|
| ▲ | Retr0id 5 hours ago | parent | next [-] |
| The github OP reports that browser-based login still works, so it'll likely be circumventable. |
|
| ▲ | dullcrisp 6 hours ago | parent | prev | next [-] |
| Wouldn’t any Volkswagen keys need to cross the network to get into the Secure Enclave? Or couldn’t you exploit the Volkswagen app itself? |
| |
| ▲ | brabel 5 hours ago | parent [-] | | Keys in the Secure Enclave never leave the device (or the SE for that matter) and cannot be extracted even physically. | | |
| ▲ | Retr0id 2 hours ago | parent [-] | | Newer devices support Remote Key Provisioning (RKP), so you still can't export keys but you can import them. (Physical attacks are still possible, just very difficult) |
|
|
|
| ▲ | msandford 4 hours ago | parent | prev [-] |
| If the data is going through the air or a wire it can be sniffed, right? Is every message signed or encrypted like ssl/tls, or is this just some kind of extra header(s)? |
| |
