|
|
|
|
| ▲ | kube-system 6 days ago | parent | prev | next [-] |
| The reason these vulnerabilities affect many brands is because they don’t use cryptography. They buy these electronics from other suppliers. |
|
| ▲ | ronsor 6 days ago | parent | prev | next [-] |
| You can ask this question about almost every non-software company. Hell, you can ask this question about most software companies. The real question is "why are most people and companies incapable of using cryptography properly?"; and the answer is that doing cryptography right is hard, especially if your use case isn't a common one. |
|
| ▲ | the_mitsuhiko 6 days ago | parent | prev | next [-] |
| To some degree customers love it. It allows you to program your own replacement key without having to go through the manufacturer or an official dealer. |
| |
| ▲ | j1elo 6 days ago | parent | next [-] | | No doubt they would charge $100 or more for just clicking a button and having the equivalent of an NFC writer. | | |
| ▲ | colechristensen 6 days ago | parent | next [-] | | When my favorite quadruped knocked my keys into the trash I had to get my car towed to the dealer for them to program me a new key. One one hand, top notch security as it was impossible to do any other way. On the other hand the total to get this done was something like $500 after everything. | | |
| ▲ | dylan604 6 days ago | parent [-] | | I did this to myself by placing my keys in a pocket of a bag that I've never used before when returning to the airport parking. I found the keys in the bag after paying to have it re-keyed after paying for the tow from the airport to the closest dealer. | | |
| ▲ | mh- 6 days ago | parent [-] | | This is totally something I'd do. I'm very organized when I travel for work and everything has a place. If I absentmindedly slip something into the wrong part of my bag, it might as well be invisible.. | | |
| ▲ | colechristensen 5 days ago | parent | next [-] | | I have a photographic memory for items dropped in a terrible mess, years later "oh that thing is there under this and that" I also have a problem with thinking of wise places to leave something and then it is gone forever unless I dig through 75% of everything I own. After I find it I am reminded of what my thought process was. | |
| ▲ | imp0cat 6 days ago | parent | prev | next [-] | | Get a bluetooth tracker (Apple Air Tag, Samsung Smart Tag or the generic Google Find My compatible one for other Android devices), set it up with your phone and attach it to your car keys. Then anytime you misplace your keys, you can look at a map on your phone and it will show you where to go. | | |
| ▲ | mh- 6 days ago | parent [-] | | Yeah, big +1 on this tip. I have AirTags on my bags themselves as well as some other things. Don't have them on my key fob, but you may have inspired me to attach one haha. The map thing when you're nearby and it goes into the sonar-like mode is super cool. Especially combined with the ping noise. | | |
| ▲ | colechristensen 5 days ago | parent [-] | | Airtag in the glove compartment of your car. | | |
| ▲ | mh- 5 days ago | parent | next [-] | | Oh this is brilliant. Why haven't I thought of this? I travel a lot for work and always take a pic of my parking space number. A few weeks back I forgot to, realized I forgot before I got in the security line and was like.. nah, I won't forget on a short trip. When I got back later that week I walked the entire floor of the garage, about 25 minutes. | |
| ▲ | imp0cat 4 days ago | parent | prev [-] | | Yea, hiding one in the car is a great idea, too. |
|
|
| |
| ▲ | dylan604 6 days ago | parent | prev [-] | | I'm a great example of "for someone supposed to be smart, you do the dumbest things" | | |
| ▲ | mh- 6 days ago | parent [-] | | Haha, I heard this a lot growing up. And now I have kids of my own.. |
|
|
|
| |
| ▲ | hungmung 6 days ago | parent | prev | next [-] | | Well they don't call them stealerships for nothing. | |
| ▲ | pkaye 6 days ago | parent | prev [-] | | I wonder who make more money on this. The car dealer or the manufacturer. |
| |
| ▲ | theamk 6 days ago | parent | prev | next [-] | | You can have strong cryptography + ability to self-pair. See bluetooth or wifi or zigbee or many other technologies.. | | |
| ▲ | fc417fc802 6 days ago | parent [-] | | Maybe the car manufacturers should just give up and adopt BTLE. Proper security, and you could unlock with your phone. |
| |
| ▲ | IshKebab 6 days ago | parent | prev [-] | | What does? The article is very unclear about what exactly this does. | | |
| ▲ | the_mitsuhiko 6 days ago | parent [-] | | The attacks to rolling code keys are well known but these keys continue to exist. They allow you to pair a key yourself to the car that you buy online. Particularly in the US it's quite common that people buy used cars and then another key online that they pair themselves. You won't be able to do this for instance with VAG cars that have KESSY. First of all the immobilizer is paired to the key, secondly the only way to pair a new key to it is via the manufacturer or a licensed dealership because you need a blob from their central server. But the consequence is that people feel like they are being fleeced when they need another key, because it can cost you hundreds of dollars to pair one. In general these types of attacks are much harder in Europe where immobilizers have a legal minimum standard that manufacturers have to meet. On the other hand in the US immobilizer are entirely optional, which has famously led to KIA and Hyundai cars shipping without them and the Kia Boys TikTok phenomenon. | | |
| ▲ | 6 days ago | parent | next [-] | | [deleted] | |
| ▲ | fc417fc802 6 days ago | parent | prev | next [-] | | > But the consequence is that people feel like they are being fleeced when they need another key, because it can cost you hundreds of dollars to pair one. Because the ARE being fleeced. It's an artificial dependency on the vendor on the one hand versus a blatantly insecure approach on the other. Secure pairing that can be done by the end user isn't rocket science. | | |
| ▲ | the_mitsuhiko 6 days ago | parent [-] | | It is a bit rocket science because cars stand around. The CAN bus can even be externally accessed if you pop open the right part of the car (common fault are adaptive headlights). It is not as trivial as people make it out to be because cars violate one of the most important principles of having good security: no physical access. | | |
| ▲ | fc417fc802 6 days ago | parent | next [-] | | That has nothing to do with secure pairing. It's an entirely orthogonal concern. Any sensitive system on a vehicle is going to be subject to the same thing. I don't think anyone will be surprised if the security is swiss cheese once you pop the hood open or bust a headlight out. Keep in mind that a brick to the window and tearing up the center console will get you physical access to the head unit on most vehicles. | |
| ▲ | IshKebab 6 days ago | parent | prev [-] | | It is trivial: 1. Initiate pairing via the entertainment system interface. 2. Use rolling codes. Don't allow rewinding the codes. 3. Add a tiny tiny bit of non-volatile memory in the keys so that batteries can be changed without breaking the key. This is only necessary if the car can't be entered using the physical key, otherwise the user can just open the car with the physical key, turn on the ignition and re-pair the key. I could make a secure system to do this and I'm no crypto genius. (Note this would still be vulnerable to rolljam but that's not a very practical attack, and defeating that is a bit difficult.) To support car hire/share places if they want to prevent users pairing new keys you could allow setting a password on the pairing interface. | | |
| ▲ | the_mitsuhiko 6 days ago | parent [-] | | That's more or less already how the rolling code based systems work. The problem of course is that if you have access to one of those keys (or use rolljam to get one or more codes) you have enough to get another key added. | | |
| ▲ | fc417fc802 5 days ago | parent | next [-] | | That isn't the problem, at least not the major one that lead to this discussion. It's that the algorithm used is broken. It's example number 9001 of why you should never roll your own crypto for a commercial application. (Amusingly example 9002, TETRA radios, was also on the HN frontpage around the same time). | | |
| ▲ | the_mitsuhiko 5 days ago | parent [-] | | First of all they did not roll their own crypto, it's just not the most modern crypto any more. Secondly while this particular permutation of the issue is related to bad crypto, it's cascading a completely different issue which is that it's just fundamentally possible to pair a key with physical access which is easy to get. | | |
| ▲ | fc417fc802 5 days ago | parent [-] | | From Wikipedia: > KeeLoq is a proprietary hardware-dedicated block cipher that uses a non-linear feedback shift register (NLFSR). Pretty much any proprietary encryption algorithm is going to qualify as "rolling your own". "Not the most modern" is a gross understatement. I can forgive the original authors since it dates to the 1980s and AES wasn't standardized until 2001. (Only just barely though given that DES dates to 1977.) I can't forgive vehicle manufacturers that are _still_ using it (or things significantly like it) 25 years later. I hope that products manufactured post 2005 use strong publicly available cryptography. After 2010 I fully expect it. After 2015 I view any failure in that regard as gross negligence that ought to be legally actionable. > it's just fundamentally possible to pair a key with physical access which is easy to get. I don't follow? | | |
| ▲ | the_mitsuhiko 4 days ago | parent [-] | | > Pretty much any proprietary encryption algorithm is going to qualify as "rolling your own". It came out of a university and was acquired. > I hope that products manufactured post 2005 use strong publicly available cryptography. A lot of the challenges are related to key pairing and relaying of wireless information in combating with jamming. It’s a tricky thing to secure given the circumstances. > I don't follow? Cars stand around 99% of the time and easy to get into. pairing protocols assume that physical access is restricted / not possible. That’s why it’s so much harder to secure car key pairing. What would make it more secure is delegating the security to a remote service which is secured. Eg: what Tesla does with their keys. | | |
| ▲ | fc417fc802 4 days ago | parent [-] | | That changes nothing. The idea behind not rolling your own isn't just deliberate expert design but also open review by other unrelated experts. > It’s a tricky thing to secure given the circumstances. You are hand waving and you are wrong. If you are going to make claims then be specific and make solid points. The various algorithmic solutions are simple and common knowledge these days. I went into more detail in adjacent comments. By your own logic the physical entry key isn't secure either. After all the car is just sitting around - anyone could jimmy the lock. Similarly all it takes is a decent photograph or two with a telephoto lens to reproduce your typical physical key that will get you in the door. But all of that is entirely off topic. The broken and outdated wireless algorithm has nothing to do with the criteria used by the vehicle to decide whether or not someone is authorized to enroll or revoke a key. Tie that to possession of the physical key and problem solved. If you can't drive off with the vehicle then you can't pair a new fob either. | | |
| ▲ | the_mitsuhiko 3 days ago | parent [-] | | > The various algorithmic solutions are simple and common knowledge these days. Honestly I'm not really sure what you are trying to get to. If you think this is a solved problem, it's really not. [1] > The broken and outdated wireless algorithm has nothing to do with the criteria used by the vehicle to decide whether or not someone is authorized to enroll or revoke a key. Tie that to possession of the physical key and problem solved. It has something to do with it in the sense that key pairing that just requires physical presence through the key is susceptible to rolljam type attacks. Likewise the NFC attacks against Tesla also involved enrolling a new key on the car via a relay attack to a present NFC key. You're saying this is so easily solvable, yet time and time again it's shown that this is just a really hard problem to solve. [1]: https://arxiv.org/pdf/2505.02713 |
|
|
|
|
| |
| ▲ | IshKebab 5 days ago | parent | prev [-] | | Yeah exactly - requiring either an existing physical key, or an impractical rolljam attack is much better than what they have apparently implemented. |
|
|
|
| |
| ▲ | IshKebab 6 days ago | parent | prev [-] | | But the attack claims to not need access to the car to initiate any kind of pairing sequence... | | |
| ▲ | the_mitsuhiko 6 days ago | parent [-] | | Yes. With rolling codes this vulnerability and similar ones are known for a very long time. | | |
| ▲ | IshKebab 6 days ago | parent [-] | | Seems to be from 2022. I wouldn't say that is "a very long time". | | |
| ▲ | the_mitsuhiko 5 days ago | parent [-] | | The fundamental flaws with this approach to keys is known since before 2015, but got a lot of international recognition when people found cheap ways to emulate keys through cheap software defined radios around that time. | | |
| ▲ | IshKebab 5 days ago | parent [-] | | I don't think so. The Flipper Zero isn't an SDR. What's the earliest reference to this attack you can actually provide? | | |
|
|
|
|
|
|
|
|
| ▲ | sneak 6 days ago | parent | prev | next [-] |
| They're not. There is AFAIK an ssh key infrastructure for OnStar that's modern and well-run, for example. Things like key fobs are most likely very incremental changes on "this is the way we've always done it". These organizations are behemoths and steer with all of the inertia of a containership. |
| |
|
| ▲ | brk 6 days ago | parent | prev | next [-] |
| It's not like the systems they used for physical keys were ever very robust either. |
|
| ▲ | downrightmike 6 days ago | parent | prev [-] |
| Like when just putting in a usb-A anything into the steering column and letting the car drive away? Nah man, no one will figure it out. We're good. Our backdoors are the best |
