**** BEGIN LOGGING AT Wed Mar 22 03:00:02 2017
Mar 22 03:10:48 <pabs3> https://blog.jolla.com/wrapping-up-mwc-2017-jolla/
Mar 22 06:13:44 <PaulFertser> DocScrutinizer05: I know they released a "new version" but so far it seems it's nowhere as sturdy.
Mar 22 09:27:31 <PaulFertser> https://motherboard.vice.com/en_us/article/why-american-farmers-are-hacking-their-tractors-with-ukrainian-firmware
Mar 22 15:17:02 <DocScrutinizer05> LOL
Mar 22 15:17:17 <DocScrutinizer05> so sad, despite being funny
Mar 22 15:18:54 <DocScrutinizer05> I worked a lot for automotive, it's a really nasty industry
Mar 22 15:22:07 <DocScrutinizer05> and I'm pretty sure it's not only John Deere, but every contemporary Tesla or VW or Chevy or Honda has exactly same shit going on
Mar 22 18:15:50 <PaulFertser> DocScrutinizer05: I think you can replace most of the parts without any special software procedures with regular cars, so it's really outstanding.
Mar 22 18:16:00 <PaulFertser> And cars support standard OBD-II.
Mar 22 18:17:05 <DocScrutinizer05> Deere also wouldn't notice you replacing components that are not equipped with a MCU and linked to the CANbus
Mar 22 18:17:24 <PaulFertser> :)
Mar 22 18:17:55 <PaulFertser> But with regular cars you can replace the whole ABS unit and I do not think it won't be automatically accepted.
Mar 22 18:18:12 <DocScrutinizer05> arguable
Mar 22 18:18:25 <DocScrutinizer05> not sure about that nowadays
Mar 22 18:18:56 <DocScrutinizer05> manufs tend to authenticate *everything*, for thenft protection measures
Mar 22 18:19:10 <DocScrutinizer05> theft*
Mar 22 18:19:59 <DocScrutinizer05> otoh all the connected stuff has more and more vulnerabilities
Mar 22 18:22:14 <PaulFertser> I'm kinda glad my motorbike has just electronic part, the one to produce constant voltage on the bus, and that's it.
Mar 22 18:22:30 <DocScrutinizer05> and particularly ABS I'm not sure how much that already is integrated into automatic parking assistant etc, so it well might be protected by auth as well
Mar 22 18:23:35 <PaulFertser> OTOH, I have to admit I'd prefer to have ABS.
Mar 22 18:23:39 <DocScrutinizer05> not only automatic parking, also distance radar, slip/grip control, whatnot else
Mar 22 18:29:53 <DocScrutinizer05> http://www.weika.eu/papers/WolfEtAl_SecureBus.pdf plus a lot more, not easy to google for good stuff
Mar 22 18:34:34 <DocScrutinizer05> https://www.escrypt.com/fileadmin/escrypt/pdf/Whitepaper/OBD_Open_Barn_Door_Security.pdf
Mar 22 18:46:19 <DocScrutinizer05> I wish the manufs would adopt a scheme with pre-shared-key that is printed into the car papers (which are not supposed to be stored in the car). So user could set the psk of new spare parts (and change the psk of used parts, given they know the old psk, they also could access all the diagnostic menus using that psk. And all parts would communicate using encryption based on that psk, so attack and part theft would be protected 
Mar 22 18:46:21 <DocScrutinizer05> but user freedom not compromised
Mar 22 18:50:48 <DocScrutinizer05> and you even could use same psk in your ignition key transponder
Mar 22 18:54:38 <DocScrutinizer05> manufs just have to resist the temptation to implement a second "universal key" for their factory and service, also any means to "reset to factory default" any part by attaching a service cable or jumper/pushbutton
Mar 22 19:06:46 <DocScrutinizer05> but yeah, John Deere obviously mixed theft protection, attack protection (aka security), supposedly user configurable (should be) settings and settings about system operation like engine operational parameters. And then decided they simply protect them all with a Deere key that's not supposed to be avaulable to end users but obviously got cracked or leaked
Mar 22 19:51:44 <DocScrutinizer05> probbaly they also did the more and more popular "locked features" approach that asks for payment to get existing functions unlocked (like double the RAM in Rigol scope)
Mar 22 19:52:34 * DocScrutinizer05 will never understand _that_ bullshit concept
Mar 22 19:54:52 <DocScrutinizer05> feels so terribly wrong to sell hardware that's locked and never used in 95% of devices, just to make more bucks from the 5% customers that are willing to pay for unlocking it
Mar 22 20:03:56 <PaulFertser> There's such a PSK used for some multimedia systems, and yes, the manufacturer prints it in the manual and you can sell your unit or buy another one.
Mar 22 20:22:03 * DocScrutinizer05 is a huge fan of "if you *really* want to unlock the service mode settings menu and thus accept the partial void of warranty gets permanently stored to the device as explained in the user manual, please enter the keycode printed in your device identity card"
Mar 22 20:26:41 <DocScrutinizer05> it's no big thing to delete a hidden magic cookie in flash when user enables service mode, to make sure manufacturer has a tamper proof evidence for rejecting warranty service of defects caused by e.g overclocking of CPU, tuning of car engine, whatever
Mar 22 20:44:57 <DocScrutinizer05> multimedia is *special* since it been infested with "trusted computing environment requirements" since several years now
Mar 22 20:45:29 <DocScrutinizer05> colloquially "copy protection"
Mar 22 20:46:43 <DocScrutinizer05> content providers managed to enforce that shit into hardware platforms
**** ENDING LOGGING AT Thu Mar 23 03:00:02 2017