Comment by spacebanana7
Comment by spacebanana7 18 hours ago
One thing I would’ve liked about an Apple car is the security. Imagine FaceID, secure enclaves and MFA. An iPhone on wheels would be immune to most, if not all, of these attacks.
Comment by spacebanana7 18 hours ago
One thing I would’ve liked about an Apple car is the security. Imagine FaceID, secure enclaves and MFA. An iPhone on wheels would be immune to most, if not all, of these attacks.
And then how do I loan it to a friend without the rigamarole of adding them as an authenticated user?
What if I'm not able to add them as an authenticated user or authentic myself to let them drive, e.g. I'm injured or very drunk?
I imagine the same way you share a key for a HomeKit-enabled smart lock.
The only scenarios where one is so injured and/or drunk as to not be able to complete the non-rigamarolish process of sharing a HomeKit home key either by doing it themselves or walking someone through the process are ones where the key holder is so incapacitated that they would be unable to share a physical key.
All of that is someone irrelevant because Express Mode is enabled by default, so if you are unconscious all a person has to do is pull your phone out of your pocket and use it to unlock and start your car the exact same way physical keys work in that situation. It even works if the phone's battery is dead.
https://support.apple.com/en-us/118271
Also, every implementation of CarKit Car Keys I have seen is the same as HomeKit home keys: there is a backup. Either a physical key, PIN, fob, or card.
> non-rigamarolish process of sharing a HomeKit home key
I have not used homekit, but from some searches it only seems to be a non-rigamarole process to add someone as a homekit user if the other person has an apple device? Also, is the Internet required to enroll someone?
> ones where the key holder is so incapacitated that they would be unable to share a physical key.
I don't need to be conscious or my phone have battery (or reception) to have someone take a key from my pocket.
> Also, every implementation of CarKit Car Keys I have seen is the same as HomeKit home keys: there is a backup. Either a physical key, PIN, fob, or card.
I was responding to gp who wanted none of this as it all defeats the security they desired. A 1-factor physical authentication token as a backup would be suitable for nearly all edge cases I can think of. As long as the person carries it, but then we are at worst where we are today, at best I could potentially authenticate or add someone from afar.
I'm not saying that smart locks aren't useful, just that they can't only be "smart", which I assume you would agree with since you brought up things currently having backup methods?
> And then how do I loan it to a friend without the rigamarole of adding them as an authenticated user?
By making adding an authenticated driver not a rigamarole, but easy and intuitive.
> What if I'm not able to add them as an authenticated user or authentic myself to let them drive, e.g. I'm injured or very drunk?
They call you an ambulance.
In the future?
They call 911, and they read the license plate number and the authorities send an override signal that turns on the car and only allows it to be driven to the nearest hospital that appears on the screen on the console. If they go off course, they have 30 seconds to get back on course before it coasts into a 5mph limp mode (to find a safe place to pull over) for 1 minute before it completely stops and shutsdown and locks them inside for the police to come get them.
Eh, the car will probably be self-driving at that point, so probably only the first half.
The last thing I want to see on any car is the ability for the government to just remotely hijack random cars. Not just because cops already and routinely abuse their privileges (imagine some crazy police officer doing that to their ex girlfriend!), but also because any such capability can and eventually will be abused by malicious actors. Think of the usual "for the lulz" trolls, organized crime rings involved in looting people, or nation-state enemies.
> By making adding an authenticated driver not a rigamarole, but easy and intuitive.
We'll have to agree to disagree. I don't believe that this will be possible in many situations. What if I'm not near my car? What if my phone is dead? What if my car's battery is dead and it needs jumped?
I'm also just cynical that the automakers or app developers are able to not enshittify the process.
What if when I set my wife up I added her as a user but not admin and now she can't share with someone without having to involve me, which may not be physically possible in all circumstances.
> They call you an ambulance.
You don't call an ambulance to take a drunk person home. Calling a taxi when there is someone able to drive is a waste of money and a huge inconvenience the next day to retrieve the car.
You also can't call an ambulance in the wilderness.
I also meant injured in a more broad sense. What if I just have a bad headache or migraine? I don't want to be fumbling with my phone or car electronics trying to navigate adding someone.
Which makes you dependent on a third party, that doesn't necessarily have the motive to keep it updated. Having a mobile as a secondary key is a better idea, my Polestar 2 has keys, but also an app that can use Face ID (or the equivalent Android security measure) to drive the car. Once the app is set up you don't need to carry the physical keys.