FBI issues car-hacking warning, tells drivers to keep their cars' patch-levels current


#1

[Read the post]


#2

That’s good advice and all but what about the other cars on the road? How can we be sure they are safe?


#3

News flash: FBI is concerned that cars are insecure.

In other news, FBI is concerned that phones are secure.


#4

You know, like how you always get your oil changed every 10,000 miles and always get your tires rotated on time. And how you never leave a taillight out until you get a warning from a cop. Like that.


#5

I can only get updates from the dealer, and the dealer charges hundreds of dollars for them, so I will just have to take my chances. I’ve got better things to do with my money than pay $600 for a new nav system DVD, or $400 for an update to the BIOS in my fuseblock (yes, modern fuseblocks can have BIOSes, and aren’t necessarily interchangeable with physically identical fuseblocks).


#6

I will keep my '58 Chevy running for the foreseeable future, so I don’t have to buy a new car and start to worry about this.


#7

If this is a safety isue then updates should be free just like recalls.


#8

So I guess driving the damned thing anywhere of use is out of the question then.


#9

The FBI and DOT’s advice includes keeping automotive software up to date
and staying aware of any possible recalls that require manual security
patches to your car’s code

Push it to the consumer. I suppose they’ll keep it just as up to date as their home router firmware. You all update your router firmware, right?


#10

Best argument to not bother with all this crap. I don’t want to have to be vendor locked in just ot make sure some script kiddie can’t treat my car like a giant RC toy with his douchbag phone.

Technically it’s the teleco’s and not mine so I’m not allowed to. However I have full intent on getting a router and putting Tomato on it. Mostly because I can and it gives me more options for administration.


#11

If it was offered by the manufacturer sure. I really should tomato the thing. How long will the car companies provide updates? Cars last a lot longer than pcs. Should I have to buy a new car because oh 7 years later they just don’t patch things anymore?


#12

Congratulations, Just to keep the script kiddies at bay you are now on a five year rotating lease system whre you don’t own the thing.


#13

That’s one of the interesting things being discussed in IoT. When you have things like refrigerators and other “durable goods” that are supposed to last multiple years, but everyone expects their tech to be the newest latest yearly.

What happens now when you jam a computer in the fridge? Maybe they make them modular so you can replace the tech but keep the main body? I’m personally in no hurry to computerize my refrigerator, but manufacturers all seem to be jumping on the bandwagon.

If it was offered by the manufacturer sure.

As long as the new FCC rules that got TP Link to stop allowing open firmware don’t start causing other manufacturers to go the same way it shouldn’t be too hard to replace with something else (Tomato, OpenWRT, DD-WRT, etc.)

It’s probably a better option anyway because the consumer router manufacturers have no liability if anything goes wrong, and consequently most of their firmware is crap to begin with.


#14

I clicked on the “update firmware” button on my P-O-S Verizon-supplied Actiontec router (which I was running because She Who Must Be Obeyed needs the MoCA bridge) and it bricked. And I don’t mean that in a hyperbolic Internet forum way, I mean it literally and permanently took on the functions and usefulness of a brick.

Luckily I already had a spare cadged from a friendly Verizon tech a year before, but it still made me pretty upset. I have one of T-mobile’s free Asus routers at the incoming link now, and the Actiontec is hidden behind it just upstream of the STB that needs MoCA. The Asus I can easily keep patched.


#15

Whatever you do, don’t drive your car in public!


#16

Wait… what’s that sound? It’s like a thousand automotive executives suddenly getting massive erections at the thought of planned obsolescence for automobiles…


#17

Or you could just simply not allow wireless connections to the car controls and have a tamper evident port for access and even then that is not gonna stop professional bad guys from doing things.
Or just figure that you know somethings really don’t need to be computer controlled because of this very reason.


#18

Bought a new car a few weeks ago, wanted to see if my radio could be updated to work better with my phone and found that there was a hack on mine that was from the same central system in the article. My dealer wanted ??? to update it as they claimed it wasn’t under warantee – I don’t remember the price, but I really wasn’t willing to pay for something that should be a free service anyways. Ended up finding a Youtube video on how to do it – and was FAR FAR FAR easier than the instructions on the official website (i.e., download the firmware…unzip it…no no no don’t unzip the zip files in the main zip…throw it on a 4GB flash drive with nothing else on it…turn on car). If I had followed the instructions, I would have bricked my car :frowning:

How is bricking your own car even an option???


#19

WTFF? A new car and fixing b0rk3d things on it is not under warranty? Seriously?


#20

It would be really smart to put the controls and the entertainment system / coms on completely separate networks, but auto manufacturers have already started down the path of least resistance. (Hey we’ve already got a CAN bus, so we’ll just stick everything on top of that. ) The tricky bit is going yo be figuring out how to make them feel responsible enough to start doing things right.

I think the liability issues in the auto industry are going to be a more persuasive argument for manufacturers than in other market sectors. I’m not too optimistic beyond that though, considering how slowly other industries have corrected for bugs.