DigiNews

Summary

The piece reports a vulnerability in 10th-gen Honda Civic headunits where the AOSP test key remains in the update path, allowing arbitrary code execution via USB with physical access. It coins the attack 'EvilValet', describes supporting tooling (ota-builder, apk-rebuilder), and calls for contributors while noting the need for careful handling of updates and potential mitigations.