> Opening random cars is probably a crime, but do we have reason to believe they weren't testing on their own car?
Yes, we do, since one of their videos are labeled "field test" which I presume means "testing random vehicles found in the wild".
> We have successfully tested the latest models of Honda vehicles. And we strongly believe the vulnerability affects all Honda vehicles currently existing on the market. Please see the field test video down below.
> so I think any decent court should see that they're operating in good faith [...] A bad court may sentence them regardless
I hope so too, for the sake of the authors. Overall, they did the only thing they could do in this situation, since Honda doesn't seem to be receptive to security disclosures at all.
Given that the author(s) live in China and has been doing similar tricks for like, forever. I don't think most of the "crime" or "court" things in this thread make any sense to them.
Yup, not necessarily good, just I don't see them in immediate trouble.
Laws are lacking for these cases in China, OTOH you don't face fair judgement if someone decided to f-u :( see WooYun[1] for an example. tl;dr China had their own HackerOne/BugCrowd and it's even founded earlier than both, only to have it killed in 2016 because it annoyed the wrong guy.
Yes, we do, since one of their videos are labeled "field test" which I presume means "testing random vehicles found in the wild".
> We have successfully tested the latest models of Honda vehicles. And we strongly believe the vulnerability affects all Honda vehicles currently existing on the market. Please see the field test video down below.
https://rollingpwn.github.io/rolling-pwn/video/Demo-Video-Fi...
> so I think any decent court should see that they're operating in good faith [...] A bad court may sentence them regardless
I hope so too, for the sake of the authors. Overall, they did the only thing they could do in this situation, since Honda doesn't seem to be receptive to security disclosures at all.