Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security Transportation Bug DRM

Why Car Info Tech Is So Thoroughly At Risk 192

Cory Doctorow reflects in a post at Boing Boing on the many ways in which modern cars' security infrastructure is a white-hot mess. And as to the reasons why, this seems to be the heart of the matter, and it applies to much more than cars: [M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them, even if those bugs are exploited by bad guys, because the bad guys are going to do everything they can to keep the exploit secret so they can milk it for as long as possible, meaning that even if your car is crashed (or bank account is drained) by someone exploiting a bug that the manufacturer has been informed about, you may never know about it. There is a sociopathic economic rationality to silencing researchers who come forward with bugs.
This discussion has been archived. No new comments can be posted.

Why Car Info Tech Is So Thoroughly At Risk

Comments Filter:
  • by NotInHere ( 3654617 ) on Sunday August 23, 2015 @08:17PM (#50376717)

    and thousands of people die the same moment because some terrorist pressed a button. Of course, well informed, as the big data terrorist is, they will find out whether you are a muslim and your wife wears a burqua with even their ankle being covered all day, they will spare your car if you are one.

    We only see risks where we've seen the risk actually causing harm. This is also a reason why its so hard to find motivation to fight against climate change.

    • and thousands of people die the same moment because some terrorist pressed a button.

      The US military is the only entity that has actually ever carried out attacks like this

      • by TWX ( 665546 ) on Sunday August 23, 2015 @10:06PM (#50377187)
        Just because they're the only ones that have done it, doesn't mean that interested parties wouldn't want themselves to do it.

        Which is more terrifying, the enemy that personally attacks you, that you can boast and brag about fighting him before he kills you, or the enemy that kills you that you never had a chance of defending against?

        Now, imagine that the Toyota unintended vehicle acceleration problem manifested on all of the vulnerable cars at the same time . There are a LOT of Toyotas out there, and as a global car make it would not be hard for an organization, anywhere in the world that wanted to try this, to get vehicles to use to test discovered exploits on.
      • by cold fjord ( 826450 ) on Sunday August 23, 2015 @10:42PM (#50377325)

        The US military is the only entity that has actually ever carried out attacks like this

        I would say his concern is well founded [telegraph.co.uk].

        And your claim is nonsense. Consider the case of Vasili Blokhin, for instance. General Vasili Blokhin pressed a "button" (trigger) and killed the Polish army officer corp. (Admittedly he pressed that "button" repeatedly.) This was around the time that the Soviet Union confiscated food from the Ukraine to artificially create a famine and kill 7,000,000 people by the slow death of starvation. (Death was quicker for the people that walked into the grain fields to pluck some grain to eat - they were shot on the spot.)

        The Katyn Massacre [crimemagazine.com]

        In March 1940, General Blokhin personally executed all 8,000 of the captured Polish officers on 28 consecutive nights in a basement execution chamber at the Soviet secret police headquarters in Kalinin. The soundproof room was specially constructed for the murders, with a sloping concrete floor and a hose to wash away the blood.

        One at a time – 250 a day – each of the Polish officers was led into the room in handcuffs, where Blokhin awaited in a butcher’s apron, cap and shoulder-length leather gloves. Each prisoner was then turned around to face a log wall, and Blokhin would shoot him in the back of the head . . .

        The other 14,000 Polish intellectuals captured during the Soviet invasion met a similar fate, although not directly at the hand of General Blokhin.

        Admittedly this is only a drop in the bucket of the 100,000,000 people killed by Communist regimes [harvard.edu], but it is revealing.

      • and thousands of people die the same moment because some terrorist pressed a button.

        The US military is the only entity that has actually ever carried out attacks like this

        You're missing the word "capable". Many many organisations and countries would love to have the capability, and they have every intention of using it as often as possible.

      • And we warned them. Twice. They didn't think we had the bomb the first time. The second time, there was no excuse.

        And it did end the war, when the Japanese realized that we didn't have to lose any one to wipe them out. It was a quick end to a long war. And there was a great deal of debate on whether or not the US should even do such a thing before we did it.

        The issue was, the Japanese had lost the war already, but were still fighting, to the last man as we cleared each island they were on. It was slow, dirt

  • by dfn5 ( 524972 ) on Sunday August 23, 2015 @08:19PM (#50376725) Journal
    Someone in the car industry needs to stand up and say "There will be no networked computers in my vehicles."
    • I want networked computers in my car. I want to be able to control my own car via these methods.

      I want the networked computers to be open so both I can utilize it in ways I wish that the manufacturer has never thought of, and so security researchers can verify that they are secure.

      • I can utilize it in ways I wish that the manufacturer has never thought of

        what a great tool for the ambitious suicide bomber

      • I want that too, except with an additional requirement. I don't want anything involved in controlling the car physically wired to anything networked. If I want the car controlling system to connect to a network, I want to be required to physically turn a switch to allow it.

        "Oh, they're firewalled" they say, and we know that fails.

        • I don't want anything involved in controlling the car physically wired to anything networked.

          so you want a car with a manual choke? The automatic choke is hooked up to the engine computer with a network connection.

          • No, the automatic choke in my car is just a bimetal spring that, when cold, opens a valve in the carburetor allowing extra fuel to be drawn into the intake manifold. The spring is heated by the antifreeze from the engine and an electrical heating element.

            No netwoek necessary. No computer necessary. Or any electronic components except a piece of nichrome wire as a heating element.

        • You mean you want all physical access to also be secured.

          I.e. having to manually splice in to wiring looms (hard/time consuming) or using a convenient (but hard to access for an outside attacker) port in say the centre console.

          Not having a convenient port near a small breakable window (lots of expensive cars got stolen because of this, they could smash a small non-alarmed window, plug in a programming tool and add new keys to the ECU), or an externally accessible port.

      • by tsa ( 15680 )

        I just want my car to work. Why an Internet connection is necessary is beyond me. "But over the air updates!" you say. If a small convenience can give so much trouble I'd rather update at home or the garage using a wire, thank you.

        • I just want my car to work.

          Fair enough but that's a pretty vague statement. HOW do you want it to work? I suspect you and I might have different definitions for how we want our cars to work.

          Why an Internet connection is necessary is beyond me.

          It's not strictly necessary but it can be very useful. Furthermore asking that question is a little bit like my grandmother asking why email is useful when we can just send letters.

          If a small convenience can give so much trouble I'd rather update at home or the garage using a wire, thank you.

          Anything can be troublesome if it is badly designed. A wired connection instead of wireless just means the attack surface is different but there still is one.

    • Someone in the car industry needs to stand up and say "There will be no networked computers in my vehicles."

      Somebody better find him quick. I'm pretty sure that I've heard that either Google or Apple was creating a driverless car that acknowledge direction by answering, "By your command."

    • Someone in the car industry needs to stand up and say "There will be no networked computers in my vehicles."

      That is unrealistic and defeatist. Many customers (including myself) very much want some of the capabilities that come with network access and there is no reason it cannot be done utilizing good security practices and appropriate separation of function. I want a built in GPS with weather and traffic data overlays. I want to be able to monitor my car's performance with something more sophisticated than a check engine light. I want my car to be able to fix problems or add features without visiting a deale

  • by Dutch Gun ( 899105 ) on Sunday August 23, 2015 @08:24PM (#50376747)

    A significant problem is that computer-related security lessons seem to have to be learned from the ground up, industry by industry. Contrary to this, the smartphone industry (especially Apple) has relatively sophisticated security in both hardware and software, and I think it was because they could learn a lot of valuable lessons from their experience with the PC. As a result, iOS users enjoy a relatively malware-free system.

    The automobile industry on the other hand, is probably somewhere in the early 2000's mindset, comparatively speaking. You see the same mistakes being made with many early Internet of Things manufacturers with brain-dead security mistakes, such as storing hard-coded encryption keys right on the devices themselves. Router manufacturers, just as little as a few years ago were still leaving shipping with services open to the internet by default. They're STILL shipping devices with known, default passwords, mysterious backdoors, and all sorts of other vulnerabilities. You can probably point to any other industry and see the same lack of basic security knowledge and practices. It's not going to change until these issues are dragged, kicking and screaming, into the light of day... either by lawsuits, legislation, or simply too much bad press.

    • by Octorian ( 14086 )

      As a result, iOS users enjoy a relatively malware-free system.

      Considering that its a foregone conclusion that every version of iOS will be jailbroken, I have to wonder if this has more to do with software distribution controls than actual system security.

      • by Dutch Gun ( 899105 ) on Sunday August 23, 2015 @08:58PM (#50376875)

        Oh, I'm sure that's part of it, but certainly not the entire story. You should skim over iOS's security whitepaper [apple.com] sometime if you don't believe there's a hell of a lot of security features built into the hardware and software at a *very* deep level. It's actually quite impressive. Keep in mind that the ability to root your phone doesn't necessarily invalidate all the other protections provided for the average user.

        To start with, consider the notion of selective application permissions with user consent, compared to the "give this application all access to all resources" model with the PC. Applications are isolated from each other, which gives less flexibility, but also helps to prevent a rogue app from spreading itself everywhere on the system. The system is hardware-encrypted by default until you turn the device on (using a secure boot chain) and unlock it, meaning you can't simply pry the device apart and read the flash memory. And that's just what I can think of off the top of my head.

    • Ars is on the trial of auto security as well [arstechnica.com].

      Highway to hack: why we’re just at the beginning of the auto-hacking era

      .
      Imagine it’s 1995, and you’re about to put your company’s office on the Internet. Your security has been solid in the past—you’ve banned people from bringing floppies to work with games, you’ve installed virus scanners, and you run file server backups every night. So, you set up the Internet router and give everyone TCP/IP addresses. It’s not like you’re NASA or the Pentagon or something, so what could go wrong?

      That, in essence, is the security posture of many modern automobiles—a network of sensors and controllers that have been tuned to perform flawlessly under normal use, with little more than a firewall (or in some cases, not even that) protecting it from attack once connected to the big, bad Internet world. This month at three separate security conferences, five sets of researchers presented proof-of-concept attacks on vehicles from multiple manufacturers plus an add-on device that spies on drivers for insurance companies, taking advantage of always-on cellular connectivity and other wireless vehicle communications to defeat security measures, gain access to vehicles, and—in three cases—gain access to the car’s internal network in a way that could take remote control of the vehicle in frightening ways....

    • by AmiMoJo ( 196126 )

      Not all car companies are like that. Ever notice how Nissan cars are never the ones being hacked? That's because they install proper hardware firewalls to keep the entertainment system separate from anything important. They have actually thought about this and gone out of their way to make it secure. Their systems tend to be a little bit behind the latest and greatest from other manufacturers, but at least they are safe.

      In fact most of the Japanese manufacturers seem to have a clue in this area. Yeah, Toyot

  • Laugh (Score:5, Funny)

    by koan ( 80826 ) on Sunday August 23, 2015 @08:31PM (#50376779)

    Narrator:
    A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.

    Business woman on plane:
    Are there a lot of these kinds of accidents?

    Narrator:
    You wouldn't believe.

    Business woman on plane:
    Which car company do you work for?

    Narrator:
    A major one.

    • Perhaps I am an evil socio-path but what you have described is a given for EVERYTHING in life. Everything you do is done on a risk vs reward analysis.

      Narrator:
      A mouth is opened and a chocolate bar is put in. The person later dies a horrible slow painful death as their body becomes resistant to insulin, their toes rotting and finally their heart stopping. Do we stop putting chocolate in the mouth? Take the number of chocolate bars eaten A, multiply by the risk B, multiply by the average medical cost, C.

      • Doh A times B Times C = X.....

      • Exactly.... Let's say a recall cost $10 million. How much medicine food and other health and services now are foregone? In fact the average settlement in wrongful death is up past $10 million, which is so grossly higher than the actual price of a life that far more is being done for safety than ought to be. No one recalls vaccines because one in a million are allergic and die, nor do they make less vaccines so they can make more allergy tests.
        • is so grossly higher than the actual price of a life

          what about the life of Steve Jobs, would that be worth $10 million? what about his mother and father? Without them he would not exist. So what is their value?

          So now how can you possibly predict the value of a life when you can't even calculate it when they are alive? how can you presume to know the value of their impact?

          • Impossible to determine. However probably not worth that $10 million. Realistically if Steve Jobs hadn't existed someone else would have taken his place. Would Apple be the same company without him? Definitely not. But would it be a bigger or smaller Apple than it is today? No one knows or ever could know. Also if Apple didn't exist, realistically something else would have taken its place.

            In the end someone is paid a huge salary or has accumulated huge wealth because they were the right person in the

          • is so grossly higher than the actual price of a life

            what about the life of Steve Jobs, would that be worth $10 million?

            Not at all. You appear to believe that if he wasn't aruond to bring us iShinies then no one else would. The talent that is needed to bring the world iStuff is so common someone else would have done it if he wasn't around.

      • Perhaps I am an evil socio-path but what you have described is a given for EVERYTHING in life. Everything you do is done on a risk vs reward analysis.

        Yep and there's even a theory [wikipedia.org] that describes it quite nicely...

    • Know that's just "Fight Club," but that's the whole idea behind punitive damages. For example, the famous/infamous case of the women who won hundreds of millions when she got burnt from McDonald's coffee.

      • by Pieroxy ( 222434 )

        http://priceonomics.com/how-a-... [priceonomics.com]

        Read the article to see that the woman did not just "win hundreds of millions when she got burnt from McDonald's coffee".

        • by BVis ( 267028 )

          I saw that you linked to the article, but figured that GP wouldn't click on a link that would tend to prove his position incorrect.

      • by BVis ( 267028 )

        That woman had third-degree burns to her lap (including lady bits) that required some amputation and a weeks' stay in a hospital. It was proven that McDonalds was aware that there was a problem, but refused to do anything about it. They paid out hundreds of thousands of dollars in settlements (with gag orders, naturally) to people who had been hurt previously, but refused to lower the holding temperature on their coffee makers, which was tens of degrees hotter than industry standards. Their argument was

  • by wbr1 ( 2538558 ) on Sunday August 23, 2015 @08:32PM (#50376783)
    At its core, capitalism, raw and unregulated is a sociopathic economic structure. That this manifests itself this way in the automobile industry is just one facet of it.

    There are arguments that can be made that state the stakes are higher now (due to the interconnectedness of systems), and it is plain that the attack surface of just about anything is larger, but those still are symptoms, not causes.

    On the flip side of that, those with power and money have amassed more, and that interconnectedness plays to their advantage, resulting in the psuedo-regulated oligarchy we see across most industries and governments today.

    The invisible hand of the free market is a hand that will push all to wrack and ruin if allowed to be completely free.

    • capitalism works but it has to be heavily regulated

      pushing against regulation by spewing propaganda for morons who buy simpleminded "logic" and then voting for the puppet, or corrupting regulation: https://en.wikipedia.org/wiki/... [wikipedia.org] , this is how free markets die

      a market is only free if it is heavily regulated. no regulation means the big guys abuse smaller players and consumers

      the richest, happiest societies have low corruption and good social safety nets. anyone arguing against either is a propaganda victim who is arguing for their own impoverishment, unless they are a billionaire plutocrat

  • by Neo-Rio-101 ( 700494 ) on Sunday August 23, 2015 @08:37PM (#50376803)

    The problem with vulnerabilities is when you are in an organization where simple patching is overmanaged to death so that the patches are never applied in a timely manner.

    As I have discovered, it is a lot better in a legal sense to leave things unpatched. The patching requires downtime, it adds nothing to business, it introduces risks to the system of a failed change. If the patching screws up, then YOU take the blame.

    It is just MUCH easier to leave the vulnerability unpatched and tolerate getting hacked. Reason? Because then somebody else takes the blame. It wasn't you, Mr. System Admin, who broke the system, but someone else. Therefore, it's not your fault. You can walk away with your paycheck as the system explodes in the background. If you noticed the vulnerability and made plans to patch it, and it doesn't get patched due to some bureaucratic ITIL wrangling, you can just walk away from the carcrash.

    Patching vulnerabilities just isn't a priority for many IT environments.

    • As I have discovered, it is a lot better in a legal sense to leave things unpatched. The patching requires downtime, it adds nothing to business,

      yeah, let's take gm's ignition key horror as an example. They saved a few dollars up front and in the end it cost them BIG TIME. your stupid "wisdom" is just stupid

      Patching vulnerabilities just isn't a priority for many IT environments.

      Oh really? Then why do companies spend so much money and so much time on maintaining an environment where Windows Update can work properly? Why is it that linux distributions that quickly push security fixes are more popular? Why is it that every store I visit has brand spanking new credit card machines?

    • PRINT ""+-0

      That clears the screen?

  • by gweihir ( 88907 ) on Sunday August 23, 2015 @09:01PM (#50376885)

    Seriously, whenever you have mission-critical control systems and networks, you _isolate_ them. As in _physical_ isolation. Anything else is asking for trouble and can charitably be described as grossly negligent. But apparently, this utter stupidity does gets some people better bonuses, when it should get them a few decades in prison instead for criminally negligent homicides.

    • As in _physical_ isolation. Anything else is asking for trouble

      yeah that's great. we'll give each car its own road

      • by gweihir ( 88907 )

        No, but a nice padded cell for every troll (you are obviously one) would be something to strive for.

  • Oh this is going to be wonderful..... I'll be running late. When I put the key in the ignition and turn it the display will boot up it will tell me, "Please wait, GM is installing 33 critical updates." then it will want me to reboot the car.

    Unless the car is a Google car and will drive itself, I really don't need a networked car. This is just going to end badly and make everyone late.

    • When I put the key in the ignition and turn it

      I think you are living in the wrong century

      • by 0123456 ( 636235 )

        I think you are living in the wrong century

        Yes.

        Oh look, I'm at work. I'm going to stop the car and get out.

        Oops. "Your car is installing 33 updates. Do not stop the engine. The car will shut down when the updates are complete."

  • by zerofoo ( 262795 ) on Sunday August 23, 2015 @10:18PM (#50377245)

    NHTSA publishes a list of civil settlements here:
    http://www.nhtsa.gov/Laws+&+Re... [nhtsa.gov]

    Fiat Chrysler was recently fined for inadequate protections on Jeep gas tanks, but I did not see that on the page linked above - so the list isn't entirely current.

    NHTSA may not be the fastest regulatory group out there, but they have shown a willingness to go after car companies that do not issue timely fixes for dangerous problems. Automotive software bugs will eventually kill people. Unfortunately, NHTSA probably won't care until then.

  • by QuietLagoon ( 813062 ) on Sunday August 23, 2015 @11:00PM (#50377425)

    ...M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them...

    If it costs nothing to ignore security bugs that can cause car crashes and human injury, then clearly the cost of ignoring such bugs is far too low.

    .
    The question becomes, how can security bugs be made expensive to ignore and cheap to fix?

  • At least there's an easy fix (as untenable as it would be to cause our government to do it):

    1) $100,000 fine per incident of any unauthorized access to a vehicle through a remote mechanism (any mechanism, any access, no exceptions).
    2) Force manufacturers to carry insurance to cover at least $1,000,000 in liability per car sold.

    Problem solved... no more remotely exploitable surface for vehicles at all (too expensive for the manufacturer, until it's security-solid enough to afford the insurance). Won't fix ge

UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn

Working...