Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Transportation

Ask Slashdot: Buying a Car That's Safe From Hackers? 373

An anonymous reader writes: I'm in the market for a new car, and I've been going through the typical safety checklist: airbag coverage, crash test results, collision mitigation systems, etc. Unfortunately, it seems 2015 is the year we really have to add a new one to the list: hackability. Over the past several weeks we've seen security researchers remotely cut a Corvette's brakes, shut down a Tesla's computer, unlock a bunch of cars, intercept Onstar, and take over a Jeep from 10 miles away.

So, how do we go about buying a car with secure systems? An obvious answer would be to buy a car with limited or archaic computer control — but doing so probably comes with the trade-off of losing other modern safety technology. Is there a way to properly evaluate whether one car's systems are more secure than another's? Most safety standards are the result of strict regulation — is it time for the government to roll out legislation that will enforce safety standards for car computers as well?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Buying a Car That's Safe From Hackers?

Comments Filter:
  • 65 VW Bug (Score:5, Insightful)

    by Anonymous Coward on Monday August 17, 2015 @11:33AM (#50332301)

    Safe from EMP as well.

    • Re:65 VW Bug (Score:5, Insightful)

      by theNetImp ( 190602 ) on Monday August 17, 2015 @11:36AM (#50332335)

      my thought as well, go back to a carburetor based non-computer timed car from the 60/70s/80s

      • my thought as well, go back to a carburetor based non-computer timed car from the 60/70s/80s

        Guess that depends on what price you put on the risk of being hacked.

        At some point, the higher insurance premiums for driving around a relic that lacks pretty much all modern safety features may not be worth the trade off.

      • Re:65 VW Bug (Score:5, Interesting)

        by Technician ( 215283 ) on Monday August 17, 2015 @12:13PM (#50332673)

        I'd be more interested in an added toggle switch that would power down all RF modems including bluetooth,hands free entry, etc. When in a target rich environment such as attending Defcon, the car could enter radio silence. A physical key should still work.

      • Re:65 VW Bug (Score:4, Insightful)

        by thrich81 ( 1357561 ) on Monday August 17, 2015 @01:49PM (#50333709)

        Does anyone around here remember DRIVING those carbureted, non-computer cars? Or worse, keeping them tuned up? I did both, along with major hotrodding, including engine swaps, camshaft swaps, carburetor swaps. Compared to the new cars they ran like cr*p. They barely started when it was cold or hot. They had weird idle and off-idle characteristics. They had very little power for the engine displacement. Worried about hackers shutting off your engine or brakes on your new car? -- well in the old days the cars did that all by themselves! Engines shutting down while driving -- yep, it happened, brakes failing while going down hills -- yep, it happened. Power steering fail while driving -- that happened, too. Those things happened with regularity. I recently helped with the purchase of a '68 Cougar with a small block V8 (302 CID) for a friend of mine -- upon driving it both of us said, "What a death machine" -- poor acceleration, poor braking, poor handling compared to the new cars we have (I'm driving a Honda Fit!). Yeah, everyone remembers the awesome big block muscle cars of the '60s, except they don't really remember them. I do, I had several. They were fun, but not very high performance compared to now. Check the magazine tests of the time.
        If you want a decent car with no outside computer connectivity then your best bet is probably something from the mid-90's to around 2010, I would guess.

      • by sudon't ( 580652 ) on Monday August 17, 2015 @03:17PM (#50334413)

        I'd stay away from the 80s, and the latter half of the 70s. Not Detroit's best years. If you can afford a new car, you can afford any babied car from the 60's. Not only will you not have to worry about being hacked, or your computer choking, but you will look cool-as-fuck driving it. You'll have a car that can be picked out in a parking-lot, because it won't look like every other car there. Get one with bench seats - you'll have room for love-making. Don't forget, these cars we think of as hot rods today were the family cars of the 60s. Our family car, when I was a kid, was a '67 Impala. Nobody thought it was anything special then, but when you compare it to today's cars, it looks like a work of art.
        You're worried about safety? Don't. We jammed the seat belts under the seats, and forgot about them. We did just fine without all that "safety" junk. Simply having a fine car will make you, and everyone around you, better drivers. Everyone respects a beautiful car from the sixties, and they'll respect you for having the good taste to own one. Crank the windows down, light a Lucky, put on your shades, crack a beer, and feel the power of an eight-cylinder, carbureted, Detroit engine under your feet!

        Sorry, got a little carried away... But yeah, anything made before 1974!

    • Re:65 VW Bug (Score:4, Informative)

      by bobbied ( 2522392 ) on Monday August 17, 2015 @12:02PM (#50332563)

      Safe from EMP as well.

      ANY car made today is going to be safe from EMP. They did a test a few years ago and found that out of 12 vehicles subjected to EMP events similar to what would be experienced form a nuclear device outside of the immediate blast damage area, only TWO showed any signs of being affected in any way. Both of those vehicles where "fixed" by turning the key off and then restarting them.

      I conclude from this study that modern vehicles are pretty much immune to EMP for the most part. Most would not even notice the pulse and just keep going down the road. Some (Say 10%) would stop running and the majority of those would restart after being powered off. Chances are the number of vehicles needing repairs would be less than 1%.

      So.... Just own two vehicles of different makes and chances you will be just fine.. At least as far as immediate transportation is concerned. Having electrical power at home IS going to be a problem though...

      • Re:65 VW Bug (Score:5, Insightful)

        by Andy Dodd ( 701 ) <atd7@@@cornell...edu> on Monday August 17, 2015 @12:04PM (#50332589) Homepage

        Yeah. Automotive electronics are designed to be pretty EMP-resistant from the beginning because the ignition coils produce what amounts to small EMPs - and they're connected to the power rails!

        Automotive engine compartments are one of the most electrically noisy environments out there.

        As far as a "hacker-safe" car - buy a car WITHOUT those snazzy remote management features like uConnect/OnStar/etc. All of the remote compromises out there have used those "it's not a bug, it's a feature!" attack routes.

        • Yeah. Automotive electronics are designed to be pretty EMP-resistant from the beginning because the ignition coils produce what amounts to small EMPs - and they're connected to the power rails!

          Though they're nowhere as hostile an environment as a diesel-electric locomotive - which switches megawatts of electric power and gets REALLY HOT when running across a desert in the summer. B-)

          After the early EMP experiments killed the experimenters' cars' early electronic ignition systems - in the parking lots (whic

        • OnStar is easy to disconnect. On my car I simply opened up the trunk and disconnected 2 exposed cables, no tools required. They may have changed that though, I have a 2009 model.

          I remember seeing a forum post from someone asking how to disconnect OnStar when it first came out and people ridiculing the user as a conspiracy theorist nutjob. Later it was revealed that onstar sold data to local police which lead to an influx of people searching how to disconnect it and seeing that as the first result.
      • This is very interesting. Do you remember the name of the study or have a link you can refer me to?

        The obvious question is how and why this happened. Are computer chips being shielded? Did EMP only affect transistors and vacuum tubes and no one realized it? Or have we switched to smaller parts that are less affected by the wavelengths involved?

        • Re:65 VW Bug (Score:4, Insightful)

          by bobbied ( 2522392 ) on Monday August 17, 2015 @12:37PM (#50332935)

          You test EMP by using large voltage spikes. What are spark plugs run with? High voltage spikes.... Stands to reason that a generally well shielded set of electronics inside a metal box which was designed to generate high voltage spikes on purpose, would tolerate an EMP from an external source fairly well.

          See Page 115 and following:

          http://empcommission.org/docs/A2473-EMP_Commission-7MB.pdf

          Apparently their testing involved 37 vehicles with approximately 10% showing signs of being upset by strong EMPs and nearly all of those not permanently damaged by the pulse.

    • by plopez ( 54068 )

      Though not a lot of crash survivability. Personally I am an avid bike commuter. I chose my job and living locations around it. Or you might try one of these:
      http://media.photobucket.com/u... [photobucket.com]

  • Classic FUD (Score:3, Informative)

    by Ecuador ( 740021 ) on Monday August 17, 2015 @11:40AM (#50332363) Homepage

    Unless you are someone important, people won't spend the significant effort required to hack your car. I would say you can probably avoid the seemingly quite inept "classic" US manufacturers, especially if you don't plant to do the usb upgrades etc that they might require if a remote exploit is found, but still it should be a minor concern. Ok, if you are paranoid get a Tesla, researches spent TWO YEARS and they ended up with an exploit that required physical access to a port inside the car, could at most turn of your engine (very gracefully in neutral and with you in full control) and could be instantly patched over the air...
    Again, if you are some sort of a dictator etc I could see an intelligence organization with great resources finding a way to hack your Tesla if they have physical access to it, but it will still be cheaper and more efficient to just plant a bomb...

    • Re:Classic FUD (Score:5, Interesting)

      by avandesande ( 143899 ) on Monday August 17, 2015 @11:43AM (#50332401) Journal

      I am a nobody and have had my car (toyota/lexus) broken into because of the key fob amplifier exploit. This effects ordinary people too.

      • Re:Classic FUD (Score:5, Insightful)

        by cdrudge ( 68377 ) on Monday August 17, 2015 @11:51AM (#50332465) Homepage

        I'm a nobody as well. I've had my car broken into because of the brick through side window exploit. I'm searching for a car that doesn't have electronics or windows. Right now I'm left with a Razr scooter and an Amish buggy.

        • by rHBa ( 976986 )
          Caterham 7? [wikipedia.org]
        • My Nissan is easy to break into, so I had a kill switch installed by my mechanic. So far it has thwarted 2 attempts to steal my car.

        • Yeah that is a cute response but the key fob exploit doesn't attract nearly as much attention and has much less risk than smashing a window, but that is obvious isn't it?

          • and yet, Tesla has NOT had a key fob exploit. Why not? Because they are not like other car makers. And yes, these crackers tried to get in that way and could NOT. Basically, the ONLY way to get in, is to break the window, which will then not allow the car to be driven away. That is why only 2 teslas out of 50,000 cars on the road have been stolen. The first was stolen by stealing the fob out of Tesla motors and then driving the car off the lot; That was the one in which the driver died when doing 120 MPH a
      • I leave my fob battery at home ever since I learned about the replay attacks and had a physical key (no chip) for my keyring made. FOB without a battery works as a regular chipped key when inserted in the slot in the dash. Actually, the battery died and I never bothered to replace it.

        You can't do a replay attack if there is no signal to read.

      • How are you sure? (Score:4, Insightful)

        by mindcandy ( 1252124 ) on Monday August 17, 2015 @12:52PM (#50333117)
        Do you have datalogging going on the CAN bus are you just guessing? .. just because you return to your car minus sunglasses but without shattered glass does not mean OMG HACKERZ.
    • Re:Classic FUD (Score:5, Insightful)

      by epyT-R ( 613989 ) on Monday August 17, 2015 @11:56AM (#50332505)

      You might not be important, but you don't have to be if the goal is to cause accidents on major highways. In those situations the logical target would be the popular cars of the unimportant people. I'd just rather not have the connectivity in the first place. I am tired of manufacturers making excuses about their shitty software and over-automated cars. Needless complexity lowers safety and adds expense.

      Even toyota's not immune btw..

    • Re:Classic FUD (Score:5, Informative)

      by gstoddart ( 321705 ) on Monday August 17, 2015 @11:57AM (#50332523) Homepage

      Well, that's one way of looking at it.

      The other way is if this stuff becomes easy enough to become a cheap device or an app for your smart phone ... then the bad guy presses a button which says "all cars which are ready to be hacked please honk your horn".

      Just like script kiddies and other scams, if it's lucrative enough, and easy enough, it'll happen. You don't have to be a high value target. If someone knows they can pop the locks on every Escalade in the parking lot, they're going to do it. And someone might just say "oh, fuck it, let's make all the Corvettes disable their brakes because it will be funny".

      If the last decade or so has taught us anything, it's that if it can be hacked, it will be ... and if it's worth doing, it will be done.

      Pretending like the security risks aren't real because you're a low value target ignores the fact that if there's money to be made. The more automated it can be made, the more it will happen.

      As to the OP's question -- there is no standards body, everything is closed/proprietary, and the corporations aren't going to say up front "yeah, the following cars are totally hackable". They're going to hide this as much as possible.

      I'm just not sure short of following every news story for every company and hoping and guessing you've got a hope in hell of finding this in a way that will be useful.

      Right now, cars are pretty much like every other consumer device .. the companies want to make them all shiny and digital, but they don't know (or don't care) how to make them secure. Which means they don't have a culture of security, accumulated best practices, or anybody telling them the minimum they're allowed to do.

      If you're that worried about getting hacked, buy a car which is a few years old and doesn't have as much electronics in it.

      Beyond that ... I'm not sure how you are going to know what's hackable.

      Pretty much any car with a system like OnStar is going to be remotely accessible even if you don't use it, and the car companies have admitted this.

      • by unrtst ( 777550 )

        Right now, cars are pretty much like every other consumer device .. the companies want to make them all shiny and digital, but they don't know (or don't care) how to make them secure. ...
        Pretty much any car with a system like OnStar is going to be remotely accessible even if you don't use it, and the car companies have admitted this.

        IMO, the features are (almost) incompatible with the goal of security. Build in a backdoor that lets a remote party do stuff, and other remote parties will be MUCH more likely to be able to do stuff. Build in a "feature" that allows something to plug into a port and control things in real time, and someone will be able to do just that (and add a bridge to the outside world, ala the Corvette hack).

        I don't count the things that require physical access to the port to be of much concern. However, bridging in vi

    • Exactly. If you're worried about this, you're making the obvious mental error in thinking that stories you see on the news are about you. They aren't. Even if the news stories are true (and not misleading, or out-of-context, or dramatized, or hyped out of proportion), they're still almost never stories about you.

      You don't need to take any action. You don't need to disrupt your life. You don't need ask your government to bully other people into solving this "problem" for you. It's not about you. It re

  • if you tamper with the hardware/software.
  • If the government has backdoor access to your car's computers -- and how do we know they don't? -- so will the hackers.

  • The fix (Score:5, Insightful)

    by Ol Olsoc ( 1175323 ) on Monday August 17, 2015 @11:42AM (#50332383)
    Buy a horse.
  • by account_deleted ( 4530225 ) on Monday August 17, 2015 @11:42AM (#50332387)
    Comment removed based on user account deletion
    • The Caddy! Where's the Caddy?
    • Hm, here that car would over a thousand euro per year in tax. Depending on where you live, you might want to consider a far ligher car. Like an old VW Polo or a Honda Civic, from before the drive by wire age.
  • I am hoping by then I can get a car that is in the cloud.
  • Thermostats (wifi or 3g enabled)
    Home Security Systems
    Banks (some of their website security makes me really wonder)
    Almost all "Internet of thing" smart home devices

    I even have basic questions for (mostly android) cell phones. How long do I get security updates for any of these devices?

    • by cdrudge ( 68377 )

      Thermostat [lowes.com]
      Home Security System [wikipedia.org]
      Bank [tothepointwithbozic.com]

      How long do I get security updates for any of these devices?

      Depends on the manufacturer and carrier. Anywhere from never to for several years or more. Google's "Nexus" devices often have the longest official support but unofficial support/updates through the community is available for long after the manufacturers/carriers have forgotten about the device.

    • The answer is, you don't.

      My current rule is: is it a piece of consumer electronics? If it is, it probably has gaping security holes in it.

      If it's designed to connect to a network, be remotely accessed, and installed by non-technical people, recent history says it's probably not secure.

      Your choices are to live in blissful ignorance and pretend nothing will happen, live in the hope that it won't happen to you even if it's theoretically possible, or don't use it at all.

      I'm not really sure you can take steps t

  • Many of these exploits I don't think of as exploits. They attach a device to the OBDII connector. Keep your doors and windows locked and voila not connectee. 2nd, be real, somebody really wants to mess with your brakes why not nick the hydraulic cable. Much easier. Much of this is hype. The exploit on the fob to unlock, I'd pay attention to. I thought I saw somewhere the land rover is so bad that insurance will not cover it in london unless parked in a garage.

  • Simply a wonderfull car, except for the fuel consumption,
    On that car you can virtually do everything by your own - small amount of tools needed - it's plain & simple.

    But semiconductors are on board it has a stunning 6 diodes on board - not counting the radio!

    If you choose a real Suzuki Samurai with spray injection from 88 you additionally get one with a cathalysator.

  • by gurps_npc ( 621217 ) on Monday August 17, 2015 @11:55AM (#50332497) Homepage
    Buy any such car, then go in and physically remove the antena connecting the smart computer to the wireless world.

    You do NOT need to let OnStar or similar capabilities. No need for it at all. Maybe if your car was self-driving and designed to network with other cars you would need such functionality, but the ability to call for help or use wifi or wireless diagnostics is NOT worth making it hackable

    Once you do this, your car is as safe from hacking as it needs to be.

    • Buy any such car, then go in and physically remove the antena connecting the smart computer to the wireless world.

      how will you know when you've found and disabled all of the antennas?

  • Anything from late 90s will have power, will have modern safety (ABS, Traction, Side Airbags) if you go sufficiently upscale but will not have any integrated infotainment electronics. If you go older, you start losing safety features. Late 80s is ABS, early 80s is airbags, 70s independent rear suspension and rear disk brakes.
    • They started disabling seat belts when they integrated air bags. Seat belts don't have centrifugal or pendulum locks anymore, so don't lock up in a collision. They let you slam face-first into the airbag, which is itself dangerous (the statistics lie: airbags occasionally kill people, and we can see that plain enough; but every single non-fatal high impact in which an airbag has deployed is marked as "airbag saved this person's life", which simply assumes seatbelts never did save lives. They don't take

  • by johnnys ( 592333 ) on Monday August 17, 2015 @11:57AM (#50332531)

    "- is it time for the government to roll out legislation that will enforce safety standards for car computers as well?"

    Which would be covered under *any* sort of "product liability for software" legislation.

    Seriously: You can't buy food without the producer going through FDA checks, you can't buy a car without all the right safety and functionality checked by a gummint agency, you can't trade stocks without oversight by the SEC, so why can software vendors continue to peddle insecure crap with no liability?

    • Software is a discipline and all your examples are industries. If there is a need for such checking: Food software (if there is such a thing) should be checked by the FDA. Stock software by the SEC. Automobile software by the NHTSA. Your desktop stuff for home use gets passed because very few people will pay 15 grand for a securely certified OS to keep someone from stealing the $500 from your checking account.
  • by InvisiBill ( 706958 ) on Monday August 17, 2015 @12:00PM (#50332547) Homepage

    If you want a modern car, you're just going to have to accept that right now, they're all full of closed-source, black-box computer stuff. Short of going to work for the manufacturer and signing an NDA, you're never going to be able to get access to the inner workings of these things. The unfortunate truth is that these manufacturers are adding features without incorporating security from the very beginning, in an effort to have more bells and whistles than the other guys. They're getting better about security, but they still have a lot to learn.

    The good news is that most of these hacks are at least somewhat mitigated. The Jeep one seems the worst, as it worked over a cellular connection from seemingly anywhere, to get into the infotainment system, and then jump to the car's actual controls from there. Chrysler was able to make some change to their network that (partially?) stopped the attack even if the individual cars were still technically vulnerable. The OnStar hack was a MITM between the mobile app and the OnStar website (due to not verifying the cert); it resulted in being able to do things to the car, but wasn't actually a vulnerability in the car itself. Most of the previous hacks require physically connecting to the OBD2 port in the car. As was stated in related posting, just as with computers, if the bad guy can break into your car and install a dongle, you're pretty much screwed anyway. Just like installing only necessary packages on a server to minimize its attack surface, you can also skip unnecessary vehicle options to reduce the chance of a vuln (though you may have varying levels of success getting a car with exactly what you want and nothing you don't).

    We need these hackers to keep pointing out these flaws until the manufacturers fix them (and hopefully completely avoid the same mistake in the future). For now, it's still fairly early in the cycle with lots of learning being done. We need more isolation between the vital control systems and the trivial entertainment junk to completely remove the possibility of something like a USB stick being able to take over your engine, but for the most part these vulns are still rather limited in their application, due to the inherent limitations of actually getting linked up to your car's systems. I'm afraid it might get worse before it gets better, but at least these things seem to be getting addressed by the manufacturers, rather than just covered up.

  • This one's really easy. Don't buy a car where the core system is internet connected unless you're confident in its security.

    The Fiat/Chrysler hack was insane, the result of a total disregard for security.

    The Tesla "hack" barely deserves being called that as it requires physical access to the car's data bus to work. Pretty much every car on the market these days is "vulnerable" to that, but it's stupid to worry about because that's like saying your brake system is "vulnerable" to being cut.

    Likewise with th

  • if you are worried about hackers, buy a car without any wireless features. no remote starter, no keyless entry, no bluetooth, no wifi, no onstar, no uconnect, no cell phone connectivity.

  • My 1996 Jeep Cherokee still runs well. Computer controlled, fuel injected, driver's side air bag... but no remotes. I think I'll keep it.

  • If you are concerned about somebody "hacking" your car over some network connection, just don't buy a car with a network connection. and your problem is solved.. If there is no cellular data connection, there is no way for anybody to hack your car using a data connection. So no "OnStar" or other such convenience services that involve data connections to your car.

    If that doesn't meet your definition of safe enough, understand what you are trying to protect yourself from. MOST of the demonstrated hacks w

  • by tekrat ( 242117 ) on Monday August 17, 2015 @12:15PM (#50332685) Homepage Journal

    RestoMods are where you take an older car and upgrade it to more modern standards. Thus, you get the best of both worlds; superior handling and acceleration, some added safety features, and a car that looks vintage, styled to stand out from the crowd of oval-shaped vehicles.

    There's even an upgraded pan for the VW Beetle that provides disc brakes, better handling and smoother ride; as well as a large assortment of engines that can provide anything from mild performance to tire squealing, drag-strip style that'll smoke most other cars.

    And yes, almost all RestoMods eschew too much electronics, which make the cars as unhackable as they were when they were original 60's and 70's cars.

  • Both a friend of mine and my mom had their Nissans broken into while at my sister's house and we're pretty sure the thief used a wireless hack since neither vehicle had signs of forced entry yet both were locked. Likely it's a local kid, cameras would help catch him. Funny story though, the suitcase stolen from my mom's car had about 25 pounds of bran and a book on crafting since she was getting ready for a crafting bean bag project. That thief didn't get much :-) Here's an article that describes this a
  • 1. If you can't pay cash for the car you can't afford it so get an older model. Depreciation on any new model is huge and a money looser. 2. Add in your own top end stereo system for the convenience items you want. 3. Modify the dash to use an iPad or Android tablet. You can tie it into the control system if you like. You don't get crash avoidance but if you actually drive like your life depends on it you don't really need it.
  • So far as I know my 2008 Toyota Tacoma with a 5-speed manual transmission doesn't have any wireless anything built into it, and you'd have to have physical access to the vehicle in order to 'hack' anything in it. The throttle pedal may be connected to a potentiometer, but the brake pedal, steering wheel, clutch pedal, and parking brake are all mechanically connected to their various systems and will all still function even with the engine off.
  • FUD (Score:4, Insightful)

    by jon3k ( 691256 ) on Monday August 17, 2015 @01:01PM (#50333209)
    Most of those required physical access to the car. If I have physical access to any car I can hack it. Can we stop with the alarmist bullshit please?
  • by nhtshot ( 198470 ) on Monday August 17, 2015 @01:45PM (#50333667)

    In short: If you want a secure car, get something with a carburetor or buy a VW, Audi, Porsche, Seat, Skoda, Bently, Bugatti or Lamborghini.

    I reverse engineer automotive software for a living and I can say without question that Volkswagen Auto Group cars are as secure as you can possibly find.

    Most of the cars you hear about being "hacked" are vulnerable because of something in the infotainment system. Once an outsider has access to that, in most cars, they have access to the canbus and can do "bad" things.

    Vag cars are not this way. They have multiple can buses, one for each primary function. Body control, convenience and power-train are all on separate buses. Between these buses sits a device called the "can-gateway", which is essentially a canbus firewall. No packets can move between the buses except those that are necessary to allow. A "wheels are spinning, activate ABS" message cannot originate on the convenience or body control bus.

    The software for just about everything important is secured with signatures (2048 bit now). Modifying the software for these cars is extremely difficult, getting access in the first place requires enormous amounts of very skilled labor. We spend many thousands of man hours each year just keeping ahead of the security features added to the ECU engine control code (we're a performance company).

    It's hard enough to modify anything on these cars when you have every tool imaginable, a seasoned veteran staff, complete access to the cars and nearly unlimited financial resources.

  • by larwe ( 858929 ) on Monday August 17, 2015 @04:52PM (#50335037)
    It's ironic that this article appears just a few slots above the "the network is untrustable" article about AT&T's support of hacking. The process of keeping an Internet-facing machine safe is a more or less daily battle of 0day patches. This isn't, has never been, and likely never will be possible for consumer electronics because it imposes too much cost on the manufacturer. Automotive software doesn't get updated with the same frequency as desktop software for a bunch of reasons, and it also doesn't get updated indefinitely because there's a distinct end-of-lifecycle for it. TL;DR: The only safe-ish automotive electronics, both now and in the future, are electronics that have no connectivity. It's impossible to feel safe about connected electronics of any sort, and in a realtime control environment like a vehicle, it's frankly irresponsible to permit such connectivity.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...