BMW not using a secured web connection (e.g., SSL) to for software updates is a potential security problem. But FIAT posting USB sticks to customers trains them to be at ease using a much easier attack vector:
https://shkspr.mobi/blog/2016/02/bmw-are-sending-their-software-updates-unencrypted/
and hopefully when BMW get around to complying to the GPL, we will see that the critical stuff is suitably protected: https://gist.github.com/duncan-bayne/fc3213d4a0eabb70bb1e
-- Derek M. Jones Software analysis tel: +44 (0)1252 520667 blog:shape-of-code.coding-guidelines.com _______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxxReceived on Thu Mar 03 2016 - 16:29:24 CET
This archive was generated by hypermail 2.3.0 : Sat Feb 23 2019 - 01:17:08 CET