Car information security is a complete disaster -- here's why


#1

Originally published at: http://boingboing.net/2015/08/23/car-information-security-is-a.html


#2

Broken <p tag on line 322, @doctorow


#3

Fixed! Thanks.


#4

Why does everything have to hang on one single unsecurable bus?

Can’t the mission-critical things with minimal attack surface be on one, the entertainment systems and other disposable crap that’s like targeting a barn door on the other, and a good firewalling, with packet data validation on whatever gets through, between them?

Engine and brakes and air bags should be in a well-secured, well-armored network. Stuff like MP3 player and navigation has next to no safety consequences if compromised. Dashboard with its controls and indicators is somewhere in between, may deserve its own demilitarized zone, with some of the controls belonging to the secured zone, hardware-separated from the rest.


#5

The point is that even if we can unwind the worst of the design decisions and put car design on a better footing, that “well-armored” network will still have bugs, because all systems have bugs (cf openssl). Which means that the culture of obfuscation, silence and opacity that reigns at the car makers will still turn your car into a casemod deathtrap.


#6

That’s what compartmentalization is for.

So as much as possible has to be open, or opened, with or without the car makers’ will.

We need better reverse-engineering and code visualisation tools, inter alia

The CAN bus is relatively simple, and if all the critical devices cannot communicate by other means, we can make the things safer by controlling what goes there and auditing the communication. The relative simplicity and lack of encryption is good here for reverse-engineering the formats of the messages of the individual devices.


#7

Some day I’ll be going down the highway and the trooper will pull me over, and when I say no, I don’t know why he pulled me over, he’ll say, “You’re listening to an illegal download of a copyrighted song…”


#8

So we have car manufacturers who did not benefit from Jewish slave labour, and whose who do not divulge conceded fundamental design flaws to their dealers because of warranty concerns.

This is more of the same. Will a global audience change anything? Nope. A potential government can be proven to be compulsive and habitual liars, but the electorate does not read boingboing. You can fool most of the people most of the time.

We need an “open source” car that costs less than a honda C50, is more reliable than a honda c50, and outperforms a ferrari.

A bicycle achieves two of those objectives. The c50 took over the world, and the third is achievable.

Nothing is going to change until we crowdsource a new car?

C>.


#9

It surprises me, come to think of it, that we never see a corporate spokesbeing show up in these comments saying, “hold on, that’s a huge distortion of the situation.” It might be that BoingBoing never distorts things, or shows only one side and amplifies problems until they’re almost unrecognizable.

But just on the tiny chance this site ever got the emphasis a little wrong… where is Chrysler? Shouldn’t they be defending their cars on the internet? I mean, BoingBoing isn’t an obscure GeoCities site. Occasionally we see somebody who looks like a sock puppet, but they really should be paying somebody to fight back.


#10

My '68 Camaro looks better and better…

I listened the other day about a couple of security experts who were able to remotely take over a Jeep using a burner cell phone, including radio, windshield wipers – and brakes! Honestly, brakes? While having your car hacked is unlikely, so is having a serious accident. Just because the chances are remote doesn’t mean we should gloss over the problem. I understand the concern of automakers, particularly their marketing departments, who don’t want to scare away customers. But haven’t we learned that transparency is the right long-term play?


#11

Those whose morality and ethics are informed solely and completely by bloodless bean counters have not learned that lesson, and they never will until the penalties for their fuckery are so astronomical that the bean counters have to include an “honesty pays” factor into their calculations.

Also:


#12

The ODB II port is great. An always-on direct link to Wu Tang. So what if it’s unsecured?


#13

I’m sure the answer would be apparent if your paycheck was dependent on making both the marketing and the accounting people in a car factory happy.


#14

And this method, Like OBD, of requiring a physical plug-in or switch-on would solve many problems in the security of mission critical functions. Bluetooth handsfree can stay software/wireless switched but not airbags.
OBD is great because it is an open standard, this other stuff could be great too as long as it stay open and uses good crypto and not hard to use obfuscation to secure itself.


#15

All this talk of killer cars just makes me think of…

This would make a great plot to a modern action thriller, with a terrorist organisation taking over the nation’s freeways with remotely controlled hordes of killer cars. I’m thinking George Miller for the director… maybe I should pitch this to Vin Diesel for Fast & Furious X.


#16

Given that a lot of cars these days have built-in GPS, microphones (for phones and voice activated commands), hard drives and sim cards, I’m surprised I haven’t seen any hacks to turn cars into monitoring devices. A firmware update might be all that is needed to record every conversation in a car and then transmit it to anywhere else on the planet.


#17

There was a case a few years ago where the OnStar in some person’s vehicle was hacked/repurposed on the onstar with (or without?)warrant by the feds to listen to everything in the car. Te defense tried to get the evidence thrown out as it had been the owner who paid for the service and the service had been surreptitiously denied him to enable the spy function. I believe this legal tactic did not work out for the defense.


#18

http://wikispeed.org/


#19

If you see it then you know it’s there…


#20

Considering that GM sat on the malfunctioning ignition switch problem that it knew was killing people for something like eight years, it looks like the answer is no, or that ‘we’ is too inclusive of amoral profit seeking entities.