End of life
The product has reached its end of life. Now, you can rest assured that no one can attack your system, right? No – even when you are ready to bury that product in its final resting place, you must take care of active assets that may be “exhumed” by a determined attacker who wishes to launch attacks against the other still alive and functioning products. For example, intellectual property, or user private data, may still be accessible in a vehicle that is slated for the junkyard. It is common for hobbyists to buy such parts on eBay, so products must have procedures for transitioning such systems into a secure state in which the assets cannot be exposed. This can be achieved by invoking routines that randomize secret keys or wipe user secrets. End-of-life preparation must also include change of ownership events. An OEM must provide procedures for the removal of personally identifiable information (PII) when a change of ownership occurs:
