Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Transportation IT

Intel Team Takes On Car Hackers 153

nk497 writes "Intel has set up a team of McAfee researchers to protect computer systems in cars, hiring Barnaby Jack — the researcher who forced ATMs to spit out cash and cause medical pumps to release lethal doses of insulin. Bruce Snell, a McAfee executive who oversees his company's research on car security, said the car industry was concerned about the potential for cyber attacks because of the frightening repercussions. 'If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening,' he said. 'I don't think people need to panic now. But the future is really scary.' The move comes as Ford and other car makers start to invest in ways to keep car code secure."
This discussion has been archived. No new comments can be posted.

Intel Team Takes On Car Hackers

Comments Filter:
  • Interesting readings (Score:4, Informative)

    by Anonymous Coward on Monday August 20, 2012 @10:03AM (#41054879)

    http://www.autosec.org/publications.html

  • by Scareduck ( 177470 ) on Monday August 20, 2012 @10:04AM (#41054883) Homepage Journal

    Don't like the government-mandated shutdown of your vehicle in certain areas (i.e. your self-driving car will refuse certain destinations)? We'll make sure you can't hack the nav system.

    • A more likely short-term motivation is that they want exclusive ability to sell expensive repairs and required-for-maintenance devices.

      • by Miamicanes ( 730264 ) on Monday August 20, 2012 @10:36AM (#41055291)

        Not to mention the ability to charge for different levels of performance using the same underlying hardware, kind of like ATI & Nvidia do, and Intel was planning to do with their value-priced CPUs.

        Here's an easy way to tell whether they're doing it for "safety", or just to increase their own profits -- if they give copies of the security key to end users, their motives are probably good. If they won't even give the code to mechanics, and force field replacement of expensive parts that could be repaired if the mechanic had the code, then they're doing it for their own benefit. It's just like UEFI. If I have a copy of the key, it's awesome. If the only copy of my key is held by Microsoft or Sony, it's a shameless pwnage of my consumer rights whose physical and political defeat is a moral imperative.

        • by CanHasDIY ( 1672858 ) on Monday August 20, 2012 @11:58AM (#41056341) Homepage Journal

          Here's an easy way to tell whether they're doing it for "safety", or just to increase their own profits -- if they give copies of the security key to end users, their motives are probably good. If they won't even give the code to mechanics, and force field replacement of expensive parts that could be repaired if the mechanic had the code, then they're doing it for their own benefit.

          Oh, they'll give it to the mechanic's, alright - that is, the one's who work for their dealership.

          Cars have actually been going that way for years, in a shameless attempt to kill of independent shops and shadetree mechanics; the process goes like this:

          - new model of Car X comes out
          - new model requires a special tool for trivial adjustment, i.e. toe adjustment on the steering wheels
          - manufacturer patents the tool, so only they can make/sell it
          - manufacturer refuses to sell the tool to anyone other than one of their own branded shops
          - customers are forced to take Car X to the manufacturer branded dealership to have trivial repair made, at more than double what it would cost for an independent shop to make the same repair

          Source: One of my many trades (one, specifically, that I actually have an education in) is 'auto mechanic.')

        • I think this is the first time I've seen anybody do a computer:car analogy in reverse on this forum.
        • Not to mention the ability to charge for different levels of performance using the same underlying hardware, kind of like ATI & Nvidia do, and Intel was planning to do with their value-priced CPUs.

          They already do this to an extent, it's called chip tuning [wikipedia.org], and it usually costs a couple hundred bucks for a high-performance shop to do it. Or you can buy a plug-in chip or your own programming device [sctflash.com], but these are pricey too.

          How I miss the days of timing lights, carburetors, and cars that actually let you tinker with them on the weekend...

          • How I miss the days of timing lights, carburetors, and cars that actually let you tinker with them on the weekend...

            That's one reason, I'm currently looking to relive a bit of my childhood...and try to buy an older muscle car.

            I'm currently looking at '74-'76 Trans Ams, 455cu 4-speed....something of an old school torque monster. Nothing much but an engine, and drive train to play with. And as long as you aren't trying to go back further and get a SD-455....the prices aren't that bad.

    • by slick7 ( 1703596 )

      Don't like the government-mandated shutdown of your vehicle in certain areas (i.e. your self-driving car will refuse certain destinations)? We'll make sure you can't hack the nav system.

      It's more like not letting the parameters being altered so as to run on water. One for BIG OIL.

  • Its almost as if you'd want a system that only ran signed code...
    • Re: (Score:1, Funny)

      by Anonymous Coward

      That solution is too easy. They brought in McAfee researchers because they want a 30MB solution that will continuously scan the car software, causing unpredictable hiccups, pop ups, and all that good stuff.

    • by gr8_phk ( 621180 )
      That already exists. For a number of systems in cars, the bootloader requires proper authentication to flash new code.

      So long as they keep the "infotainment" systems off the vehicle bus everything should be fine. However, there are some nice things that can be done if these devices can talk to each other....
      • That's the main thing. Devices that are irrelevant to essential system services, like sound systems, climate control, phone and WiFi, should be kept apart from the central processor.

        If they need to communicate at all (I would argue no), it should be in one direction only: control signals from the main processor outward, with nothing in the other direction except for hard-wired feedback such as "Yes, I am turned on." By that I mean: they should be separate hardware systems with their own specialized softw
        • by clodney ( 778910 )

          That's the main thing. Devices that are irrelevant to essential system services, like sound systems, climate control, phone and WiFi, should be kept apart from the central processor.

          If they need to communicate at all (I would argue no), it should be in one direction only: control signals from the main processor outward, with nothing in the other direction except for hard-wired feedback such as "Yes, I am turned on."

          Seems more complicated in real life - my car has a very nice display in the dash, primarily for the nav system. But that is also where I check the oil, and the tire pressure, and change various settings. So the display and its associated controls are shared devices. To keep the isolation you want the interface between the devices has to be broader, increasing the attack surface, or you need to find room for a whole bunch of controls, instead of using the very nice display already in the vehicle.

          • " So the display and its associated controls are shared devices."

            Fine. But it doesn't have to be part of essential systems control. It can share some inputs (oil pressure, etc.), but there is no reason to combine it all with the essential control of the vehicle (engine timing, abs, auto braking, etc. etc.)

            There are very strong system design reasons to keep them separate. As mentioned before, those reasons include bugs and security vulnerabilities.

          • "To keep the isolation you want the interface between the devices has to be broader, increasing the attack surface, or you need to find room for a whole bunch of controls, instead of using the very nice display already in the vehicle."

            That is not true at all. Sharing hardware inputs does NOT "increase the attack surface", and very nicely isolates the systems. You can still have control FROM your essential core system to the peripherals, just not in the other direction.

            You can still have a "central control" for most of your car's systems, it just doesn't cross over to the core system that has to do with driving, engine control, and safety.

            Yes, there is a bit of redundancy there, but not much.

          • Pardon the multiple replies, but this is basically what I'm talking about (without going into unnecessary detail):

            You have a systems feedback bus, which contains information like "the headlights are on", "the stereo volume level is X", "the temperature control is set at 70 degrees", and "internal cabin temperature is 60 degrees", "current speed is 70 mph", etc.

            These inputs can be shared by both your peripheral control system and your core "engine and driving" system... without combining the two.

            How
      • Wasn't this one of the big plot points in Battlestar Galactica? Fortunately my (Dodge) Viper has practically no computing power at all.
    • Its almost as if you'd want a system that only ran signed code...

      And only ran signed code that was verifiably resistant to unexpected or undesired behavior in the face of maliciously crafted input...

      Just plain installing and running a malicious binary certainly is a handy; but the world is rotten with bad things being done, entirely with unintended features provided by officially installed legitimate programs that have taken a bite of malicious input...

  • not let a computer drive your car. They've been doing this for years, and it works pretty well. Problem solved.
    • Or you could use a horse and carriage. They've been doing this for years, and it works pretty well. Unless of course the "problem solved" to which you refer was related to efficiency, performance, reduction of emissions, etc. in which case the problem isn't so solved by your solution after all.
      • by drewco ( 1631735 )
        Yes, because a mostly analog computer (with only a couple inputs) controlling the fuel, timing, and emissions have everything to do with steering, brakes, etc. I must have missed the part where tying all of these things together with a neat touchscreen interface, hard drive, USB port and an internet connection improved efficiency and performance.
        • You're right. You missed something. In fact you pretty much missed it all. Welcome to 2012. You can find out more about 2012 and the developments that have happened in the auto industry here [google.com].
          • by drewco ( 1631735 )
            Google has just informed me that the year 2012 is magic, and because of this, stuffing cars with extraneous computers and cup holders actually does make them more efficient and boosts their performance! Wow!
            • "Yes, because a mostly analog computer (with only a couple inputs) controlling the fuel, timing, and emissions have everything to do with steering, brakes, etc."

              Dear Moron:

              Having a computer control the breaks reduces wear and tear and increases fuel mileage, as well as decreasing the chance that a driver will die in a car accident. This is but one example of how phenomenally clueless you are.

    • by moeinvt ( 851793 )

      I highly doubt that you can even buy a car these days that doesn't contain dozens of microprocessors and microcontrollers exercising all sorts of software.

      I actually think it would be cool if you could buy a decent car that didn't use this type of technology. A car where you could be reasonably sure that you couldn't be tracked or shut down by the government. Also, something that would remain largely functional or at least something that could be repaired with basic mechanical tools after an EMP event.

      Cal

      • Call it the "Ford Paranoia" or the "Chevy Technophobe".

        I find your ideas intriguing and would like to subscribe to your newsletter.

      • by drewco ( 1631735 )
        I think the problem is everyone wants a bunch of creature comforts in their car (and they are kind of a status symbol, at least in The States). Then there is marketing, because hi tech stuff is cooler (and it is). Also, safety standards and mandates sort of push the need for all of this extra gee-wiz stuff too (daytime running lamps + mandatory traction control). Let's not forget the mileage thing too.... Anyway, I'm with you, I think that a reasonable blend of hi and low tech could be achieved, but ther
  • Uh huh... (Score:3, Insightful)

    by Hartree ( 191324 ) on Monday August 20, 2012 @10:13AM (#41054979)

    Sounds like the auto makers are getting tired of individuals being able to change their own cars engine/transmission settings, and or, do fixes that usually require paying the dealer.

    Congress mandated an open set of engine/car diagnostic codes due to them not releasing service information some years back. Sounds like they're investigating the possibility of re-imposing something similar via "security" concerns.

    "Think of the children that could be put at risk if $evil-auto-hacker isn't protected against!"

  • Those that can hack these systems will hold their best exploits until they need them,
    want to get famous, or just for the lulz. Nothing has changed, this was a problem from the beginning,
    signed code or not (that is a step in the right direction though IMO).
  • by iamgnat ( 1015755 ) on Monday August 20, 2012 @10:13AM (#41054983)

    I played with having a computer in my car for a few years and it is shocking what you can do once you have access to the CAN bus. I mean it's cool that I can plug a device in and program it so that it will catch the commands from my window switches and have them instead activate my blinkers, but that (theoretically as far as I know) a compromised update to your radio could let it do the same thing is a bad thing and that there is a growing trend for cars to be more connected (e.g. wifi hotspots, etc..) is outright scary.

    Maybe they could start by separating networks for the critical functions and entertainment systems. The only possible access to the critical systems should be by a physical connection. They don't need (bad) software security experts to help solve this problem. They need good network architects. It shouldn't simply be a matter of the engine verifying that the "more gas" command came from the ECU and not the radio. The radio should simply never be able to get a message to the engine without wiring changes.

    • by vlm ( 69642 ) on Monday August 20, 2012 @10:23AM (#41055131)

      The radio should simply never be able to get a message to the engine without wiring changes.

      My father's decade old SUV talked to the transmission to control radio volume based on road speed.

      The hard part is making a single RW bus read only in the proper direction at all times.

      Thankfully it didn't run windows so there's no virus issue. But radios and engine/transmission computers have been talking for quite awhile.

      • Thankfully it didn't run windows so there's no virus issue.

        Ha. Hahah, wow, this is... well, just straight up completely wrong. Just because it isn't Window's doesn't mean it can't get virii or other malware, not by a long shot. But anyways, even assuming you want the radio talking to the transmission, it should be a one-way communication: the radio shouldn't be able to send the transmission commands. It's odd to think of needing a firewall on your car, but with that's definitely needed for a situation like that.

      • It likely used a wire sending a speedometer pulse signal from the instrument cluster (usually a sine wave). The same signal is used for cruise control. No CAN-BUS needed.
      • by ceoyoyo ( 59147 )

        "The hard part is making a single RW bus read only in the proper direction at all times."

        That's not hard at all. If you want to be really sure you use an optoisolator.

        • by vlm ( 69642 )

          "The hard part is making a single RW bus read only in the proper direction at all times."

          That's not hard at all. If you want to be really sure you use an optoisolator.

          Doesn't work with I2C, RX needs to send an ACK back, or the TX gets all out of whack and times out.

          From what I skimmed over for canbus it also requires ACKs on a bidirectional bus.

          What I'm getting at is written in deep in the protocol specification there is no such thing as a unidirectional unack'd packet. You could build a sniffer and have "something else" periodically poll and the sniffer could sniff and then your optoisolator-like design would work...

          Maybe a way to rephrase it is at the hardware level t

          • by ceoyoyo ( 59147 )

            Yes, I was thinking of a control line NOT running CAN. A unidirectional CAN bus doesn't make any more sense than a unidirectional TCP/IP network.

            However, you could have a doohickey that talks CAN to the transmission on one side, CAN to the radio on the other, and the link between the two sides is a simple one way signal, optoisolated if you want to make absolutely sure. There isn't really any reason the radio has to be on the same CAN bus as the important stuff except convenience.

    • by slim ( 1652 ) <.john. .at. .hartnup.net.> on Monday August 20, 2012 @10:25AM (#41055155) Homepage

      Not just theoretically -- University of Washington researchers crafted an MP3 that let them at the CAN via the MP3 player: http://www.newscientist.com/blogs/onepercent/2011/03/how-an-mp3-can-be-used-to-hack.html [newscientist.com]

      • by Atryn ( 528846 )
        The as-yet-unpublished research was presented to the National Academy of Sciences Committee on Electronic Vehicle Controls and Unintended Acceleration, established to investigate the safety and security of automobile electronics following the large-scale recall of malfunctioning cars in 2010.

        LOL... or, one manufacturer might use such exploits to create a series of improbable events labeled "malfunctions" which damages their competitor's sales and forces large scale and costly recalls. Hmmm... Industria
    • That's simply poor systems design. You are vastly better off making it distributed.

      There is no way a single processor should be involved in all these things. For example, a sound system could talk to your transmission more-or-less directly (or share input from the transmission, at any rate) without sharing any processor or code with the central control system.

      Similarly, there is no reason that other devices like Bluetooth, WiFi, cabin temperature, phone, and so on should be connected to the main contr
    • by enbody ( 472304 ) on Monday August 20, 2012 @11:51AM (#41056263) Homepage

      Maybe they could start by separating networks for the critical functions and entertainment systems.

      Cars used to have multiple busses, but they unified them to save weight to improve fuel efficiency.

      That is, they chose fuel efficiency over security. Remember, right now fuel efficiency will sell more cars than a more nebulous "security" that few can appreciate (until something really bad happens).

  • by slim ( 1652 ) <.john. .at. .hartnup.net.> on Monday August 20, 2012 @10:14AM (#41054987) Homepage

    McAfee makes me think of AV, and AV makes me think band-aid. Please, please let's not end up with a situation where cars are susceptible to viruses, therefore an AV application scans for viruses. Cars (or at least, the important bits of them) should be secure from the ground up.

    The problem has been that the designers have given computer security no thought *whatsoever*, and applied techniques already well known to security people, too late for some victims.

    For example, the first remote keys were susceptible to replay attacks. Anyone with half a clue about computer security already knew at that time that needed a challenge/response scheme. But keys with challenge/response came later. And keys with sufficiently secure crypto algorithms came later still.

    For example, it's common to have the audio system, the ignition, the satnav, etc. all on the same data bus, with no authentication. From a security point of view, that's a disaster waiting to happen. Researchers have already demonstrated hacking the MP3 player to unlock the doors -- pointing out it's not much of a stretch to having hacked cars unlock themselves and email their GPS location to the attacker.

  • Worked on some of the first Microsoft-based car nav radios, a Windows-CE based auto-specific system. MS was in the mode of "Hey, 3rd party apps are a feature!" and the auto companies were like, "Not gonna happen."

    Not in the land of Congressional hearings and $100 million recalls. You think Facebook dodging the class action suit in that other thread is a big deal, imagine a lawyer trotting broken or dead bodies before the camera because one of the Big Three didn't properly vette Angry Birds: Cruisin' Down

    • by Atryn ( 528846 )

      ...Angry Birds: Cruisin' Down the Highway.

      I prefer a multi-player FPS type game... imagine an augmented reality interface where you can see the virtual turrets mounted on your hood and aim them at other cars logged into the game. You could see those cars taking damage and then eventually being "destroyed". Of course, you also have to watch your six and consider your shield levels as well. If you had passengers in the car, maybe they could man the rear guns or monitor system health and repairs...

      I thi

      • ...Angry Birds: Cruisin' Down the Highway.

        I prefer a multi-player FPS type game... imagine an augmented reality interface where you can see the virtual turrets mounted on your hood and aim them at other cars logged into the game. You could see those cars taking damage and then eventually being "destroyed". Of course, you also have to watch your six and consider your shield levels as well. If you had passengers in the car, maybe they could man the rear guns or monitor system health and repairs... I think I just made family road-trips much more fun...

        sounds awesome, just imagine all the drivers on the highway competing to get line of sight for a good shot...

  • by rolfwind ( 528248 ) on Monday August 20, 2012 @10:14AM (#41054997)

    Needless to say, never connect the critical systems to the internet or to other computers connected to the net. Besides security concerns-- ever since consoles got internet connections/updates, what happened? It started a trend among publishers to have games were no longer tested as rigorously, pushed out the door, and depend on internet updates to fix any issues.

    • by vlm ( 69642 )

      ever since consoles got internet connections/updates, what happened? It started a trend among publishers to have games were no longer tested as rigorously, pushed out the door, and depend on internet updates to fix any issues.

      Most importantly an attempt to eliminate the resale market.

      Perhaps in the future you'll have to register and buy annual (or more often) updates for your car from the app store, and you won't be allowed to change the owner of the car, why the heck would you be permitted to do that, are you some kind of car thief?

      I'm sorry sir your engine computer hardware is yours, but the software that runs on it is only licensed to the original buyer. You can only buy an engine computer software license with the purchase

      • and you won't be allowed to change the owner of the car,

        That's pretty far fetched; unless all the car manufacturers did this at the same time, the sales for those cars with this 'feature' would drop through the floor since they would have no resale value. If all the car manufacturers *did* do it at the same time it would probably be some sort of cartel issue and illegal.

        Much more likely is that you would have to officially update the registration with the manufacturer in order to carry on receiving necessar

    • by equex ( 747231 )
      Needless to say ? It can't be overstated, if you ask me. This is disaster waiting to happen, grab some popcorn after you secure yourself a 20+ year old car in good shape.
    • Anybody read Robopocalypse?
  • Here's a revolutionary way to combat illicit car hacking. It'll blow your mind away.

    Ready?

    Are you sure?

    Don't make the car computer have a wi-fi antenna.

    Groundbreaking, isn't it?
    • by slim ( 1652 ) <.john. .at. .hartnup.net.> on Monday August 20, 2012 @10:21AM (#41055093) Homepage

      Don't make the car computer have a wi-fi antenna.

      There are plenty of other vectors. The keyless ignition system. The remote central locking. The MP3 decoder. The digital radio. With physical access -- direct connection to the bus.

      • If you have physical access to the bus, it's already game over. The rest should all be segregated from the car's central computer, either through a one-way filter (aka a firewall) or simply by not being on the same network. There is no reason the radio should be able to start the car or unlock the doors, and for its part the keyless entry shouldn't be able to disengage the brakes or start the radio (but should be able to start the engine or unlock the car). The keyless system presumably has security already
      • Surely they should just have a physical separation between the busses - one for safety-critical features (Engine, Transmission, ABS, Lighting etc.) and one for entertainment and other 'utility'. If a controller needs to link between the two then it should only support a very limited range of commands, and there should be no direct method for passing a command or data from the 'utility' bus to the 'safety' bus. Ideally these critical controllers should be read-only on the 'utility' bus. These portions of

  • Stupid stuff again (Score:5, Informative)

    by Compaqt ( 1758360 ) on Monday August 20, 2012 @10:15AM (#41055009) Homepage

    Why do car companies feel the need to hook their CD players or whatever into the critical systems of the car?

    How about this: Just mount an iPad (or Galaxy) into the console.

    Done.

    But, no, they want to show you the oil level on a touchscreen instead of in front of the steering wheel. Meaning they have to hook it into the engine computer. Giving attackers an in.

    • by slim ( 1652 ) <.john. .at. .hartnup.net.> on Monday August 20, 2012 @10:33AM (#41055259) Homepage

      Why do car companies feel the need to hook their CD players or whatever into the critical systems of the car?

      Because it's the cheapest way to provide features that customers want, and competitors will deliver.

    • I wouldn't be so concerned if the car computer was only outputing data. That might be fun and useful with few, if any, security risks for most drivers. I do, however, have a problem with my accelerator or brake system being controlled by some external device rather than my hard-wired foot pedal. For what it's worth, many military aircraft are triple-redundant, meaning that your flight stick is primarily fly-by-wire, but in the event of a failure your flight stick is also directly connected to hydraulic line

      • by tlhIngan ( 30335 )

        . I do, however, have a problem with my accelerator or brake system being controlled by some external device rather than my hard-wired foot pedal. For what it's worth, many military aircraft are triple-redundant, meaning that your flight stick is primarily fly-by-wire, but in the event of a failure your flight stick is also directly connected to hydraulic lines to control the flight surfaces, so if all else fails you can put some muscle into your flight stick and control the flight surfaces by wire like a W

      • by ceoyoyo ( 59147 )

        You gave a single redundant system... what are the other two?

        If your doors don't open after a crash it's not very likely your windows will. And windows have this great manual override - they break. you do have something to break windows with in your car, don't you?

    • I always wondered if this wasn't at least partly done to capture the customer's audio system spending.

      Car makers traditionally have been way behind the times in terms of car audio, and even simple upgrades were always really expensive due to the highway robbery prices they charged (since they were nearly always a dealer add-on).

      So you bought the base model radio and then went to Best Buy or wherever and bought a better model, speakers, power amp for less money than the car maker wanted.

      At first car makers s

    • It is not just that, What does Onstar or similar service do? They have 100% full access to the vehicle. They can start it, they can monitor your fluid levels, tell you how to get someplace, etc. This mean you are GPS tracked, and they have full access to shutdown or start your car at all times. I never wanted that system in my cars and I typically find the fuse for the onstar circuit in my car and pull it once the free year (or 3 months) is out. They cannot tell me where I am if they cannot work. All

    • by moeinvt ( 851793 )

      I think it's just one of those cases where the demands for new features and capabilities have created problems that the original spec never anticipated or intended to solve.

      The 'CAN' bus spec has been around seemingly forever. It was developed to solve wiring issues. A single serial data bus which all systems and peripherals could be connected to was a great idea at the time. I'm guessing that it probably just became SOP to tie every new system into the CAN bus and nobody stopped to wonder why the MP3 pl

  • The car manufactures risk being held liable for people stealing their cars through remote exploits. For years now insurance claims have been denied for certain auto theft claims based on the theory that certain types of keys couldn't be replicated. During the interim of course hackers had figured out how hack the key systems and started stealing the cars without the keys.

    Sooner or later the inevitable happened and they got caught on video doing so. I believe there was a story over the UK a few weeks ago abo

  • few months back there was an article here about how car computers are ripe for hacking and everyone said the car companies suck for such crappy security

    now that they are doing it the car companies suck for locking down their cars

  • by ari_j ( 90255 ) on Monday August 20, 2012 @10:34AM (#41055263)
    I am very impressed with a person "who forced ATMs to ... cause medical pumps to release lethal doses of insulin." But why are ATMs and medical pumps connected to each other in the first place?
    • It's that silly new convention where commas are no longer used before "and" -- e.g., "The loud noises make the hamster [twitch and cause] the walls to shake". I'm all for a benevolent linguistic dictatorship, but sadly, Language = Mob-Rule, or at least popularity. When weighing the value of popularity, you can always remember the Mc (*)Billions Served, or turn on the radio.
      • by ari_j ( 90255 )
        That's not the problem. A comma here would actually be wrong. The problem is the use of the wrong form of 'cause' causing a break of parallel structure.
  • We need updates "over the air", without operator intervention! It's too inconvenient for owners to have to come into a dealer for updates, that's unreasonable!

    And it won't allow us to do the updates as often as we like! We're always fixing bugs, so we need the ability to update the software every 6 hours... sometimes even less! Look at Firefox and Windows - how often do they update? It's an industry standard!

    And encryption? That's haaaard! It takes time and effort to implement and it adds no value to the en

  • So that fiery CHIPS officer and his family in San Diego for whom no human amount of effort could save themselves from terror by electronic FAILUNDER comes down to ' its not our fault?' someone reprogrammed the blackboxen?

  • It's got two things going for it

    (a) it's a manual
    (b) it's a TVR

    (for those that don't get (b), you really have to know what you are doing to start one, look up Top Gear for more info)

    • by PPH ( 736903 )

      (a) it's a manual

      I can top that. My car has a device sure to stump all but the most expert car thieves:

      A knob on the dashboard labeled 'Choke'.

      Now get off my lawn!

  • Is building up viably secure automotive computing platforms part of a push toward a fleet of automated teamsters?
  • I'll take the hackers, thank you--with them I at least have some chance of purging *their* malware from my computer system.

    • by cffrost ( 885375 )

      I'll take the hackers, thank you--with them I at least have some chance of purging *their* malware from my computer system.

      Back in the BBS days there was a virus group called "YAM" — Youth Against McAfee. Maybe it's time to get the band back together. :o)

  • Strange that they left out biometrics [huffingtonpost.com][Ford], which is probably an imminent method of security in the future. WTF McAfee would be taking the lead in that, I don't know.
  • Really? McAfee researchers? This is the company that crashed millions of their business customers' systems with an untested update. As I write this there are 1000s of home McAfee customers who have lost Internet connectivity because of another untested update. These are the people you want to listen to when it comes to security? Oh Pulease!
  • by moeinvt ( 851793 ) on Monday August 20, 2012 @12:27PM (#41056767)

    Bonus points to the first person that talks their way out of a traffic ticket with the excuse that their car has been hacked.

  • by ThatsNotPudding ( 1045640 ) on Monday August 20, 2012 @12:28PM (#41056781)
    Having McAfee running anything on your car will, at minimum, will add 3 seconds to your acceration times, and knock 5 mpg off your milage. You will also have to run the A/C more to offset the extra heat load on the CPU. Plus, about every fifth update, it will kill your car so dead, you will have to call AAA for a tow.
  • The move comes as Ford and other car makers start to invest in ways to keep car code secure.

    Let's assume ENIAC and 1943 as the start date for modern computing. In nearly 70 years of computing one thing we should all know very well by now is that there is no such thing as secure code. If a user has access to the system it operates on it's inherently insecure.

    • They're not necessarily trying to keep the user out. They're trying to keep non-owner hackers out. If someone hacked the OnStar system, for example, they could stall every car on the network. Worse if they could figure out how to make every car accelerate out of control. Or what if they could change the engine settings to timing that would damage the engine over time. Or if the OnStar system stays secure, what if they could do the equivalent using the internet connectivity in some cars? or break in usi

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...