The Shoddy State of Automotive Wireless Security 260
angry tapir writes "Researchers from Rutgers University and University of South Carolina have found that wireless communications between new cars and their tires can be intercepted or even forged. While the potential for misuse may be minimal, this vulnerability points to a troubling lack of rigor with secure software development for new automobiles, said Wenyuan Xu, a computer science assistant professor at the University of South Carolina, who was a co-lead on the study. The researchers will present their findings at the Usenix Security Symposium, being held this week in Washington DC."
Probably the right design choice (Score:5, Insightful)
If the potential for misuse is minimal, then it's only common sense to make the tire communications simple and easy to troubleshoot, and to assign the security people to work on something that matters.
Re:Disconnected from reality... (Score:5, Insightful)
I wonder however if a bad pressure signal could be forged, forcing the car to stop ?
Re:Probably the right design choice (Score:4, Insightful)
Tracking is NOT an issue (Score:4, Insightful)
The issue described in the article is that you can identify the tires by their RFID tag. This means that you could track cars. The article completely fails to mention that you ALREADY HAVE A FUCKING LICENSE PLATE ATTACHED TO YOUR CAR! The license plate is a unique identifier required by law on all motor vehicles. Anyone who wants to prove you visited location XYZ is simply going to use a $20 camera and get a shot of your license plate. Yeah, getting readings with RFID is a little easier then setting up a camera and some plate scanning software, but neither one is very hard for someone who wants to track you.
As for "confounding" the control unit, that's not a problem with security, that's a problem with the fucking control unit. The article mentions that once they sent false data to it, they couldn't get the thing to work correctly even after rebooting it. Any device that can't handle junk data is worse than useless. Something being intolerant of noise is not a security problem, it's a stupid engineer problem. Sure, it might not function while you're jamming it with garbage, but if it fails to work after a reboot then you've done something seriously wrong.
Re:Lets skip to the heart of the matter (Score:4, Insightful)
"a complicated non-electronic system called 'THE DRIVER" would monitor the state of the car and act appropriately "
Is that the system that is unable to differentiate between gas and breaks in a Toyota?
Re:Lets skip to the heart of the matter (Score:2, Insightful)
Over past decades there has been a continuous fall in fatalities per mile driven. This is, to a large extent, due to continuous small improvements, of which this is one. Of course you may be savvy enough to keep your tires properly inflated - but the average Joe Public isn't - or at least 10% of Joe Public. And properly inflated tires reduce the risk of accidents, in which Joe Public can kill not only himself but also you. You may, indeed, be an above average driver (like 90% of the population, in their opinion) but most people (in real tests) are not.
Incidentally, you didn't specify synchromesh, windscreen wipers, indicators, damped suspension, automatic ignition timing... Once upon a time, cars didn't have these. Have you ever driven a car from the 1920s? Would you know how to double-declutch and when to use the ignition advance retard? What you are saying is that cars don't need the improvements since you started driving - a version of the "Good Old Days" fallacy.
Re:Lets skip to the heart of the matter (Score:5, Insightful)
You might think you don't need ABS, but as another driver on the road, I'd prefer you had it. I'd prefer it a lot.
I don't care if you think you can pump the brakes well. ABS can pump them a lot faster, and it can do something you can't ever do without drastically changing the controls design: it can pump the brakes individually by wheel.
If the only danger was you sliding off a curve into a a tree or ravine after losing your steering, I'd say, "Go for it, we can always use less people." But it's not. There's also the danger of you not being able to avoid an accident with me, and I like being alive!.
Please be considerate of your other drivers.
Re:Lets skip to the heart of the matter (Score:3, Insightful)
This may seem old-fashioned but for nearly a century a complicated non-electronic system called 'THE DRIVER" would monitor the state of the car and act appropriately when a deflating tyre is detected.
Your strategy is fine for racing vehicles, but ABS provides additional safety to those who do not believe it to be magical and disable switches are very easy to implement since all ABS fails to simple brakes. Meanwhile, we have run-flat tires that can go flat so graciously that you don't even notice until you try to make a 90 mph curve on one, and they CERTAINLY enhance vehicle safety (being less vulnerable to blowouts, let alone leaving you stranded on the uphill of the Bay Bridge in the left lane or something like that.
Airbags save lives, and events beyond your control happen all the time in motoring. You can be as cocky as you like, but suggesting that these safety features are unuseful is ridiculous at best. And as to your decent stereo, doesn't that interfere with your monitoring of a car that has no monitoring equipment?
Re:Probably the right design choice (Score:3, Insightful)
Certainly resources need to be allocated wisely however when the device crashes due to invalid inputs, that is at best annoying, at worst very expensive to repair.
Never attribute to incompetence that which can be explained by greedy self-interest. The auto manufacturers and dealeer make money off these defective devices. I call foul.
Re:Lets skip to the heart of the matter (Score:5, Insightful)
I hate this neo-luddite position people take when any little thing goes wrong. Your dream car is my nightmare death-trap car. I want airbags, ABS, wireless tire gauges, proximity sensors, ability to pull codes from computer, etc. I suspect most people do. If you want a specialized custom car, then built it yourself, but don't pretend your simplistic car needs speak for anyone else but yourself.
Not to mention its foolish to throw the baby out with the bathwater. I remember people like you when the web started to become popular. "Oh who needs this crap, I already have TV and the newspaper!"
I'm probably older than you and I certainly remember the PITA carburetors were compared to fuel injectors. Heck, my dad had to deal with vapor lock. When was the last time you needed to rebuild a carburetor or wait out vapor lock? I think you're just spoiled by the technology you decry.
Re:Lets skip to the heart of the matter (Score:5, Insightful)
If you had regular brakes, the wheels would have locked and you would not be able to steer at all. You would have slid into the other car. You only have control when the tire is gripping the road.
Re:Lets skip to the heart of the matter (Score:3, Insightful)
A good driver cannot ever hope to lock and unlock the brakes with full force faster than the ABS computer.
Claiming to be able to do otherwise would win the "hubris of the millenium" prize.
A proper ABS computer and system can not only lock and unlock the wheels within milliseconds (which would be suboptimal anyway) but keep the whole car at THE maximum brake power that is physically possible while keeping the vehicle able to steer - during the whole process, on all surfaces, at 4am, after a 10-hour work shift in the factory, with no startle response, not scared to fully apply all power available.
Maybe I've just never met a "good" driver by your standards, but chances are the guy in that car sliding into you wasn't one, either.
Please don't blame it on the ABS if you're approaching the intersection too fast for the given road condition. This would only show you're probably not a good driver and/or unaware of the http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect [wikipedia.org]