Adam Shostack :donor: :unverified: on Nostr: I find myself really irked by the headline here. The problem is not a "simple website ...
I find myself really irked by the headline here. The problem is not a "simple website bug", the problem is that they wrote thousands of lines of code without ever thinking about what the trust boundaries are, or should be.
This is a massive design flaw. The idea that cars should be controllable from some mothership is bizarre (and not needed for app control - have a digital signature from the mobile device). The idea that cars are enrolled even if the user didn't set up an account is similarly broken. This isn't a "simple website bug" but a massive failure to consider the security implications of features.
This is a massive design flaw. The idea that cars should be controllable from some mothership is bizarre (and not needed for app control - have a digital signature from the mobile device). The idea that cars are enrolled even if the user didn't set up an account is similarly broken. This isn't a "simple website bug" but a massive failure to consider the security implications of features.