Comment by varenc
17 hours ago
It's not good that they allow anyone that happens to be in your car briefly root access. It'd be live having an always-on laptop in your office with a open shell on it.
They should have provided some mechanism for the real owner to approve updates if the updates aren't all trusted by default.
Who cares? The valet could do any number of other attacks, like stealing the car, sabotage, adding a tracker, whatever. Threat modeling is important, otherwise security can harm one's own goals. Sometimes you have to briefly trust another person. I'd rather have an open shell inside a locked room when the alternative is no access at all.
You would notice if someone stole your car though.
How do you validate “the real owner” if having the keys isn’t enough? That sufficient to steal the car.
You could do a PIN/password, but if it is never used during operation, nobody will know it. Ask anyone who’s had a head unit that needed a PIN after losing power.
Mere possession is also enough for someone to steal your laptop, but that still shouldn't allow them to trivially install a secret persistent backdoor, or break your disk encryption.
Agree that a PIN/Password would have usability problems with a car. Since no car manufacturer intentionally permits you to install software you want, there's no standard mechanism. But if this was standard I think an owner-set PIN would be very reasonable.