Security News > 2023 > March > Gone in 120 seconds: Tesla Model 3 child's play for hackers
In brief A team of hackers from French security shop Synacktiv have won $100,000 and a Tesla Model 3 after subverting the Muskmobile's entertainment system, and from there opening up the car's core management systems.
In the US, the Office of Inspector General of General Services Administration, issued a redacted report [PDF] earlier this month that found the government agency had misled its customers and other government agencies by telling them that Login.
If done remotely, when physical comparison is not an option, IAL2 requires biometric comparison.
According to the OIG report, "18 of Login.gov's 22 interagency agreements executed from September 18, 2018 to July 7, 2021 stated that they included IAL2 services that met and/or were consistent with the IAL2 requirements." But Login.
The report says IAL2 non-compliance was a matter of discussion as early as 2019.
That plan, the OIG report says, "Omitted any mention of the duration and nature of Login.gov's noncompliance with NIST's IAL2 requirements." It concluded "GSA knowingly billed customer agencies over $10 million for services, including alleged IAL2 services that did not meet IAL2 standards." .
News URL
https://go.theregister.com/feed/www.theregister.com/2023/03/27/in_brief_security/