Array
(
    [content] => 
    [params] => Array
        (
            [0] => /forum/index.php?threads/must-read-article-on-automotive-security-breach.6311/
        )

    [addOns] => Array
        (
            [DL6/MLTP] => 13
            [Hampel/TimeZoneDebug] => 1000070
            [SV/ChangePostDate] => 2010200
            [SemiWiki/Newsletter] => 1000010
            [SemiWiki/WPMenu] => 1000010
            [SemiWiki/XPressExtend] => 1000010
            [ThemeHouse/XLink] => 1000970
            [ThemeHouse/XPress] => 1010570
            [XF] => 2021370
            [XFI] => 1050270
        )

    [wordpress] => /var/www/html
)

Must-read article on Automotive Security Breach

Paul McLellan

Moderator
Hackers Remotely Kill a Jeep on the Highway—With Me in It

I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.
 
Last edited:
Paul, technically , this is a pretty easy to solve. just put a chip between your internet connected entertainment system(HUD) and your control that allows only on-way communications between them , i.e. only sensor data going to the HUD.

But say toyota solves this and markets an new car with "better security - now hackers cannot control your car" - it won't reflect well on it . So nobody does this, and the result is what we see.

I think we just need regulators to interfere , it will help everybody, includind those companies long-term.
 
If you want to make things much worse, get the regulators further involved. "Government intelligence" and "Government efficiency" are not oxymorons for no reason at all.

Let the car companies decide how they will solve this and let the consumers buy the cars that provide the protection they believe in. Perhaps some will opt for no Internet connectivity at all. The car companies and consumers should be free to do as they think is best.
 
dwisehart , if you want to drive in an unregulated car, please do so. But please don't share the same road with me and increase my risk , or pollute my air - because i can i be sure you(or someone else) didn't choose a car with problems ?
 
This is actually similar (but more life-critical) than the problem with cell-phones. There is nothing really to stop you using an unregulated phone that trashes the network. Except a lot of testing means that you can't buy a phone like that. I believe that one reason that Apple uses Qualcomm modems rather than designing their own (at least for now, I know they have LTE expertise in house) is that managing that approval process on a few hundred carriers is complex and expensive. Since Qualcomm is doing it anyway, they are buying not just silicon but the type approval too.
 
Paul, technically , this is a pretty easy to solve. just put a chip between your internet connected entertainment system(HUD) and your control that allows only on-way communications between them , i.e. only sensor data going to the HUD.

But say toyota solves this and markets an new car with "better security - now hackers cannot control your car" - it won't reflect well on it . So nobody does this, and the result is what we see.

I think we just need regulators to interfere , it will help everybody, includind those companies long-term.

I don't think it is that simple. For one thing, companies like Tesla can update the motor control over the air so that chip would have to be less absolute than to block everything. But even on my Prius there are 3 buttons by the entertainment system that allow me to switch from economy mode, performance mode and electric only. Are they part of the engine control or the cabin system? Even before we get autonomous vehicles we might get vehicles that can communicate with the vehicles ahead and behind, which means they need access to the communication subsystem. So the boundary between the two systems is not crystal clear.
 
Paul., for the current situation the simple solution would suffice. It might be even possible to design something to the 3-buttons in your car, because it doesn't seem safety-critical, it's simple, and it's just a decision away from using simple physical buttons.

As for the more complex vehicle communications, there are groups doing formal-verification on security systems , like this:

Formal Verification of an Authorization Protocol for Remote Vehicle Diagnostics

If this kind of work is done right, makes it impossible for most (or sometime all) attackers to bypass the system. But it's rarely done right.
 
Back
Top