Remix clone Hacker News

new | show | ask | jobs Github

▲

brabel 7 hours ago

If they’ve done it using Secure Enclave it’s essentially physically impossible to spoof.

▲

Retr0id 5 hours ago | parent | next [-]

The github OP reports that browser-based login still works, so it'll likely be circumventable.

▲

dullcrisp 6 hours ago | parent | prev | next [-]

Wouldn’t any Volkswagen keys need to cross the network to get into the Secure Enclave? Or couldn’t you exploit the Volkswagen app itself?

▲

brabel 5 hours ago | parent [-]

Keys in the Secure Enclave never leave the device (or the SE for that matter) and cannot be extracted even physically.

	▲	Retr0id 2 hours ago \| parent [-]
		Newer devices support Remote Key Provisioning (RKP), so you still can't export keys but you can import them. (Physical attacks are still possible, just very difficult)

▲

msandford 4 hours ago | parent | prev [-]

If the data is going through the air or a wire it can be sniffed, right? Is every message signed or encrypted like ssl/tls, or is this just some kind of extra header(s)?

	▲	chadgpt3 2 hours ago \| parent [-]
		Wrong.