Why Car Info Tech Is So Thoroughly At Risk 192
Cory Doctorow reflects in a post at Boing Boing on the many ways in which modern cars' security infrastructure is a white-hot mess. And as to the reasons why, this seems to be the heart of the matter, and it applies to much more than cars: [M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them, even if those bugs are exploited by bad guys, because the bad guys are going to do everything they can to keep the exploit secret so they can milk it for as long as possible, meaning that even if your car is crashed (or bank account is drained) by someone exploiting a bug that the manufacturer has been informed about, you may never know about it. There is a sociopathic economic rationality to silencing researchers who come forward with bugs.
Let's wait until al Quadia discovers it (Score:3, Insightful)
and thousands of people die the same moment because some terrorist pressed a button. Of course, well informed, as the big data terrorist is, they will find out whether you are a muslim and your wife wears a burqua with even their ankle being covered all day, they will spare your car if you are one.
We only see risks where we've seen the risk actually causing harm. This is also a reason why its so hard to find motivation to fight against climate change.
Re: (Score:3)
and thousands of people die the same moment because some terrorist pressed a button.
The US military is the only entity that has actually ever carried out attacks like this
Re:Let's wait until al Quadia discovers it (Score:5, Insightful)
Which is more terrifying, the enemy that personally attacks you, that you can boast and brag about fighting him before he kills you, or the enemy that kills you that you never had a chance of defending against?
Now, imagine that the Toyota unintended vehicle acceleration problem manifested on all of the vulnerable cars at the same time . There are a LOT of Toyotas out there, and as a global car make it would not be hard for an organization, anywhere in the world that wanted to try this, to get vehicles to use to test discovered exploits on.
Re:Let's wait until al Quadia discovers it (Score:4)
The US military is the only entity that has actually ever carried out attacks like this
I would say his concern is well founded [telegraph.co.uk].
And your claim is nonsense. Consider the case of Vasili Blokhin, for instance. General Vasili Blokhin pressed a "button" (trigger) and killed the Polish army officer corp. (Admittedly he pressed that "button" repeatedly.) This was around the time that the Soviet Union confiscated food from the Ukraine to artificially create a famine and kill 7,000,000 people by the slow death of starvation. (Death was quicker for the people that walked into the grain fields to pluck some grain to eat - they were shot on the spot.)
The Katyn Massacre [crimemagazine.com]
In March 1940, General Blokhin personally executed all 8,000 of the captured Polish officers on 28 consecutive nights in a basement execution chamber at the Soviet secret police headquarters in Kalinin. The soundproof room was specially constructed for the murders, with a sloping concrete floor and a hose to wash away the blood.
One at a time – 250 a day – each of the Polish officers was led into the room in handcuffs, where Blokhin awaited in a butcher’s apron, cap and shoulder-length leather gloves. Each prisoner was then turned around to face a log wall, and Blokhin would shoot him in the back of the head . . .
The other 14,000 Polish intellectuals captured during the Soviet invasion met a similar fate, although not directly at the hand of General Blokhin.
Admittedly this is only a drop in the bucket of the 100,000,000 people killed by Communist regimes [harvard.edu], but it is revealing.
Re: (Score:3)
and thousands of people die the same moment because some terrorist pressed a button.
The US military is the only entity that has actually ever carried out attacks like this
You're missing the word "capable". Many many organisations and countries would love to have the capability, and they have every intention of using it as often as possible.
Re: (Score:3)
And we warned them. Twice. They didn't think we had the bomb the first time. The second time, there was no excuse.
And it did end the war, when the Japanese realized that we didn't have to lose any one to wipe them out. It was a quick end to a long war. And there was a great deal of debate on whether or not the US should even do such a thing before we did it.
The issue was, the Japanese had lost the war already, but were still fighting, to the last man as we cleared each island they were on. It was slow, dirt
Where is Commander Adama when we need him? (Score:5, Insightful)
Re: (Score:3)
I want networked computers in my car. I want to be able to control my own car via these methods.
I want the networked computers to be open so both I can utilize it in ways I wish that the manufacturer has never thought of, and so security researchers can verify that they are secure.
Re: (Score:3)
I can utilize it in ways I wish that the manufacturer has never thought of
what a great tool for the ambitious suicide bomber
Re: (Score:2)
I want that too, except with an additional requirement. I don't want anything involved in controlling the car physically wired to anything networked. If I want the car controlling system to connect to a network, I want to be required to physically turn a switch to allow it.
"Oh, they're firewalled" they say, and we know that fails.
Re: (Score:2)
I don't want anything involved in controlling the car physically wired to anything networked.
so you want a car with a manual choke? The automatic choke is hooked up to the engine computer with a network connection.
Re: (Score:2)
No, the automatic choke in my car is just a bimetal spring that, when cold, opens a valve in the carburetor allowing extra fuel to be drawn into the intake manifold. The spring is heated by the antifreeze from the engine and an electrical heating element.
No netwoek necessary. No computer necessary. Or any electronic components except a piece of nichrome wire as a heating element.
Re: (Score:2)
You mean you want all physical access to also be secured.
I.e. having to manually splice in to wiring looms (hard/time consuming) or using a convenient (but hard to access for an outside attacker) port in say the centre console.
Not having a convenient port near a small breakable window (lots of expensive cars got stolen because of this, they could smash a small non-alarmed window, plug in a programming tool and add new keys to the ECU), or an externally accessible port.
Re: (Score:3)
I just want my car to work. Why an Internet connection is necessary is beyond me. "But over the air updates!" you say. If a small convenience can give so much trouble I'd rather update at home or the garage using a wire, thank you.
How do you want it to work? (Score:2)
I just want my car to work.
Fair enough but that's a pretty vague statement. HOW do you want it to work? I suspect you and I might have different definitions for how we want our cars to work.
Why an Internet connection is necessary is beyond me.
It's not strictly necessary but it can be very useful. Furthermore asking that question is a little bit like my grandmother asking why email is useful when we can just send letters.
If a small convenience can give so much trouble I'd rather update at home or the garage using a wire, thank you.
Anything can be troublesome if it is badly designed. A wired connection instead of wireless just means the attack surface is different but there still is one.
Re: (Score:3)
Someone in the car industry needs to stand up and say "There will be no networked computers in my vehicles."
Somebody better find him quick. I'm pretty sure that I've heard that either Google or Apple was creating a driverless car that acknowledge direction by answering, "By your command."
Security culture (Score:3)
Someone in the car industry needs to stand up and say "There will be no networked computers in my vehicles."
That is unrealistic and defeatist. Many customers (including myself) very much want some of the capabilities that come with network access and there is no reason it cannot be done utilizing good security practices and appropriate separation of function. I want a built in GPS with weather and traffic data overlays. I want to be able to monitor my car's performance with something more sophisticated than a check engine light. I want my car to be able to fix problems or add features without visiting a deale
Re: (Score:2)
Yes. But Ralph Nader is now just too old to fight....
Re: (Score:2)
Security - One Industry at a Time (Score:5, Interesting)
A significant problem is that computer-related security lessons seem to have to be learned from the ground up, industry by industry. Contrary to this, the smartphone industry (especially Apple) has relatively sophisticated security in both hardware and software, and I think it was because they could learn a lot of valuable lessons from their experience with the PC. As a result, iOS users enjoy a relatively malware-free system.
The automobile industry on the other hand, is probably somewhere in the early 2000's mindset, comparatively speaking. You see the same mistakes being made with many early Internet of Things manufacturers with brain-dead security mistakes, such as storing hard-coded encryption keys right on the devices themselves. Router manufacturers, just as little as a few years ago were still leaving shipping with services open to the internet by default. They're STILL shipping devices with known, default passwords, mysterious backdoors, and all sorts of other vulnerabilities. You can probably point to any other industry and see the same lack of basic security knowledge and practices. It's not going to change until these issues are dragged, kicking and screaming, into the light of day... either by lawsuits, legislation, or simply too much bad press.
Re: (Score:2)
As a result, iOS users enjoy a relatively malware-free system.
Considering that its a foregone conclusion that every version of iOS will be jailbroken, I have to wonder if this has more to do with software distribution controls than actual system security.
Re:Security - One Industry at a Time (Score:5, Interesting)
Oh, I'm sure that's part of it, but certainly not the entire story. You should skim over iOS's security whitepaper [apple.com] sometime if you don't believe there's a hell of a lot of security features built into the hardware and software at a *very* deep level. It's actually quite impressive. Keep in mind that the ability to root your phone doesn't necessarily invalidate all the other protections provided for the average user.
To start with, consider the notion of selective application permissions with user consent, compared to the "give this application all access to all resources" model with the PC. Applications are isolated from each other, which gives less flexibility, but also helps to prevent a rogue app from spreading itself everywhere on the system. The system is hardware-encrypted by default until you turn the device on (using a secure boot chain) and unlock it, meaning you can't simply pry the device apart and read the flash memory. And that's just what I can think of off the top of my head.
Re: (Score:3)
Highway to hack: why we’re just at the beginning of the auto-hacking era
.
Imagine it’s 1995, and you’re about to put your company’s office on the Internet. Your security has been solid in the past—you’ve banned people from bringing floppies to work with games, you’ve installed virus scanners, and you run file server backups every night. So, you set up the Internet router and give everyone TCP/IP addresses. It’s not like you’re NASA or the Pentagon or something, so what could go wrong?
That, in essence, is the security posture of many modern automobiles—a network of sensors and controllers that have been tuned to perform flawlessly under normal use, with little more than a firewall (or in some cases, not even that) protecting it from attack once connected to the big, bad Internet world. This month at three separate security conferences, five sets of researchers presented proof-of-concept attacks on vehicles from multiple manufacturers plus an add-on device that spies on drivers for insurance companies, taking advantage of always-on cellular connectivity and other wireless vehicle communications to defeat security measures, gain access to vehicles, and—in three cases—gain access to the car’s internal network in a way that could take remote control of the vehicle in frightening ways....
Re: (Score:2)
Not all car companies are like that. Ever notice how Nissan cars are never the ones being hacked? That's because they install proper hardware firewalls to keep the entertainment system separate from anything important. They have actually thought about this and gone out of their way to make it secure. Their systems tend to be a little bit behind the latest and greatest from other manufacturers, but at least they are safe.
In fact most of the Japanese manufacturers seem to have a clue in this area. Yeah, Toyot
Laugh (Score:5, Funny)
Narrator:
A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.
Business woman on plane:
Are there a lot of these kinds of accidents?
Narrator:
You wouldn't believe.
Business woman on plane:
Which car company do you work for?
Narrator:
A major one.
Re: (Score:2)
Perhaps I am an evil socio-path but what you have described is a given for EVERYTHING in life. Everything you do is done on a risk vs reward analysis.
Narrator:
A mouth is opened and a chocolate bar is put in. The person later dies a horrible slow painful death as their body becomes resistant to insulin, their toes rotting and finally their heart stopping. Do we stop putting chocolate in the mouth? Take the number of chocolate bars eaten A, multiply by the risk B, multiply by the average medical cost, C.
Re: (Score:2)
Doh A times B Times C = X.....
Re:Laugh (Score:4, Funny)
which units do you use to measure the enjoyment of a chocolate bar? do you use wonkas or toblers? it makes a difference in the calcuations.
Re: (Score:3)
I prefer the subset of Wonkas called the Oompas
Re: (Score:2)
Re: (Score:2)
is so grossly higher than the actual price of a life
what about the life of Steve Jobs, would that be worth $10 million? what about his mother and father? Without them he would not exist. So what is their value?
So now how can you possibly predict the value of a life when you can't even calculate it when they are alive? how can you presume to know the value of their impact?
Re: (Score:2)
Impossible to determine. However probably not worth that $10 million. Realistically if Steve Jobs hadn't existed someone else would have taken his place. Would Apple be the same company without him? Definitely not. But would it be a bigger or smaller Apple than it is today? No one knows or ever could know. Also if Apple didn't exist, realistically something else would have taken its place.
In the end someone is paid a huge salary or has accumulated huge wealth because they were the right person in the
Re: (Score:2)
is so grossly higher than the actual price of a life
what about the life of Steve Jobs, would that be worth $10 million?
Not at all. You appear to believe that if he wasn't aruond to bring us iShinies then no one else would. The talent that is needed to bring the world iStuff is so common someone else would have done it if he wasn't around.
Re: (Score:2)
Not exactly, first they're only indemnified for reactions to the vaccine, which can cover a fairly large amount of symptoms and reactions, but it in no way indemnifies them for failures in the manufacturing of these vaccines.
The indemnity had to be enacted because the profit margin on vaccine manufacture is extremely low, and as adverse reactions do happen, it would only take a few court cases to completely wipe any sort of economic reason for the company to manufacture said vaccines. It was decided that th
Re: (Score:2)
Perhaps I am an evil socio-path but what you have described is a given for EVERYTHING in life. Everything you do is done on a risk vs reward analysis.
Yep and there's even a theory [wikipedia.org] that describes it quite nicely...
Re: (Score:2)
Know that's just "Fight Club," but that's the whole idea behind punitive damages. For example, the famous/infamous case of the women who won hundreds of millions when she got burnt from McDonald's coffee.
Re: (Score:2)
http://priceonomics.com/how-a-... [priceonomics.com]
Read the article to see that the woman did not just "win hundreds of millions when she got burnt from McDonald's coffee".
Re: (Score:2)
I saw that you linked to the article, but figured that GP wouldn't click on a link that would tend to prove his position incorrect.
Re: (Score:3)
That woman had third-degree burns to her lap (including lady bits) that required some amputation and a weeks' stay in a hospital. It was proven that McDonalds was aware that there was a problem, but refused to do anything about it. They paid out hundreds of thousands of dollars in settlements (with gag orders, naturally) to people who had been hurt previously, but refused to lower the holding temperature on their coffee makers, which was tens of degrees hotter than industry standards. Their argument was
Re: (Score:2)
And don't forget the bailouts. These assholes went on doing business as if nothing happened AT ALL.
Uh, how exactly did you expect them to change as a result of the bailouts?
Not surprised at all (Score:5, Insightful)
There are arguments that can be made that state the stakes are higher now (due to the interconnectedness of systems), and it is plain that the attack surface of just about anything is larger, but those still are symptoms, not causes.
On the flip side of that, those with power and money have amassed more, and that interconnectedness plays to their advantage, resulting in the psuedo-regulated oligarchy we see across most industries and governments today.
The invisible hand of the free market is a hand that will push all to wrack and ruin if allowed to be completely free.
Re:Not surprised at all (Score:5, Insightful)
capitalism works but it has to be heavily regulated
pushing against regulation by spewing propaganda for morons who buy simpleminded "logic" and then voting for the puppet, or corrupting regulation: https://en.wikipedia.org/wiki/... [wikipedia.org] , this is how free markets die
a market is only free if it is heavily regulated. no regulation means the big guys abuse smaller players and consumers
the richest, happiest societies have low corruption and good social safety nets. anyone arguing against either is a propaganda victim who is arguing for their own impoverishment, unless they are a billionaire plutocrat
Re: (Score:3)
unregulated markets don't exist
when there is no regulation the guy with the biggest stick just takes it all
Re: (Score:3)
And often times no regulation is better than some regulation (e.g. because regulatory capture, etc). Even without regulation we have legal devices such as Tort (negligence law) that helps to reign in bad behavior.
the laws that make tort possible are "regulation"
Re:Not surprised at all (Score:5, Insightful)
even regulatory capture is better than no regulation. the big guys corrupting the government and writing rules that help them, is still better than no rules at all, where the big guys simply crush smaller guys and consumers any fucking way they want: no regulation, remember?
plenty of countries handle regulation with far less corruption than us. that's what we should aim for. but asking for less regulation, is far worse, on any measure you can think of. you should be asking for regulations to be cleaned up
it's like the bad guys robbed the bank by paying off the guard
and your solution is:
1. fire the guard. no guard. hey, that will work to prevent bank robberies (!?)
2. forget the bad guys, don't even go after them or punish them
just let them get away with robbing you and not even mentioning them as the fucking cause of your problem. all you do is whine "the problem is we have guards who can be corrupted, you can never get rid of that problem..." hello? what about the assholes doing the corrupting and robbing you? do you have anything to say about their behavior?
what you should do is:
1. fire the guard. hire a new guard. evaluate him better and more regularly
2. go after the bad guys. punish them. make them pay. they fucking robbed you asshole
why do corporations escape scrutiny when they corrupt our government and so many morons can only criticize the government?
what the hell is up with that?
FIX the government. if you WEAKEN the government, the bad guys who are the actual cause of your fucking problem laugh all the way to the bank: you made their job easier, and rewarded them for fucking up the only thing you have to protect yourself, your fucking government
Re: (Score:3)
FIX the government. if you WEAKEN the government, the bad guys who are the actual cause of your fucking problem laugh all the way to the bank: you made their job easier, and rewarded them for fucking up the only thing you have to protect yourself, your fucking government
This is the part that most Libertarians simply cannot grasp- it's as if they suddenly get a major brain cramp when they hear this spelled out for them. Because, you know, "Gubbmint BAD!!"
Re: (Score:2)
Probably because it's bullshit.
Corrupt big corporations exist primarily because government keeps their competitors out of the market, and funnels money to them in government contracts.
Back in the EVIL UNREGULATED CAPITALISM era, Standard Oil tried to monopolize oil. The end result was a massive reduction in the price of oil, and many people becoming rich as EVIL Standard Oil had to keep buying them out to reduce competition.
Now they just buy the government instead, and pass regulations that make competition
Re: (Score:2)
Re:Not surprised at all (Score:5, Insightful)
they need a basic education in economics, and some obvious history: the gilded ages of victorian times for example
only then should they be allowed to have an opinion
an uneducated, wish fulfillment fantasy that ignores basic economic facts is not a valid opinion
"markets regulate themselves, magic free market fairy solves all problems!" is a quasireligion, not an ideology or political concept anyone should respect
this crap is made for morons and suckers by plutocrat controlled propaganda sources
that being said, libertarianism, european style, is respectable: it's about social issues
only this mutant american-style "libertarianism," that only cares about economics and only motivates simple minded social retards to agitate for less regulation and taxes for the ultrarich, is invalid and contemptible
if you (not you, justanotheroldguy, anyone reading) agitate for legal marijuana, gays getting married, women controlling their own bodies, etc.: i consider you a libertarian, and i respect you
if you agitate for less regulation of multinational conglomerates, you're not a libertarian. you're a fucking moron being used as a useful tool by propaganda channels pushing your simpleton's easily identifiable prejudicial buttons. against your own well-being. because you're too fucking dumb to understand otherwise. and i have zero respect for you, and a good measure of disgust for polluting the political discourse in this country with useless low intelligence mental diarrhea that only helps the ultrarich and large corporations
Re: (Score:2)
if you (not you, justanotheroldguy, anyone reading) agitate for legal marijuana, gays getting married, women controlling their own bodies, etc.: i consider you a libertarian, and i respect you
Does cutting through the face to get a salable brain = "women controlling their own bodies"?
Is fining somebody hundreds of thousands of dollars for declining to bake a cake "libertarian"?
You are a leftist, not a libertarian. Why not own it? Is there something wrong with it, that you want to hide it or relabel it?
Re: (Score:2)
Re: (Score:2)
The problem is regulatory capture. Solve that and I'll pretty much agree with you.
(Actually, the solution is easy. Just forbid the regulators to have private communications with those they regulate either directly or through intermediates. And forbid them to accept any gratuities, jobs, etc. from them either while in office or after retiring. And enforce those rules. The difficulty is in getting those rules in place.)
Re: (Score:3)
oh yeah, an orwell quote is completely appropriate to dispel a point about economics, you fucking moron
market regulation is not totalitarianism. if you think it is, consider yourself a completely propagandized retard
i'm not throwing around empty insults
to believe what you said is appropriate to my comment genuinely reveals yourself to be a low intelligence person, objectively. indoctrinated into a shallow dimwitted "ideology." i have to put ideology in quotes because the simpleminded slogans of dimwits shou
Comment removed (Score:5, Interesting)
Re: (Score:3)
As I have discovered, it is a lot better in a legal sense to leave things unpatched. The patching requires downtime, it adds nothing to business,
yeah, let's take gm's ignition key horror as an example. They saved a few dollars up front and in the end it cost them BIG TIME. your stupid "wisdom" is just stupid
Patching vulnerabilities just isn't a priority for many IT environments.
Oh really? Then why do companies spend so much money and so much time on maintaining an environment where Windows Update can work properly? Why is it that linux distributions that quickly push security fixes are more popular? Why is it that every store I visit has brand spanking new credit card machines?
Re: The ITIL approach sucks for security (Score:5, Interesting)
They had to be dragged kicking and screaming
by people who had money on the line and had the ability to drag and kick. this is how the system works
Re: (Score:2)
PRINT ""+-0
That clears the screen?
Also, who does not separate drive control? (Score:3)
Seriously, whenever you have mission-critical control systems and networks, you _isolate_ them. As in _physical_ isolation. Anything else is asking for trouble and can charitably be described as grossly negligent. But apparently, this utter stupidity does gets some people better bonuses, when it should get them a few decades in prison instead for criminally negligent homicides.
Re: (Score:3)
As in _physical_ isolation. Anything else is asking for trouble
yeah that's great. we'll give each car its own road
Re: (Score:2)
No, but a nice padded cell for every troll (you are obviously one) would be something to strive for.
Re:Also, who does not separate drive control? (Score:5, Insightful)
> You should read the articles. Because CAN is a multi-master communications
> bus any device on the bus has write access at the hardware level - it's only
> software controls that limit whether a device can write to the bus or not. Which
> is why the government-mandated ODBC-II interface is such a bad idea,
> because anyone can plug in to the CAN bus with a standardized connector
> and get complete control of a vehicle.
Why is so much unnecessary, security-risky, stuff connected to that device? In a worst case, have separate buses...
* the "entertainment" bus for wifi for "teh interweb", streaming audio, etc.
* the "critical" bus that controls car operation. Have it only *PHYSICALLY* accessable, i.e. only via physically plugging a probe into a jack. And none of the devices connected to the "critical" bus are radio/wifi/bluetooth/whatever-else externally accessable.
Re: (Score:2)
Why is so much unnecessary, security-risky, stuff connected to that device? In a worst case, have separate buses...
* the "entertainment" bus for wifi for "teh interweb", streaming audio, etc.
* the "critical" bus that controls car operation.
That's not realistic, because customers want to change their car settings from the head unit. When car companies give you access to that functionality in other ways, customers (and reviewers!) complain about the additional controls in the vehicle.
Re: (Score:3)
Yeah, and? They could stick a bomb on the car, so why worry about what firmware they might flash?
The problem is precisely the one the earlier poster mentioned. Some retard put completely non-critical traffic on the same bus as critical traffic, and didn't separate it in a secure manner. So now you can send a text message that disables the brakes.
Re: (Score:2, Interesting)
Yeah, and? They could stick a bomb on the car, so why worry about what firmware they might flash?
they don't need to leave physical evidence. they can leave an invisible logic bomb that will erase itself and leave no trace. why leave behind a physical bomb? why? it makes no sense.
"security theater" is worse than useless because you think you are secure and you let down your guard. you put in separate networks and you think you've solved the problem. wrong! you just prod the hackers to find new vectors.
Re: (Score:2)
Hint: when your cellphone sends message on the same bus that controls the brakes, a hacker anywhere in the world can send a text message that turns off your brakes and crashes your car. When they have to reprogram the ECU because you no longer send trivial, non-essential messages on a critical bus, they have to physically access the car to do so.
And you call that 'security theatre'?
Do you work for an auto manufacturer?
Re: (Score:3)
That is BS. Anybody with physical access can already mess up a lot of things, like weakening the brake-hydraulics, etc. The separated buses serve to prevent any attacks with the attacker not being physically present. You know, like these that were in the press recently?
Re: (Score:2)
Your idea does nothing to prevent people like valet parkers or vehicle inspectors or detailers from getting physical access to your "jack" long enough to infect your car. Your car is 100% vulnerable to all kinds of attack when you leave it at the shop for repair, not just from the shop employees but from anyone who can break their probably non-existent security.
Physical access means the car is Pwn3d. If you care, you can lock the jack or something, but there's no way to stop it.
Re: (Score:2)
Re: (Score:3)
ODBC is a database API...
OBD-II doesn't mandate CAN bus connectivity. My car has a CAN bus, but only exposes a K-Line interface on the OBD connector.
If you've got a device that doesn't need to write to the CAN bus but needs to read from it, you can physically stop it from doing so by not connecting the drivers to the bus.
Re: (Score:2)
Any diagnostic port will always have write level access to the network, since it has to be able to do things like ECU updates as well. Whether it's ODBC-II or some GOANIE (Good Old American, Not Ickey European) debug port with a different network protocol matters bugger all.
Re: (Score:2, Informative)
I think maybe you misread the article, or misunderstood it. (The _real_ Ars Technica article, not the useless boingboing summary.)
Normally there are two _separate_ CAN busses, one which handles all the critical crap, and one which handles the infotainment and comfort stuff. There's a module which connects the two, providing read-only queries from the second to the first. None of the hacks breached this system.
There's a physical, pluggable interface to the safety-critical CAN. Some people have "hacked" it. I
Re: (Score:3)
There's a module which connects the two, providing read-only queries from the second to the first. None of the hacks breached this system.
they haven't breached it yet
we used to think that kryptonite locks and SSL 1.0 were secure
Re: (Score:2)
You thought that kryptonite locks and SSL 1.0 were? Talk about naive....
Re: (Score:2)
Indeed. And that is what I was talking about. Not that I am too happy with that CAN bridge, but if it is designed very carefully, it is probably secure enough.
Re: (Score:3)
Normally there are two _separate_ CAN busses, one which handles all the critical crap, and one which handles the infotainment and comfort stuff. There's a module which connects the two, providing read-only queries from the second to the first. None of the hacks breached this system.
Oh really? Then how did that Jeep Cherokee hack via the infotainment system work?
from http://www.wired.com/2015/07/h... [wired.com] (emphasis mine)
Re: (Score:2)
Unlike you, I actually know what I am talking about. The way to do this is of course to have two physically separate CAN buses, one for critical functions and one for everything else.
You can't start your car, there are 33 updates.... (Score:2)
Oh this is going to be wonderful..... I'll be running late. When I put the key in the ignition and turn it the display will boot up it will tell me, "Please wait, GM is installing 33 critical updates." then it will want me to reboot the car.
Unless the car is a Google car and will drive itself, I really don't need a networked car. This is just going to end badly and make everyone late.
Re: (Score:2)
When I put the key in the ignition and turn it
I think you are living in the wrong century
Re: (Score:2)
I think you are living in the wrong century
Yes.
Oh look, I'm at work. I'm going to stop the car and get out.
Oops. "Your car is installing 33 updates. Do not stop the engine. The car will shut down when the updates are complete."
Comment removed (Score:4, Informative)
Bugs should be costly to ignore, and cheap to fix (Score:4, Insightful)
...M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them...
If it costs nothing to ignore security bugs that can cause car crashes and human injury, then clearly the cost of ignoring such bugs is far too low.
.
The question becomes, how can security bugs be made expensive to ignore and cheap to fix?
Easy fix (Score:2)
At least there's an easy fix (as untenable as it would be to cause our government to do it):
1) $100,000 fine per incident of any unauthorized access to a vehicle through a remote mechanism (any mechanism, any access, no exceptions).
2) Force manufacturers to carry insurance to cover at least $1,000,000 in liability per car sold.
Problem solved... no more remotely exploitable surface for vehicles at all (too expensive for the manufacturer, until it's security-solid enough to afford the insurance). Won't fix ge
Re:Why car info tech is so thoroughly at risk .. (Score:5, Insightful)
Disagree. Proprietary software is just as buggy and sometimes extremely buggy. There may even be NDA agreements that forbid revealing any bugs to third parties.
Re:Why car info tech is so thoroughly at risk .. (Score:5, Insightful)
NDAs in proprietary software is there for a reason - to protect the software vendor against revelations that they have done wrong, all the way from copyright infringement (like breaking an open source license condition in their solution), backdoors, security shortcuts etc. If it possibly can exist it will exist in the closed code.
As being involved in the car industry - I can agree upon the observation. Just look at the Autosar platform, it's a collection of bugs in tight formation that has been sold to the car industry as the greatest solution since the invention of the stone axe. But for everyone that have been working with internet solutions it's revealed to be a very clunky solution that doesn't really improve things, it just adds overhead.
Today the car industry starts to look at Ethernet as a replacement for CAN, but then there are complaints about it causing a higher power consumption and therefore there's a "need" to do quirky solutions like separating traffic on VLANs on the same physical bus, and that separation into VLANs is enough to offer sufficient security against intrusions and overload attacks (intentional through malware or unintentional through bugs).
In addition to this it's worth to realize that when you buy a car you only buy the hardware, you aren't permitted to know anything about the software. So essentially the manufacturer could say that you can keep the car but we have to erase the software in it - leaving you with a 2 ton shell of steel and plastics.
Re: (Score:2)
Obvious troll is obvious.
Re: (Score:2)
Well, hey, at least the open stuff can be fixed.
Re: (Score:3)
The problem is that though the code can be fixed, it can't be installed.
Honestly, however, most of the vulnerable Android devices aren't fixed even when it's possible, because their users don't understand what they're doing. And the system was designed under the premise that they shouldn't.
But the code can be fixed. And may be in next year's model.
Re:Why car info tech is so thoroughly at risk .. (Score:5, Interesting)
Because the tech is invariably based on open Source and written by some unpaid intern.
Though it's probably not in the way that you intended, you do have a valid point. Far too many companies seem to piece together open source software then slap on some proprietary code, without adequately testing it. Since they are doing so to save development and licensing costs, it frequently ends up as a disaster.
That being said, many companies do spend some time in integrating open source software and do thorough testing. So the success or failure of open source software in such circumstances is more a product of the company's motivation and culture than an indicator of the quality of open source software.
Re: (Score:2)
Re: (Score:3)
From what I can gather, Apple and Google most certainly have an expertise which is a few orders of magnitude higher than the auto industry. Short of firing all the automotive CEOs and replacing them with geeks, I don't know how anyone can operate a significant shift in focus in less than 50 years.
I've worked for insurance, finance and distribution(I assume car companies to be as bad) and the state of the art is that none of those people have the first clue as to what computer science is, can bring to them
Re:Why car info tech is so thoroughly at risk .. (Score:5, Interesting)
It's all kind of baffling. We have decades of experience that tells us that writing secure software is very difficult and that patching insecure software is expensive, inefficient, and largely ineffective. So the response -- and not just in the auto industry -- is to constantly add more questionably necessary complex hardware and software (Why do I need digital air time pressure indicators that do not work properly to replace $2 mechanical pressure indicating Schraeder valve caps?) and then express surprise that the result is vulnerable to digital attack.
Folks. I don't know how to break this to you. The "solutions" that don't work on the internet, with financial stuff, with dating sites, etc probably aren't going to work in cars either..
What will work? Nothing most likely. But minimizing attack surfaces by air gapping systems that don't need to talk to one another, making ROMs read only with a physical programming switch, banishing anything that looks or works like javascript, abandoning the odd notion that over the air updates can't -- by accident or hijacking -- simultaneously brick millions of vehicles might help. The result would be clunky and sort of mid-20th centuryish. But it might be moderately secure.. And implementing it might free up resources to deal with the inevitable similar problems in the rest of the digital world.
Re: (Score:3)
I disagree, to me it's pretty clear what is going on here. The folks who make budgeting and resource planning decisions haven't the vaguest clue what is involved in writing software, let alone best security practices. All they see is developers that cost money.
The lead/principal/architect (whoever the he
Re: (Score:2)
Seriously, a lot of commercial projects borrow heavily from Open Source and do get some lowly paid interns to write it. There's a least one HFT [wired.com] platform that owes a lot to Open Source. I know of at least one coder at the LSE who designed a 'Candlestick chart [wikipedia.org]' application - using Ellipse [eclipse.org].
Re: (Score:2)
Blame the company. They change and rewrite the code for their needs with full intent to label bugs as WONTFIX. You want bug fixes Pal? Buy the new model.
Re: (Score:2)
Re: (Score:3, Interesting)
we're talking about security exploits and the well-documented tendency for the guys in the corner office to hush things up rather than fix it, and you complain about "union campaign money" linked to deferred convictions. of whom? union bosses? don't you mean the corporate suits the union bosses hate, who are the decision makers on this topic?
do you even try to make sense when you spew your propaganda?
you're a moron. not a baseless insult. objective true: your partisan obsession has so eclipsed whatever dim
Re: (Score:2)
Says the lefty wingnut, right? Your comment history suggests this. How are you different from the stereotype you're ranting about?
He was referring to situations where unions prevent bad employees from being fired. The US car industry suffered greatly from this and from too much insulation from outside competition.
While a bad employee might explain specific cases, the problem is much broader. It's 'hard' to write secure, complex software in any context. I think the best solution for security is to avoid ove
Re: same as it ever was (Score:3, Insightful)
Hey right wing dumbass.... Union people don't design the cars, nor do they decide to ignore problems with them.
As to insulation from competition: you mean like making sure that we didn't have a race to the bottom like we do now? Because 30 plus years of right wing economics have worked so well for everyone. Just look at how wages and productivity have gone up! Oh, wait. Productivity has gone through the roof and wages have gone nowhere.
Even the front runner in your own party gets that 'free trade' is
Re: (Score:3)
unions do not have jack shit to do with ignoring car security
to try to shoehorn that obsession into this topic means you are a moron. not right wing, not left wing. just fucking retarded
there's nothing else to be said. keep trying to derail the topic with your low brain wattage partisan mental diarrhea. you're too dumb to talk to
Re: (Score:2)
The question is really how to educate dev teams in the auto industry. If they can be brought up to even modest levels of best practice (use of verification tools, test methods, asset versioning, etc) then at least quality can be improved going into the future. Also system separation should be the industry standard approach where critical and non-critical functions are not mixed together at all.
"can" and "should" are meaningless words without government regulation to back them up