[...] "Driverless and connected cars are increasingly becoming a part of our world, where cybersecurity threats are already a reality," Sandhu said. "It's imperative that we support research that addresses these concerns and presents a strong, innovative solution."
[...] "Connected cars have almost infinite possibilities for creative technological applications," Gupta said. "Companies could even take advantage of the connectivity to implement location-based marketing tactics, providing drivers with nearby sales and offers."
However, the researchers caution that as soon as cars are exposed to internet supported functionality, they are also open to the same cybersecurity threats that loom over other electronic devices, such as computers and cell phones. For this reason, Gupta and Sandhu created an authorization framework for connected cars which provides a conceptual overview of various access control decision and enforcement points needed for dynamic and short-lived interaction in smart cars ecosystem.
"There are vulnerabilities in every machine," said Gupta. "We're working to make sure someone doesn't take advantage of those vulnerabilities and turn them into threats. The questions of 'who do I trust?' and 'how do I trust?' are still to be answered in smart cars."
(Score: 3, Informative) by BsAtHome on Wednesday May 30 2018, @08:26AM (3 children)
This is why they will fail. There are no means by which you can make something "absolute certain". It is a fallacy and has always been a fallacy. Sure, you can mitigate many possible threats, but there will always that one thing you did not think about and it assumes that your (hardware) system works as advertised. It is impossible to to have absolute security.
People who try to convince you otherwise are either stupidly ignorant or have an agenda.
I'll give them a palm reaching for the face. Then, when things go bad, I'll be able to tell them, yet again, I told you so. Sigh.
(Score: 0) by Anonymous Coward on Wednesday May 30 2018, @08:31AM (1 child)
Less frameworks and no internet access?
(Score: 2) by bob_super on Wednesday May 30 2018, @09:54PM
You can't suppress the internet access !!!!!
How else would companies log for resale everything that happens near the car? Are you trying to bankrupt the data companies which used to be car makers ?
(Score: 0) by Anonymous Coward on Wednesday May 30 2018, @08:57AM
I absolutely agree. But it's too late, the industry has *already* started down the wrong path. Not just because they still think that an "autonmous" vehicle needs a tether, and not only because they still believe that connecting control systems for critical infrastructure to the public network is a lesson we we haven't learnt, but because they're embedding insecurity in the fundamental operating model .. my face and palm are on a collision course aswell. Ref: https://soylentnews.org/comments.pl?cid=620686&sid=23504 [soylentnews.org]
It's as if these people have no imagination ..
How many car crashes would it take to shutdown a city of more than 3 million people?
What happens when we combine (1) the faces of the last set of congressmen to vote for an economic embargo with (2) 80% market penetration of high speed vehicles that have 200km range, the ability to direct themselves, are covered in high resolution camera equipment and (3) are powered by a mobile phone operating system connected to the open Internet?
To hell with (3), the phone OS and Internet. What if those chips were manufactured by the country you just embargoed and are getting OTA firmware updates like your digital TV? From satellite?
And when the Police Vehicles are JailBroken so they can be sent two towns over in the opening act of the biggest crime spree seen in 100 years, in 2027?
How many computers were compromised in the US last year, alone? How many government or financial institution records were liberated by deliberate unauthorised activity? How about we learn to protect the 1970s computers before making society completely dependent upon perfect security from the same technology with both mass *and* velocity ..
(Score: 1, Informative) by Anonymous Coward on Wednesday May 30 2018, @09:15AM
It came with your car. It's called a "frame". And all that's left to do is running a high frequency, low current through it and your car will be perfectly safe from hackers.
(Score: 5, Insightful) by fido_dogstoyevsky on Wednesday May 30 2018, @10:28AM (3 children)
No, they've been answered: the answers are "nobody" and "by not being connected and never getting into a car I can't control" respectively.
It's NOT a conspiracy... it's a plot.
(Score: 0) by Anonymous Coward on Wednesday May 30 2018, @01:40PM (2 children)
But how do you rule out the possibility of being runned over by an autonomous car.
(Score: 0) by Anonymous Coward on Wednesday May 30 2018, @04:05PM
Make sure you can run faster? Practice broken field running so you can take evasive action??
Just saw a note that Trek (large USA bicycle manufacturer) is starting to investigate transponders for bicycles, so you could carry one of these and be tracked wherever you go (just in case your cell phone isn't already doing this for you).
Once a self-driving car is being remotely controlled it's like a cruise missile on the road.
(Score: 3, Funny) by fido_dogstoyevsky on Thursday May 31 2018, @06:31AM
By not getting out of my car [pinimg.com].
It's NOT a conspiracy... it's a plot.
(Score: 2) by MostCynical on Wednesday May 30 2018, @10:32AM
Build a framework. Hard part done.
Implementing it? Actually stopping "cyber" attacks on internet connected vehicles? Someone else's problem!
http://www.unwomen.org/en/digital-library/publications/2015/11/prevention-framework [unwomen.org]
https://www.timeshighereducation.com/blog/ofs-framework-undermines-prevent-guidance [timeshighereducation.com]
http://www.caha.org.au/national_strategy_framework_launch [caha.org.au]
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by Runaway1956 on Wednesday May 30 2018, @02:32PM (1 child)
My AI is hacking into all of those autonomous cars, right now. When it has root on all the cars, they'll all drive to 1600 Pennsylvania Avenue. Once there, they will all honk in harmony, "TRUMP! TRUMP! TRUMP! TRUMP!" After a couple of days of that, Washington should get the message. Maybe we'll alternate that Trump chorus with something soothing at night. Gotta let Melania get her beauty sleep! Or, whichever one of those chicks are living there with the Orange one.
How 'bout the sound track from a corny movie? I'm putting another AI on the task of orchestrating that! https://www.imdb.com/title/tt0120380/ [imdb.com]
(Score: 0) by Anonymous Coward on Wednesday May 30 2018, @04:09PM
No need to make it personal. Just activate all the car alarms at once, that should get the message across.
(Score: 1, Interesting) by Anonymous Coward on Wednesday May 30 2018, @02:39PM (2 children)
this is just quick from the top of the hat:
the car should not have a internet connection.
it should be a YUBY key instead.
it should have sensors.
it should provide this sensor data to a carry-on mobile phone.
if you have problem then plug-in your always carry on mobile phone instead
into the car.
make the call to car tech support via your mobile phone.
if you leave the car, you remove the keys (or FOB) AND CONNECTIVITY! because connectivity is provided via your mobile phone which you remove too when you leave the car.
if the car has it's own "brainZ" and it's connected to internet then
one day we will see self-driving cars clogging up the freeway so the police cannot catch the bank-heist (or harddisk bitcoin heist?) get away car?
or maybe the self-driving car will become sluggish 'cause it's puzzled by some SHA2 problem?
(Score: 0) by Anonymous Coward on Wednesday May 30 2018, @04:29PM
> ... YUBY key...
YUBY key shill detected.
More seriously, has anyone used one of these things? Looks like a fancy dongle, but with a clever scheme so the user can carry one dongle that authorizes many different packages, from different suppliers.
(Score: 3, Funny) by bob_super on Wednesday May 30 2018, @09:59PM
Remove the connectivity ... from a future self-driving car ?
I'm looking forward to hordes of Zombie cars just driving around aimlessly, then rolling over to die in the ditches, incapable of figuring out what they are supposed to do next.
(Score: 2, Insightful) by Anonymous Coward on Wednesday May 30 2018, @03:25PM (2 children)
Reading this, I can't help but think about how cars and IOT are merging together. And the thought of applying updates to a car's systems to keep it "current" scares me to the core. First, it will be a nuisance for those who stay on top of updates. Second, most people won't update; just like all their other devices (routers, IOT devices, etc.), and the many recalls that aren't done because people won't go to the dealer. Third, what happens when a car manufacturer stops providing updates? Cars do last 10-20 years (some MUCH longer). What then?
I only see a mess coming, with no "opt out" available unless you commit to driving old cars and maintaining them. Which will be much harder for those who live in a rust belt.
(Score: 0) by Anonymous Coward on Wednesday May 30 2018, @04:50PM (1 child)
Tesla has been updating in-car software since the Model S (at least). If there is Wi-Fi I hear it goes fairly quickly, if done over a cell data connection, much slower (hours). User has control over the start time, so the car is non-functioning when not needed (famous last words). Have not heard any stories of an emergency that required interrupting the update--but if this is the only car around and you need to get to the emergency room, it seems like it could be a problem.
(Score: 0) by Anonymous Coward on Wednesday May 30 2018, @09:00PM
Didn't all these crashes start after an update? If the car is working well, I'd be scared to update. I'd be even more scared of it updating without alerting me that something has changed or telling me its changed in language that looks like gibberish.
(Score: 1) by mr_bad_influence on Wednesday May 30 2018, @10:02PM
This is just what we need -- more distractions while driving. Maybe the sales and offers will refer to nearby whorehouses and drug dealers? Who needs Craigslist when we've got hackers.