US Wants Cybersecurity Protection Plan For Cars 87
coondoggie writes "As cars and other forms of transportation increasingly rely on online systems for everything from safety to onboard entertainment, the cybersecurity threat from those who would exploit such electronic control packages has also increased. That's why the US Department of Transportation (DOT) today issued a Request For Information to the security industry to help it build a roadmap to build 'motor vehicle safeguards against cybersecurity threats and assure the reliability and safety of automotive electronic control systems.'"
Re: (Score:2)
These days the car companies aren't bribing the government. The government is bribing them to stay in business.
What other sector is the government giving $500M of free research to? Birth control? Feeding the poor? Improving schools? Sorry - not priorities.
Re: (Score:2)
kill switch (Score:5, Insightful)
Re:kill switch (Score:5, Funny)
No, they'll put in multiple switches and call it a Death Panel.
Re: (Score:2)
Re: (Score:1)
How about "Don't connect the vehicle electronics to any internet connection" for starters. Even if it costs an extra $0.05 over sharing a few transistors.
Of course, if they can't do it for nuclear power stations, why bother with cars?
Re: (Score:2)
You mean it will be no different than any other "security initiative". Meaning, that of course they want it to be as hack "proof" as possible, but allow law enforcement to have access at will.
I don't care how much you polish up that turd, how much lipstick on the pig, etc., you will never convince me that access by law enforcement cannot be misused and commandeered by either military forces in time of war, or criminals in search of profit.
The only security initiative worth discussing that is actually valua
Re: (Score:2)
what would make them even safer is (Score:2)
Re: (Score:2)
You don't need to go that far. Networking can be very useful in a car, for the navigation/entertainment/communcation system. Why have a nav system where you have to buy updates on DVD for $300 every year, instead of just downloading them for free whenever you're connected to a WiFi hotspot?
The key is separation. The nav/comm computer does NOT need to be connected to the engine computer. The engine computer should be a separate system running a small RTOS, and dedicated solely to the engine management (a
Re: (Score:2)
Why have a nav system where you have to buy updates on DVD for $300 every year, instead of just downloading them for free whenever you're connected to a WiFi hotspot?
I can assure you my city (>1 million people) doesn't change THAT often.
Re: (Score:2)
No, but the whole country (assuming USA) does. New roads get built all the time. Who wants to be out-of-date with their nav system?
There's plenty of other applications for network connectivity, both now and in the future: downloading music or movies, videoconferencing, etc. Who knows, as we've only started putting these kinds of systems in cars.
My point is that it's not that hard to separate a networked computer from the system(s) that handles safety-critical functions.
Re: (Score:2)
Also, it is worth pointing out that is just complete utter fucking bullshit.
$300 for a DVD?
Considering how much they were paid, it is not beyond reason to receive free DVD updates in the mail. If you paid $3000 to get the NAV system in the first place, I am pretty sure that about $50 bucks of that will easily cover replacements for the life time of the vehicle.
Charging you is just another way for them to gouge money out of you. It's also a strong incentive to pirate the crap out of it or install a system t
Re: (Score:2)
I wasn't kidding about the $300 DVD. That's exactly the way Volvo's factory navigation systems work: the systems themselves are 5+ years behind the state-of-the-art seen in typical handheld systems from Garmin or TomTom as far as the navigation, graphics, UI, etc. On top of that, to support updates, there's a big-ass DVD drive in the glove box, taking up most of the glove box, just for the update discs. The updates cost $300 from the dealer.
This isn't unusual in the industry. Other cars I've seen are si
Re: (Score:2)
Re: (Score:2)
What happens when it is 9 billion degrees outside and I want my shiny iPhone BMW application to turn on my car and start the air conditioning?
Having the engine and drive systems completely separate is a great idea, but one that fundamentally precludes features that will actually sell the technology.
Unless you create an A/C system that can work independently from the car itself, you still have the same problem.
Re: (Score:2)
Define "completely separate". You can already remotely start cars just by pressing a button on a remote control, and that doesn't involve interfacing computers at all, it's just one small computer (which handles the radio control) activates a relay to start the ignition. This isn't rocket science. Adding a relay module to an "infotainment" system so you can start the car from your iPhone would be exactly the same. It wouldn't be hard to eliminate the relay and have a more direct connection too, just by
Re: (Score:2)
You missed half my point.
Security is maintained if you turn the car on... but what about malicious activity?
Can you imagine a prankster turning on a big lot of cars at the same time? Run for a couple of hours and it will be quite a bit of gas wasted.
So completely separate to me means that there is no way to manipulate the engine and drive control systems, either to turn it on, kill the engine, alter programming, change destination, etc.
I was also considering malicious activity, including kill switches.
If y
Re: (Score:2)
Because people like having remote door lock/unlock, remote engine start, tire pressure monitoring, push button start (instead of a key). All that requires some kind of wireless networking. And almost everything inside the car is on some kind of network (CAN bus). All those buttons on the steering wheel (cruise control, radio controls, etc) are just devices on a network. Door locks and window motors are devices on a network. Same with climate controls, entertainment system, etc.
Re: (Score:2)
Indeed, it'd take two wars against the Cylons for us to give up our networked devices completely.
Re: (Score:2)
And if you consider the encryption on the remote door lock to be secure (and it is), that network is a physically secure private one. There is no wireless involved apart from those damn remote door locks, and the TPMS, although that is a simple one-way radio system that is also encrypted on newer models IIRC. The entertainment system's controls tie in but the system itself doesn't, unless it's OnStar, and if you have OnStar in your car you have way bigger security and privacy issues to worry about.
Re: (Score:1)
Re: (Score:2)
Wow, I knew the crypto had been broken in 2007, but I didn't know they still hadn't updated it to this day.
Yet another reason to avoid keyless entry.
Re: (Score:2)
Exactly. The car's driving systems should be airgapped. Simple. End of problem (that didn't exist).
Re: (Score:2)
Just simply don't do OnStar type idiocies.
It's not hard... Don't do anything that's easily remote hackable on the car, whether it's ignition control, door locks (Key fobs are a nifty idea, but are they as secure as they could be?), or the like.
ugh (Score:2)
Re: (Score:1)
Better Idea (Score:5, Insightful)
Why so much integration? (Score:4, Insightful)
It seems to me there's really no inherent danger in adding wireless networking and other new electronics technologies to our vehicles. A big part of the potential problem stems from the insistence of auto-makers to integrate everything into ONE common system. For example, my 2007 Jeep Patriot 4x4 uses a CANBUS interface as the central communications bus for practically all of the electronics in the vehicle. If you try to swap out something like the factory headlights with an aftermarket set of HID lamps? You're likely to run into problems, because the system senses less electrical resistance on the headlight circuit than it expects, so it makes lights blink on and off in an "error" pattern. You can't successfully change out the factory stereo with an aftermarket one either, without spending $150+ more for a CANBUS module to plug in behind it, so the computer system communicates with it as it expects to see it. Other factory accessories won't work properly either, until the Jeep is taken in to the dealer and the firmware re-flashed with a version that has those features "enabled" in it.
If things like wi-fi in the car are only interfaced with the stereo/media center, and that system is independent of the computer handling the engine, transmission, etc.? Hackers won't be able to do a single thing that directly affects the safety or performance of the vehicle. They'll only be able to mess up your in-dash entertainment system.
Re: (Score:2)
Except you already have wireless gear that's hooked straight to your ECU. Things like TPMS (anyone remember this little gem [networkworld.com] from last year?), vehicle remotes (start/doors/windows/trunk/etc), OnStar-style services, and the like are all things we know can communicate directly with the ECU. And automakers aren't likely to start trying to secure or separate these systems further because it will affect their bottom line. No, we're stuck waiting for the day that someones Pontiac becomes a Pwntiac and slams them i
Re:Why so much integration? (Score:4, Informative)
Yeah, but that's actually kind of my point in my original message.... These systems should be INDEPENDENT of the ECU in most cases. Vehicle remotes for starting the engine, opening the trunk, etc. don't worry me as a huge problem. I can't really see why they require any direct communications with the ECU (though they probably do simply for cost-savings reasons in many cases)? But really, those things are fairly basic; System listens for command and does ONE specific function of turning a switch on/off. If you succeed in hacking into it, what does that get you? Remote starts should be essentially disabled/non-functional while the engine is actually running and the car is in gear, so you shouldn't be able to just shut the engine off while someone's driving. Being able to open their locks means you can physically get into the vehicle while it's not moving -- but that's just a security issue, no different than being able to make a skeleton key that opens the doors/trunk.
Things like On-Star? Yeah, much more of a potential issue since they do implement "kill switches" that can be triggered remotely. So far though, I've never heard of one being mis-used -- only positive stories of killing engines to recover stolen vehicles. So I'm not sure exactly how much or little security they already use in that particular system? (Hyundai is coming out with "Blue Link" on some of their vehicles, which implements something similar.)
Re: (Score:2)
Things like On-Star? Yeah, much more of a potential issue since they do implement "kill switches" that can be triggered remotely. So far though, I've never heard of one being mis-used -- only positive stories of killing engines to recover stolen vehicles.
Maybe that has something to do with On-Star's marcom group not putting out press releases when they mis-use a "feature". I will never own a vehicle that has On-Star in it.
Re: (Score:2)
So long as they've got a means to look up your car and do these sorts of things, OnStar can be hacked into and the black hats can do the same things that we're talking about being mis-used.
I drive a stick, you insensitive American clods! (Score:2)
Re: (Score:1)
Yeesh, sounds like they should rename it to CANTBUS.
Re: (Score:2)
For many years I've been planning to build my own car, recently the possibility of 3D-printing the body panels in ABS has really spurred my enthusiasm (forming the body panels from fiberglass is traditionally the most awful PITA part of the process).
I've backed off the plan a bit recently because I'm waiting to see if the Scion FR-S will be any good, if it's not, well I'll feel good about building my own.
Cyber-Security for Owls Being Called For (Score:2)
I demand that our government immediately convene a blue-ribbon commission to survey and understand the cyber-security of Owls. It is long-past time for our government to recognize this clear and present attack vector. Imagine the carnage: Terrorists take control of owls and deafen us with incessant daytime hooting. Or disrupt our sleep with all-night hooting. Or just crap all over our cars and cost us millions in extra car-washes.
Re: (Score:2)
Actually, I have a spare owl rock that I will sell you for $500 if you are interested.
Re: (Score:2)
"Lisa, I want to buy your rock."
With apologies to Homer Simpson...
Don't connect them to the internet and use ROM (Score:2)
At least for autonomous vehicles.
Re:Don't connect them to the internet and use ROM (Score:4, Informative)
Just because your code is in ROM doesn't mean you can't be hacked. Your stack is still in RAM. If you can find one little exploit that lets you put as little as, say, 12 bytes onto the stack, if you know everything that's in the ROM, you could repurpose the existing ROM code to do whatever you wanted [grc.com] by calling the tail ends of existing functions.
On that link, search forward for "Because they knew this was a voting machine, security was paramount. They made it so that it was impossible to execute code from RAM. They thought, there's no way, there's no reason that anyone has a legitimate reason for executing code from RAM" and read from there. Yes, it's long. Get the MP3 if you'd rather listen.
Microsoft automotive security essentials (Score:2)
New Battlestar Galactica fans? (Score:1)
And I want a bucket of snot (Score:2)
its bound to be as equally effective to protect your dumbass web cars
Cyber-cyber-security. (Score:3)
I am electronically typing this on my electronic keyboard and viewing this cyber-page with my electronic monitor. Thankfully, after a real-day of complete cyber-bullshit, I relax with my dead-tree-books on my physical-leather couch in my real-house in the real-world.
The real cyber-question is whether or not this cyber-rant is virtual pontification or just more cyber chat. I'll get on my AOL and go AskJeeves it and see if I can find a GeoCities page that describes proper usage of 90's buzzwords that are used way to cyber-much.
There's already a model for solving this problem (Score:1)
There's really no sense in worrying about anything in a car that's not responsible for the actual driving of the car. If the computers that control engine timing, or braking, or airbag deployment get hacked, that's a problem. If the entertainment system gets hacked, and somebody maliciously transfers some Michael Bolton mp3s to your sound system, it's much less of a problem. You simply need to isolate the systems. Cars already have multiple internal computers, so it's not like this requires splitting on
Re: (Score:2)
Microsoft Sync = LOLs
Re: (Score:2)
> there's no reason for that to ever be even technically feasible.
Google "OnStar remote kill switch"
Re: (Score:2)
> There's really no sense in worrying about anything in a
> car that's not responsible for the actual driving of the car.
We worry about our desktop PCs, laptops, smartphones - why should we worry less when the computer's embedded in the car?
Here is a start: (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
My first thought was that carmakers just need to leave the sensitive/important control elements of a car decoupled from those which are network-enabled. I believe that airliners are designed similarly
And you would think that car manufacturers would feel the same way. However, car manufacturers produce more cars than airplane manufacturers produce airplanes. And saving, say, $10 per car by having one network that handles everything is a good thing. Besides, it makes it easier to do things like starting your car from your iPhone which is cool.
Re: (Score:2)
Agreed. I have no problems if you want to put any sort of electronic or wireless system in my car, but it needs to be completely electrically isolated from the parts of my car that I need to drive. Assume that an attacker will pwn everything else, and can go so far as to manipulate power draw or create an electrical short. None of that should affect my ability to drive. If you want to send information like speed to the other systems, create a one way data path and use an optical connection.
My cybersecurity protection plan (Score:2)
Keep driving the old clunker
The real reason for this being.. (Score:2)
The ability to track, monitor, bug & ultimately seize control of any passenger car in the "land of the free"!
Glad I drive a 66 Bel Air wagon, go ahead, make my day!
Nope... (Score:1)
...this is not a way to get a government black box in all cars at all. Nothing to see here folks.
Re: (Score:2)
...this is not a way to get a government black box in all cars at all. Nothing to see here folks.
No, it's not. The government black box is, for all intents and purposes, already in the car. This is to get systems set up so that the government can log in and download info from the black box whenever they want.
Fix the damn roads and rails (Score:2)
There is a model-T that still runs in my area (Score:3)
There is a model-T that still runs in my area. I've seen the guy a few times in the grocery store parking lot, and cruising about the retail district. I'm pretty sure cybersecurity is not a problem for him.
In other words, the solution is: Duh! Cars don't need to be on any stinkin' network.
Re: (Score:2)
There is a model-T that still runs in my area. I've seen the guy a few times in the grocery store parking lot, and cruising about the retail district. I'm pretty sure cybersecurity is not a problem for him.
In other words, the solution is: Duh! Cars don't need to be on any stinkin' network.
Exactly what I was going to say!
Until we have cars that can fully auto-drive without any driver intervention, all that electronic junk is basically unnecessary and if it poses a problem, junk it.
Cars ran fine back in the day (no need to go that far back, the 50's and 60's had great cars too with zero electronic junk in them) and there's no reason they can't do that again. Maybe on a different fuel but still just a basic combustion engine that Ford himself would be able to fix, should it break down.
The smart / auto drive cars will need a very good (Score:2)
The smart / auto drive cars will need a very good plan as a hack then just hack them and trun a auto drive road in to a big pile up or cars or maybe just shut down the road system.
I think you might be missing something... (Score:2)
Each time this rubric gets spouted, it's a sham trying to hide another attempt to control the public.
So while they're "protecting you from cyber criminals" they'll also be monitoring your driving, your destinations, etc. All the better to protect us from "terrerists or child molesters.
It's just accidental, you know - to verify you're not being hacked they'd need to know what you're doing, right? And you'll buy in and feel so much safer - until the insurance companies start subpoenaing this evidence and the