To be slightly fairer to them, my understanding is that they pulled updates over TLS.
Tesla only implemented code-signed updates *now*? WTF? What is this, the 90s? https://www.wired.com/2016/09/tesla-responds-chinese-hack-major-security-upgrade/ …pic.twitter.com/QSzceZoGgB
-
-
-
But you are correct in saying that not signing firmware updates is a mistake they should remedy with haste/
End of conversation
New conversation -
-
-
crazy! I was sure they did use such widespread technique already.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
automotive is far behind that. They still use crc32/md5 to validate an image. They are moving now the industry to "secure" world.
-
i've found sha256 in some updates pushed by auto manuf
- Show replies
New conversation -
-
-
@Daeinar "it's only a car. What could possibly go wrong?" (He could have said)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Maybe the developers are all Mac users where code-signing seems to be a foreign concept.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I have the feeling that something or someone didn't allow them to sign the updates until now...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.