Intel Team Takes On Car Hackers 153
nk497 writes "Intel has set up a team of McAfee researchers to protect computer systems in cars, hiring Barnaby Jack — the researcher who forced ATMs to spit out cash and cause medical pumps to release lethal doses of insulin. Bruce Snell, a McAfee executive who oversees his company's research on car security, said the car industry was concerned about the potential for cyber attacks because of the frightening repercussions. 'If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening,' he said. 'I don't think people need to panic now. But the future is really scary.' The move comes as Ford and other car makers start to invest in ways to keep car code secure."
Interesting readings (Score:4, Informative)
http://www.autosec.org/publications.html
Stupid stuff again (Score:5, Informative)
Why do car companies feel the need to hook their CD players or whatever into the critical systems of the car?
How about this: Just mount an iPad (or Galaxy) into the console.
Done.
But, no, they want to show you the oil level on a touchscreen instead of in front of the steering wheel. Meaning they have to hook it into the engine computer. Giving attackers an in.
Re:A revolutionary idea (Score:5, Informative)
Don't make the car computer have a wi-fi antenna.
There are plenty of other vectors. The keyless ignition system. The remote central locking. The MP3 decoder. The digital radio. With physical access -- direct connection to the bus.
Re:CAN is cool, but... (Score:4, Informative)
The radio should simply never be able to get a message to the engine without wiring changes.
My father's decade old SUV talked to the transmission to control radio volume based on road speed.
The hard part is making a single RW bus read only in the proper direction at all times.
Thankfully it didn't run windows so there's no virus issue. But radios and engine/transmission computers have been talking for quite awhile.
Re:Boy, does this have the potential for bad (Score:5, Informative)
Not to mention the ability to charge for different levels of performance using the same underlying hardware, kind of like ATI & Nvidia do, and Intel was planning to do with their value-priced CPUs.
Here's an easy way to tell whether they're doing it for "safety", or just to increase their own profits -- if they give copies of the security key to end users, their motives are probably good. If they won't even give the code to mechanics, and force field replacement of expensive parts that could be repaired if the mechanic had the code, then they're doing it for their own benefit. It's just like UEFI. If I have a copy of the key, it's awesome. If the only copy of my key is held by Microsoft or Sony, it's a shameless pwnage of my consumer rights whose physical and political defeat is a moral imperative.