[SystemSafety] BMW and FIAT firmware updates
Derek M Jones
derek at knosof.co.uk
Thu Mar 3 16:29:39 CET 2016
All,
BMW not using a secured web connection (e.g., SSL) to for
software updates is a potential security problem.
But FIAT posting USB sticks to customers trains them to be at ease
using a much easier attack vector:
https://shkspr.mobi/blog/2016/02/bmw-are-sending-their-software-updates-unencrypted/
and hopefully when BMW get around to complying to the GPL,
we will see that the critical stuff is suitably protected:
https://gist.github.com/duncan-bayne/fc3213d4a0eabb70bb1e
--
Derek M. Jones Software analysis
tel: +44 (0)1252 520667 blog:shape-of-code.coding-guidelines.com
More information about the systemsafety
mailing list