Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Transportation Communications Networking Security

Experts Have No Confidence That We Can Protect Cars and Streets From Hackers (dailydot.com) 97

Patrick O'Neill writes: Cars and streets are now connecting to the Internet for a long list of transportation and safety benefits but the new tech has drawbacks. Experts from government, industry, and academia say they have no confidence they'll develop a secure system that can protect users from tracking and privacy breaches. Their opinions were captured in a recent survey (PDF) from the Government Accountability Office. "The government is coordinating with the transportation industry on the Security Credential Management System (SCMS), a project to verify that basic road-safety messages come from authorized devices. ... At this point, it’s not clear who would even run such a system. Previous plans pointed toward car industry control, but the Transportation Department is now looking into playing 'a more active leadership role' for V2I as well as V2V (vehicle-to-vehicle) networks. That role would include setting security and privacy standards when V2I and V2V networks become operational."
This discussion has been archived. No new comments can be posted.

Experts Have No Confidence That We Can Protect Cars and Streets From Hackers

Comments Filter:
  • by TheRealHocusLocus ( 2319802 ) on Friday October 16, 2015 @08:00AM (#50742837)

    Buy some new experts.

    • you COULD dig some 60s Mopars out of the junkyard, and study them. they have excellent internal data security.

      the other option... no wifi, no data connections from the sound system to the rest of the car, no wireless comms. the diagnostic connector must have rolling passwords, just like a garage door opener. no other entry points to the car network. and get rid of commercial OS and software, cars are a killing tool in all but a handful of modes, there should be a custom RTOS running the gizmos.

  • Really? (Score:4, Insightful)

    by koan ( 80826 ) on Friday October 16, 2015 @08:02AM (#50742851)

    So no matter what we are going to attach cars and the "street" to the Internet? That's a good idea?
    And there is a serious question as to whether that control should be privatized?

    Let me convey my feelings about that as one concerned citizen.

    Never has it been more insulting, and dangerous, than to consider privatizing public utilities and assests, and thereby making people dependent on corporations to manage something we all use and need.
    Privatization never turns out well for the end user, and no matter what you say about the government running things, it's a damn sight better than some corporation.

    • Neither all privatized, nor all public is really the best option for society. Consumer co-ops like credit unions have had pretty good records where they've been tried, but I doubt they're always the solution, either.
    • So no matter what we are going to attach cars and the "street" to the Internet? That's a good idea?

      This is the crux of what I'm thinking. Then again, why is it such a good idea to hard-wire a car with network connectivity in the first place?

      What I mean is, why not build something that you can plug a phone into and use the phone's connection (assuming you need 4G that damned badly in your car)? Rig the bluetooth in said car so that you have to specifically authorize a given phone, and you're done... Hell, my wife's 3-year-old Kia Soul does this.

      This way you don't have the stupid planned obsolescence... in

      • > why is it such a good idea to hard-wire a car with network connectivity in the first place?

        Because once you make a feature completely ubiquitous, to the point that "this feature not being present is not only an edge-case, but a definite failure", then possibilities multiply exponentially.

        > This way you don't have the stupid planned obsolescence... in a friggin' *car*.

        So.. are we just talking about a data connection anymore? Do you want your car's steering control to compete for CPU power with notifi

      • We already do this: modern cars have Bluetooth, and connect to your phone (and with the way the Bluetooth protocol works, you have to explicitly "pair" two devices, in effect authorizing your phone to work with your car).

        4G is needed in your car mainly for navigation, communications, and music. Maybe "need" isn't the right word here, but it can be convenient; a lot of people like to listen to streaming music, so being able to play Pandora on your car stereo is nice. Being able to place and receive calls

      • by bjwest ( 14070 )

        So no matter what we are going to attach cars and the "street" to the Internet? That's a good idea?

        This is the crux of what I'm thinking. Then again, why is it such a good idea to hard-wire a car with network connectivity in the first place?

        What I mean is, why not build something that you can plug a phone into and use the phone's connection (assuming you need 4G that damned badly in your car)? Rig the bluetooth in said car so that you have to specifically authorize a given phone, and you're done... Hell, my wife's 3-year-old Kia Soul does this.

        This way you don't have the stupid planned obsolescence... in a friggin' *car*.

        But...but...but.. You mean I have to DO SOMETHING before it will work?!?

        You forget that people are so entitled these days they think they have to do nothing at all and the world will hand them whatever they want.

        I can't get a $200K job with my basket weaving degree?!? But...but...but.. I HAVE A COLLEGE DEGREE! You need to pay off my student loans AND guarantee me that job.

        • "You forget that people are so entitled these days they think they have to do nothing at all and the world will hand them whatever they want" is too exaggerated. Not everyone lives in their parent's basement. People that I know do their best to earn an honest living.
    • Re:Really? (Score:5, Insightful)

      by jellomizer ( 103300 ) on Friday October 16, 2015 @08:41AM (#50743119)

      Also if you are going to have internet access in your car, have it on a separate computer then what you are using for the core services, with the entertainment system.
      You engine, steering, breaking, and lights should be on a separate computer without any form of wide area network. Just a plug for manual software updates.

      Your other systems, that are not directly affecting your driving can be hooked up to the internet. Where hackers cannot harm the person.

      Not everything needs to be hooked up to the internet.

      • by TWX ( 665546 )

        Also if you are going to have internet access in your car, have it on a separate computer then what you are using for the core services, with the entertainment system. You engine, steering, breaking, and lights should be on a separate computer without any form of wide area network. Just a plug for manual software updates.

        Your other systems, that are not directly affecting your driving can be hooked up to the internet. Where hackers cannot harm the person.

        Not everything needs to be hooked up to the internet.

        Even more importantly, if there is some kind of need for powertrain or other control modules to connect to other devices, like to other cars, there needs to be mechanisms in place to ensure the integrity of the car as an uncompromised node, and for the car to verify that the information it's receiving from other sources over radio also comes from other uncompromised nodes.

        I fully expect autonomous vehicles to have to have some means of receiving instructions from emergency responders and possibly even in

      • Also if you are going to have internet access in your car, have it on a separate computer

        A separate computer? Hell, I've already GOT a second computer: my phone. Maybe I'll hook it up this time as i drive, maybe I won't. But I sure won't be paying for ANOTHER device on another data plan.

        But really? I use my phone and internet as a radio, and BT the stream to the receiving stereo. Or Google Nav with connected audio. I'm sure it's still breakable, but that's a lot of different hoops to go thru. And you can't control it if I don't connect it to the car.

        Yeeeeeah, time bombs, I know. But s

        • This brings up a good point.

          How about a standard interface for a car where you plug in the smart phone you already have? That is now the brains of your car. As technology advances, so does your smart phone. Your car can forever stay "dumb".

      • Re:Really? (Score:5, Insightful)

        by RingDev ( 879105 ) on Friday October 16, 2015 @10:22AM (#50743891) Homepage Journal

        This isn't about internet access.

        Disclaimer: I work for a state DOT as a software development manager and I consult on systems that are impacted by these systems.

        This is about V2V and V2I communications platforms. In the 2017 model year, all new vehicles will require V2V communication systems. And another ~5 years after that we'll likely see V2I requirements.

        Currently, when you see those signs that say "X minutes to exit Y", they pull that data in one of a few ways:
        1) Buy it from Google or other cell phone tracking companies
        2) Use radar speed cameras to calculate the average speed and travel time
        3) Use roadside Bluetooth detectors to identify specific vehicle travel times between two detectors
        4) Magnetic loop vehicle counters and an algorithm to compare rate to volume and travel time.

        V2V communication systems don't directly communicate with the infrastructure system. But similar to the Bluetooth detection system, we can identify that a specific car with a V2V system has passed a point, and then measure the travel time for it to reach the next meter point. Currently we capture ~2% of traffic using Bluetooth, with the new V2V system being mandated for 2017 and a ~5% annual fleet replacement rate, by 2018 we should over double our data collection.

        There's nothing fancy there though. The detail data is only retained for the segment measurements, and since all we know is effectively a GUID, we can't identify specific people. But if you were to learn of a GUID associated with someone's vehicle or phone's Bluetooth, and you were to capture and store the meter data, you could, in theory, determine their travel habits across the specific place those meters are installed (pro-tip: there aren't many of them)

        Where V2I starts getting really cool is when we can actually communicate with vehicles about the environment. For example, If you have a densely populated area with significant street parking (say like pretty much any down town metro in the country) as the street parking fills, you get more surface traffic of people looking for parking. At ~50% parking capacity roughly 80% of the traffic is searching for parking. V2I communication can cut that rate tremendously by informing vehicles of the closest available parking spots.

        Another cool use that's already being done in Vegas is that the infrastructure can inform the car as to the optimum speed to travel at to hit all of the green lights.

        Then you get into the really cool stuff, next gen and all that. Where a vehicle that has it's route information can report travel times for each road segment, and share this data between V2V and V2I, allowing the other vehicles and infrastructure perform vastly more efficient route planning, alleviating traffic jams, minimizing road surface damage, etc...

        That data can also feed our construction plans giving us hard analytical data to determine where construction projects are needed. Where safety needs to be improved, where volume is changing rapidly. It can help plan lane closures and route plans for over sized-over weight vehicles. It can replace a ton of what is currently labor intensive and best-guess analysis with cold hard facts.

        But it needs to be shepparded by people who are aware of the security impacts and unwilling to overstep bounds.

        At one stakeholder meeting, a senior member of a policing branch of the state government asked if the system could be used to disable the vehicles of people who were driving recklessly. Or if they would be able to query the system to identify suspects in relation to a crime.

        Some of the ops folks were really excited about the idea of identifying common traffic routes, to be able to see how individual drivers get from point A to point B.

        But there were those of us in the group who were willing to say, no, killing someone's ignition at 90 mph is a bad idea. No, having a searchable database with PII is bad. No, showing full route information is a horrible intrusion in the drivers' privacy.

        These are the battles that are being had, across the country, in your own Department of Transportation.

        If you are concerned about it, contact your local DOT, that's where the magic is happening right now.

        -Rick

        • Thanks for the background info! I'm curious, do state DOTs do their own thing or are they like other agencies where the large states tend to force the standard? In other words, if we pressure California DOT to build these platforms responsibly, would that be felt elsewhere in the country as well?
          • by RingDev ( 879105 )

            To some extent. I'd have to dig through my notes to see who is further along than others. I know Vegas has some cool stuff in Nevada, Cali comes up in conversation thanks to silicon valley. So does Minnesota though, so it's not like it's locked up by the typical coastal players.

            My state isn't on the cutting edge, but we are replacing some of our asset management software, which ties into traffic ops, so keeping an eye on which vendors are going to be able to leverage V2V and V2I communications is critical

    • So no matter what we are going to attach cars and the "street" to the Internet? That's a good idea?

      Of course it's a good idea! It will allow more tracking to sell even better-targetted advertising spots. And Google will keep us secure. After all, they've done such a good job with Android...

    • So no matter what we are going to attach cars and the "street" to the Internet? That's a good idea?

      Emphatically no, it's not, but that won't stop it from happening, any more than 'wireless charging' being a thing now couldn't be stopped from being marketed, despite the incredible inefficiency of it, or the 'internet of things' becoming a thing (and not being anything like secure, and why the hell, really, do you need your refrigerator connected to the gods-be-damned Internet anyway?), or 'The Cloud' being a thing, despite 'Cloud' providers deciding to go belly-up on you and leaving you high and dry and/or getting hacked for its' contents, etcetera, etcetera, etcetera.. people want the Internet in their cars, because cars, like cellphones have become, are now more of a lifestyle choice than they are what they used to be made to be (transportation!), so of course you have to have all the comforts of home in your gods-be-damned car; I'm just waiting for there to be a toilet built into the drivers' seat, and some sort of shower facilities and a way to store and cook food, so you never have to leave the car, ever, for any reason. Anyway, back in Less Sarcasm Land, people want their cars to have all this wireless connectivity, and since they're rushing to market with this stuff, of course it's going to be a major attack vector for the entire vehicle. To be fair though even what we assumed were the most secure systems connected to the Internet have been hacked, which just proves the obvious: Anything can be hacked into. It's just a matter of time. You want unimpeachable security? Don't connect it to the Internet, or have any sort of wireless connectivity in the first place. I drive a 2008 Toyota Tacoma pickup with a 5-speed stick shift, it doesn't have wireless anything, and so far as I know, short of someone having physical access to the CANBUS, it's not hackable, and I like it that way.

      You want your vehicle to be unhackable? Then it needs a physical switch you can flip that kills power to any and all radio transceivers in the vehicle, and I don't mean a 'soft' switch that has to be acted upon by software, either. Short of that being available, find the antenna(s) for any radio transceivers, disconnect them, and connect the transceiver to a dummy load. That won't completely stop them, but at worst it'll reduce the range by which it can be accessed to a few feet.

  • by Anonymous Coward

    From TFA :
    "Privacy will be a key component of the new road networks. Data generated by V2I networks may be given to academics, government agencies, and private companies for research purposes."

    I guess privacy does not mean what I think it means

    • What makes you think you have any privacy on the roads today? Your cellphone broadcasts a signal, video cameras monitors the roadways and some police departments use license plate scanners.
      • by Anonymous Coward

        What makes you think you have any privacy on the roads today? Your cellphone broadcasts a signal, video cameras monitors the roadways and some police departments use license plate scanners.

        private != privatization.

        koan makes valid points about attaching 2 ton vehicles to the internet and then not being able to ensure they cannot be used as weapons.

        As far as privacy on the road, I don't care anymore. I found out that the way they determine average speed on traffic reports is to monitor cellphone position. So much for privacy.

      • All true. However, all but one condition is rather limited in scope and depth, with most of it installed in limited metropolitan areas (cities like London excepted).

        The cell signal is about the only thing that can be truly, well, sorta tracked... depending on how locked-down your phone is and what you have turned on. If you have GPS running and the world's loosest permissions, yeah you can be tracked to the square meter. If you have reasonable privacy controls turned on and GPS off unless absolutely needed,

  • If they say there is no problem then experts are no longer valuable.

  • by sinij ( 911942 ) on Friday October 16, 2015 @08:11AM (#50742921)
    Car infotainment systems are a Trojan horse by the car manufacturers in search of forced obsolescence.

    Modern cars normally last 12-15 years, no connected IT system would survive this long without constant maintenance. Thing is, it is all but certain that there won't be security patches developed for that long.

    With this in mind, buying a connected car is insane.
    • The big stupid for me was the hack that disabled the brakes by hacking the radio.

      Why, why, why is the entertainment system on the same WRITABLE hardware bus as the brakes? I can see why you might want to talk to the engine management (to enable "sport mode" and such), but not directly, that would be stupid.

      We know why : because they're cheap bastards.

    • I have seen IT systems in use for a lot longer than that.

      Amazingly enough, some software continues to work as long as the hardware it is running on continues to function.

      • by sinij ( 911942 )
        Sure, but what you fail to notice is that infrastructure protecting such system gets updated. Things like firewalls, IPS, VPN that secure such IT system are much newer and maintained.
  • It' seems these "experts" have zero clue at all on how to build cars or how to secure a local network that is isolated from the internet.

    • And they know it.

      Which means you have to ask the question: why the hell should we accept they are "experts"?

      This screams of an industry saying "we have no idea how to do this properly, but we're going to do it anyway".

      • by sinij ( 911942 )
        What you are missing is "at this cost with this feature set". You want a secure IoT thermostat for $50? Not possible. The best that could be done is secure connected at $250 or 'please hack me' connected for $50 or not connected and secure for $50.
        • While I see the draw of an internet connected thermostat, it isn't enough to outweigh the "Please hack me" that is inevitable. It isn't that hard to program a decent thermostat to function within the 90% of normal range, and manually change it for the 10% of the time that isn't normal. So, I get off work a little early and want the house cooled down (summer) or warmed up (winter) when I get home, I'll suffer the 30 minutes it takes.

          And why hasn't anyone of these people watched BattleStar Galactica, you don'

          • by Lumpy ( 12016 )

            Yet my $19.00 programmable thermostat outdoes all the internet ones instantly. it just takes 10 minutes of effort to program it to never need to touch it again.
            In fact I haven't touched my thermostat in 3 years.

  • by gstoddart ( 321705 ) on Friday October 16, 2015 @08:15AM (#50742945) Homepage

    We don't have any confidence they can either. And if they're not confident they can secure it, and we're not confident they can secure it .. how about we simply don't deploy the damned thing?

    If everybody is rushing to roll out the awesome new digital infrastructure, and nobody believes it will be secure .. maybe it's not so fucking awesome?

    We don't want a system which doesn't protect us from privacy and security breaches. So don't make one. Why is everybody in such a rush to deploy shitty technology all the time?

    Sorry, but I don't want a car or anything else with a badly designed level of security which everybody knows is a badly designed layer of security. At that point it's more about marketing than it is technology.

    Just say no. The world will survive without one more incompetently implemented piece of digital integration nobody really cares about.

    Now get off my damned lawn.

  • input or output from any part of the system should conform to narrow parameters, or the entire communication is disregarded, and the fail safe implemented. so falling back to the fail safe should be frequent, not rare and alarming. it could be a hack, it could also just be network or equipment issues, either way

    for example, the data: distance to car in front of you

    the data should be of rigorously correct format, received in the correct and expected small time frame, and the source must be locked to certain

    • trust indicators

      Um, no, you've already failed

    • by Mr.CRC ( 2330444 )
      Or they could just make a car be a fucking car, and use something called wires to connect shit together! There is no need for "infotainment" integrated into a car. Passengers can use portable devices. I won't buy a car with a built-in TV, internet connected or not. And it's looking like I will never buy a new car again for the rest of my stay on this planet. I'll be seeking out used vehicles only with wires only inside.
  • Buy used, or build your own, without any computer controlled systems. For the less paranoid closed systems with no way to upgrade the software can be used.

  • Protecting cars from privacy breaches is, frankly, a secondary issue. There have been hacks demonstrating that an attacker can wirelessly take control of the car and interrupt the driver's control. This sort of hack certainly can be prevented-- by yanking any wireless connectivity, if nothing else.

    If a car maker has cars that are not fully protected against that kind of attack, it should be illegal to drive those cars on public roads.

  • Slashdot experts are confident that driverless cars will never have crash. So it's all good.

  • The reason automakers can't build a secure system is that it costs money. And putting an expensive secure system on cars will raise prices. Of course, raising prices in a commodity market means you lose sales.

    But here's the thing. If they keep making their systems hackable where people can get in from the internet to the car and actually take over control (instead of isolating the infotainment network from the critical command/control network, you're going to get into a situation where one or more cars a

  • by acoustix ( 123925 ) on Friday October 16, 2015 @08:46AM (#50743155)

    I don't have confidence in most things anymore: federal government, personal responsibility, etc.

    Just add this to the list.

    • I don't have confidence in most things anymore: federal government, personal responsibility, etc.

      Just add this to the list.

      I have confidence in your lack of confidence.

    • Okay, I'll add to the list - corporate responsibility... from Enron to AIG to Volkswagen.
  • Is to treat all radio data as suspect. Assume it is compromised, not valid. Worst case scenario airgap any computer that controls the cars from any computer that can receive outside instructions.

    There is NO need whatsoever for anyone to be able to control the brakes, gas, etc. of a car that from outside the car.

    The idea that they should is a poorly thought out concept.

    • There are plenty of public safety arguments in favor of applying some level of control from outside of the car. Cars in a high-speed chase put anywhere from a handful to hundreds of people in danger. Suspected stolen cars and drunk drivers could be safely pulled to the side of the road. The implementations of these could vary from nearly direct control to a signal that automatically puts the car into a parking mode (external order with details handled by the car itself).

      There are various tradeoffs that h

  • Exactly no one wants to think of the negative use case scenarios and what the scale of those use case scenarios might mean to society.

    The whole stampede towards IoT and internet on everything is driven purely by 1) multi-millionaire investors looking to be the next multi-billionaire and 2) people who are high on the curiosity / inventiveness scale but disastrously low on the harder-to-do societal implication / moral reasoning / counterfactual hypothesizing scales.

    Q What if people don't use the technology in

    • by gtall ( 79522 )

      You missed one. Just about every company has been taught over the years to be paranoid of the competition stealing their cookies, and the concept of "you do better by screwing the competition". Even in the absence of the millionaire to billionaire track, there would be an a push for this sort of technology. The cost of production is currently such that it is cheaper to produce a car with a single universal bus rather than two to isolate key engine components.

      Normally, we would rely on government to capture

  • If you think the govt is all up in your shit online because you might download some Disney movie illegally, just wait until you can crash cars via internet access.

    Then you'll need a license to even USE the internet. Think that's far fetched? It's not. If we let the internet become a common vector of attack against just everything, then kiss even your pseudo-anonymity goodbye. They will pull your license to surf just like they can pull your driver's license.

    We don't NEED IoT so let's not rush and build an in

  • That role would include setting security and privacy standards when V2I and V2V networks become operational.",

    There's only one standard: "No security breaches."
    We can follow that up with, "For each security breach, you pay a fine of X dollars, and a bounty to the discoverer."

    That won't work perfectly, but it will work much much better than creating a list of coding standards. Create the incentive and people will find better ways to write good code than by following any silly 'standard.'

  • Yes,well, let's all hope we understand where that leads us by now.

  • The point of V2V is to force people to pay money to install and maintain useless systems for the purpose of assisting bulk electronic surveillance.

    V2V has no compelling safety based use case anyone has ever been able to coherently explain.

    Just look at their website they show a vehicle with a display showing the words "COLLISION ALERT".

    Then we have classic V2V use case.. the pile up accident caused by an unbroken chain of idiots failing to maintain proper following distance. If the car in front of the car i

  • We know that about 30,000 people are killed each year in the U.S. due to ordinary traffic accidents. Computer controlled vehicles will drastically decrease this in the coming years. We can't not afford to implement computer controlled vehicles. Why not have the NSA secure automated vehicle software. They would likely be ahead of the game on security vulnerabilities and are best positioned out of everyone to secure automated vehicles. Yes there is an issue with having the NSA track everyone's movements

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...