So what they are saying is it’s okay to have telematics as long as access is only for those who they want to have it. The presumption is that the protocol/system is inherently insecure, so restricting it is the best way to avoid issues.
Classic “security through obscurity.”
This argument has been made so many times in different forms. It’s like the open source versus proprietary approaches to hardware, software, etc. But I understand it’s a little different here because the implications of updating a vehicle’s firmware is a lot different than updating your Roku. It’s not as easy to implement security mechanisms like public-key cryptography on an embedded vehicle ECU meant to run reliably at all costs.
So what they are saying is it’s okay to have telematics as long as access is only for those who they want to have it. The presumption is that the protocol/system is inherently insecure, so restricting it is the best way to avoid issues.
Classic “security through obscurity.”
This argument has been made so many times in different forms. It’s like the open source versus proprietary approaches to hardware, software, etc. But I understand it’s a little different here because the implications of updating a vehicle’s firmware is a lot different than updating your Roku. It’s not as easy to implement security mechanisms like public-key cryptography on an embedded vehicle ECU meant to run reliably at all costs.
But artificial air-gap isn’t the answer either.