[SystemSafety] BMW and FIAT firmware updates

From: Derek M Jones < >
Date: Thu, 3 Mar 2016 15:29:39 +0000


All,

BMW not using a secured web connection (e.g., SSL) to for software updates is a potential security problem. But FIAT posting USB sticks to customers trains them to be at ease using a much easier attack vector:

https://shkspr.mobi/blog/2016/02/bmw-are-sending-their-software-updates-unencrypted/

and hopefully when BMW get around to complying to the GPL, we will see that the critical stuff is suitably protected: https://gist.github.com/duncan-bayne/fc3213d4a0eabb70bb1e

-- 
Derek M. Jones           Software analysis
tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com
_______________________________________________
The System Safety Mailing List
systemsafety_at_xxxxxx
Received on Thu Mar 03 2016 - 16:29:24 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:08 CEST