Honda Civics and Installing Software With Android Test Keys

Eric McDonald discovered that the 2021 Honda Civic's Android-based infotainment system can be updated via USB using standard AOSP test keys left on the file system. The EvilValet attack allows anyone with physical USB access to run arbitrary code signed with these keys. The vulnerability may affect other Android-based systems.