[bdelay]

I agree, but I don't have a consulting-firm/reputation/team of lawyers etc. to hide behind. Reporting flaws to companies related to embedded is often still scary today.

The point of this is that hey, this isn't actually that hard if you're willing to put in the time. If you're moderately talented, you can probably learn it too!

As opposed to the standard exploit write-up/security conference circuit thing, where a lot of the details are kept secret and it seems like the entire point is to make other people think you're cool instead of teaching something. :)

[burfog]

Getting things patched is awful. A reasonably simple thing I'd like is to secure myself against meddling by Subaru. That includes updates I don't agree with and tracking of my vehicle.

Disabling the network connection would pretty much stop the tracking. Alternately, disabling GPS would work. Anybody worried about both stored data and about cellular companies reporting tower locations would need to disable both.

Undesired updates can mostly be stopped by disabling the network connection. Dealer service could be trouble; they might do an update without asking for my permission. Scrambling the crypto keys would probably stop the dealer service people from making updates.

Some of the above would also be needed to keep Subaru from uploading camera data taken in my garage. As it is now, Subaru could be watching me in my house!

So, take the above as the high-priority goals.