> This is the thing that all the manufacturers always refer back to when it comes to IT-security of cyber-physical systems: there is an isolation they say, the air gap between connected and physical parts of these systems.
> [the] multimedia system’s controller itself can’t communicate directly with CAN bus, it actually can communicate with another component which is connected to CAN bus, the V850 controller
That... that's not what an air gap is. Usually I'm forgiving about security that's fudged, since it's hard and marketing and higher-ups rarely understand. That's the entire point of an air gap: there isn't anything to understand, it's a physical disconnection. It's either plugged in or it's not.
When asked "is there an air gap", if the answer is no and you answer yes then you're lying in the most blatant and bare-faced way I can imagine. It's like saying "that car is four wheel drive" when it's only two wheel drive, or saying "that car has an 18 gallon tank" when it has a 7 gallon tank.
> [the] multimedia system’s controller itself can’t communicate directly with CAN bus, it actually can communicate with another component which is connected to CAN bus, the V850 controller
That... that's not what an air gap is. Usually I'm forgiving about security that's fudged, since it's hard and marketing and higher-ups rarely understand. That's the entire point of an air gap: there isn't anything to understand, it's a physical disconnection. It's either plugged in or it's not.
When asked "is there an air gap", if the answer is no and you answer yes then you're lying in the most blatant and bare-faced way I can imagine. It's like saying "that car is four wheel drive" when it's only two wheel drive, or saying "that car has an 18 gallon tank" when it has a 7 gallon tank.