Comment by brookst
12 hours ago
How do you validate “the real owner” if having the keys isn’t enough? That sufficient to steal the car.
You could do a PIN/password, but if it is never used during operation, nobody will know it. Ask anyone who’s had a head unit that needed a PIN after losing power.
Mere possession is also enough for someone to steal your laptop, but that still shouldn't allow them to trivially install a secret persistent backdoor, or break your disk encryption.
Agree that a PIN/Password would have usability problems with a car. Since no car manufacturer intentionally permits you to install software you want, there's no standard mechanism. But if this was standard I think an owner-set PIN would be very reasonable.
As someone who bought a used car with a weird head unit integration to set car features, behind a pin, and who was never able to get the pin (previous owner forgot, wasn’t written down, no clear path to reset)… I think it’s not a great solution.
Some cars have special valet keys, which prevent aggressive driving and high speeds, and maybe that’s the solution? But of course it means remembering to bring the special key.
Maybe the answer is just to look at loaning your car the same as handing your unlocked laptop to someone.