Intel Team Takes On Car Hackers 153
nk497 writes "Intel has set up a team of McAfee researchers to protect computer systems in cars, hiring Barnaby Jack — the researcher who forced ATMs to spit out cash and cause medical pumps to release lethal doses of insulin. Bruce Snell, a McAfee executive who oversees his company's research on car security, said the car industry was concerned about the potential for cyber attacks because of the frightening repercussions. 'If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening,' he said. 'I don't think people need to panic now. But the future is really scary.' The move comes as Ford and other car makers start to invest in ways to keep car code secure."
Boy, does this have the potential for bad (Score:5, Insightful)
Don't like the government-mandated shutdown of your vehicle in certain areas (i.e. your self-driving car will refuse certain destinations)? We'll make sure you can't hack the nav system.
Uh huh... (Score:3, Insightful)
Sounds like the auto makers are getting tired of individuals being able to change their own cars engine/transmission settings, and or, do fixes that usually require paying the dealer.
Congress mandated an open set of engine/car diagnostic codes due to them not releasing service information some years back. Sounds like they're investigating the possibility of re-imposing something similar via "security" concerns.
"Think of the children that could be put at risk if $evil-auto-hacker isn't protected against!"
CAN is cool, but... (Score:5, Insightful)
I played with having a computer in my car for a few years and it is shocking what you can do once you have access to the CAN bus. I mean it's cool that I can plug a device in and program it so that it will catch the commands from my window switches and have them instead activate my blinkers, but that (theoretically as far as I know) a compromised update to your radio could let it do the same thing is a bad thing and that there is a growing trend for cars to be more connected (e.g. wifi hotspots, etc..) is outright scary.
Maybe they could start by separating networks for the critical functions and entertainment systems. The only possible access to the critical systems should be by a physical connection. They don't need (bad) software security experts to help solve this problem. They need good network architects. It shouldn't simply be a matter of the engine verifying that the "more gas" command came from the ECU and not the radio. The radio should simply never be able to get a message to the engine without wiring changes.
Re:Stupid stuff again (Score:4, Insightful)
Why do car companies feel the need to hook their CD players or whatever into the critical systems of the car?
Because it's the cheapest way to provide features that customers want, and competitors will deliver.
Re:CAN is cool, but... (Score:4, Insightful)
Maybe they could start by separating networks for the critical functions and entertainment systems.
Cars used to have multiple busses, but they unified them to save weight to improve fuel efficiency.
That is, they chose fuel efficiency over security. Remember, right now fuel efficiency will sell more cars than a more nebulous "security" that few can appreciate (until something really bad happens).