[twodave]

The manufacturer should maintain a root cert that can be used. If that root cert is compromised then they should have a way of rotating keys if the vehicle and physical keys are present. Breaches then constitute what amounts to a software recall, putting the onus on the manufacturer to report them or be held liable for thefts. The recall notice puts the liability on the driver to have their vehicle updated (for free) in a timely fashion.

[kube-system]

To do that, we'd probably need to accept one of these as a consequence:

1. all cars must be internet connected so they can pull CRLs

2. dealers and locksmiths are no longer able to replace keys, you will have to ship the car back to the manufacturer if you lose your keys.

Because there's no secure way to hand out the root cert to the thousands of organizations authorized to replace keys today.

[acdha]

The situation doesn’t need to be as strict as #2: you could have a way for a registered service shop to get a per-device rekey by shifting some liability to them. Making it per device prevents bulk usage and an active communication with the manufacturer would mean the cops could ask the owners of a shady auto shop some questions when 80% of the stolen cars in the area are being rekeyed at a place the owners have never been to. I lost a car key once and the locksmith who showed up checked my drivers license against the title database because he could have been penalized for unlocking a vehicle without doing so - we could make the same model work electronically because while car thieves are anonymous, legitimate repair shops have a business presence and reputation to preserve. Even someone amoral isn’t going to look the other way for something which will cost them their primary revenue stream.

[kube-system]

I don't think that the dealer equipment being used to steal cars today is coming from dealers where management is knowingly engaging in car theft. It is other people who are misusing those tools. There are many hundreds of thousands of people who work at dealerships, and many do not care about their employers reputation. Also, many dealerships are broken into.

[acdha]

Yes, which is why I suggested a combination of measures to change that. An active per-device transaction would make it clear when a dealer’s access is being misused, and if it affects their business viability it would turn out that they could do a better job of controlling access. Hundreds of thousands of people work at banks, too, and many of them do not care about their employers but thefts from customer accounts are rare because the companies are incentivized to set appropriate safeguards. There’s no reason why car repairs couldn’t be the same other than that it costs more than what they’ve been doing, and there aren’t strong enough incentives for them to take on those costs.

[kube-system]

What would that look like in reality? Expecting dealerships to have the same physical security, procedures, and security vetting of a bank? There's already a shortage of workers in these roles, now we want the guys busting their knuckles on vehicle repairs to have a good credit score and good background check and perform elaborate opening and closing procedures with a buddy system? Storing tools in a vault?

I really don't see how any of this is merited or reasonable, especially when the vast majority of the cars being stolen in my neighborhood are either stolen with the keys or with a tow truck.

[jasomill]

Require resets to be initiated and authorized by the F&I department, whose security and KYC processes should already be substantially similar to those of other institutions that regularly approve $50,000+ loans.

[acdha]

Simply requiring the dealers to take seriously ownership validation and track which workers used the reset system (no shared logins, etc.) would do most of it.