this post was submitted on 27 Mar 2024
938 points (99.4% liked)

Technology

58303 readers
13 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 27 points 8 months ago* (last edited 8 months ago) (2 children)

I guarantee you keyless start cars aren't more secure because of paired parts. The encryption for the fob's signal isn't the result of a paired part.

[–] [email protected] 4 points 8 months ago

Particularly as a lot of newer thefts just use an amplifier to boost the key signal, and fake the key being in the car. Part pairing wouldn't help at all there.

[–] [email protected] -2 points 8 months ago (1 children)

Define more secure. More secure than what? A non-keyless entry car of the same year and model? A car from ten years ago that doesn't have parts and modules that do a handshake and will immobilize the vehicle if the system is tampered with?

[–] [email protected] 1 points 7 months ago (1 children)

I'm not arguing that it is more secure. That's what others said. I'm arguing it is a non-factor in security. Nearly unbreakable encryption methods exist without any reliance on physical part-pairing. The only benefit from it is the manufacturer profiting more off of it as users become more reliant on the manufacturer in case of device failure and replacement.

[–] [email protected] 0 points 7 months ago* (last edited 7 months ago) (1 children)

I think the immobilization is key here and not something I would trust from any third party. If a third party has access to the encryption method, so does a hacker with the right tools.

Additionally, it's configured to the VIN specifically so you can't steal or buy genuine parts with a key you have access to and swap them into a vehicle that those parts don't belong to. Chop shops have the ability to do this in the event that these modules aren't configured properly and don't require the right validation from other modules.

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago) (1 children)

Encryption can be done purely between first and second party if you want to rely on the manufacturer for some reason, or if you're really the complete owner you should have full access to the vehicle's systems via physical connection and credentials. There is no need for third parties, for a comparison you don't just give out your email account access or computer password do you?

[–] [email protected] -1 points 7 months ago (1 children)

The government doesn't as heavily regulate your email password or computer. The government does regulate automakers and the vehicles they produce. Included safety and security regulations.

[–] [email protected] -1 points 7 months ago* (last edited 7 months ago) (1 children)

So you're implying Google Email is not secure? You think that because your computer is not physically paired to a google server that the Google encryption can easily be cracked, or that vice versa it couldn't be if it were?

If those are your stances, then you are wrong on all accounts.

[–] [email protected] -1 points 7 months ago* (last edited 7 months ago) (1 children)

What in the straw man argument. Your email doesn't drive on public roads you moron. What are you even talking about.

And if you want to completely own a motor vehicle buy and build a kit car. And the.n go get it inspected because the government won't let you drive it on the road until you can prove it's road worthy.

[–] [email protected] -1 points 7 months ago (1 children)

You said that part pairing is a security measure due to regulation which computers don't have, so that means you think that computers are less secure because they are less regulated, right? Part Pairing is not a security measure, encryptions without part pairing are just as secure.

[–] [email protected] -1 points 7 months ago (1 children)

Lol. That's a poorly worded excuse for a come back that doesn't make an actual point and puts words in my mouth I never said. Additionally it adds meaning to the words I did say that don't make any sense.

Further, since your computer is in fact fairly insecure (look up how easy it is to just completely bypass windows and install Linux) I wouldn't be opening myself up to further arguments in this vein if I were you. Emails get hacked all the time. It's literally a scammers paradise. Know one of the things that prevents spear phishing and other attacks? A physical security key. Or multi factor authentication. What are you even on.

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago) (1 children)

If you think it's so easy to break AES-256 then feel free to prove it. The whole world would be amazed at your feat. Clearly all other forms of security are meaningless in the face of paired parts, right?

[–] [email protected] 1 points 7 months ago (1 children)

Was that my claim? Did I claim this was the only way? Nope. Never claimed that.

[–] [email protected] -2 points 7 months ago

It's not even a way. Because it's not a security measure.