This coming summer the Society of Automotive Engineers (SAE) is running their 8th annual security workshop — details at https://www.sae.org/attend/cyberauto
The SAE CyberAuto™ Challenge brings together students and engineers from different backgrounds, industries, and organizations to collaboratively seek new information on automotive cybersecurity. No matter your perspective of participation at CyberAuto Challenge, your experience will benefit you now and in the future:
- High school and college students work with in-service vehicles and their production code, software stacks, and internal electronics
- Automotive engineers learn new ways to think about vehicle security and safety
- Government officials gain new perspectives about vehicle security and safety while engaging one-on-one with the next generation of cyber professionals
- Researchers developing emerging techniques to find real solutions to cybersecurity challenges and engage the next generation cyber-auto engineers.
This AC has no idea if you can really teach security, but at least someone is trying. It's also possible that SAE is training the other side? The page has a glowing testimonial that ends:
To sum it all up: thank you. That five days of the CyberAuto Challenge changed my life.”
–Vanya Gorbachev, 2018 CyberAuto Challenge participant
(Score: 0) by Anonymous Coward on Tuesday January 08 2019, @03:11AM (5 children)
On a related page SAE says,
Any idea if those numbers make sense?
(Score: 2) by The Mighty Buzzard on Tuesday January 08 2019, @03:18AM (3 children)
Not in a car they don't. That's entirely too many places to hide really unfortunate bugs. The only complex electronics on my next car are going to be housed in the radio. Yes, radio not touchscreen infotainment center. Thankfully, I'm capable of making that happen my own damned self even if the thing comes with more processing power than my desktop when it rolls off the showroom floor.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday January 08 2019, @12:56PM (2 children)
> The only complex electronics on my next car are going to be housed in the radio.
Not sure about your state, but to pass a NY annual vehicle inspection (required) they plug in an OBDII tester and look for any emission system faults including system modifications. I tried once with a car that just had a new battery installed (computer powered down) and the inspector told me I had to drive it for 30-50 miles before the computer would give useful results to the tester (I believe the computer slowly dials in the correct fuel and spark map?)
Unless you plan to drive a pre-OBD vehicle forever (and put up with fussy old fuel and spark systems), this is going to be a tough requirement to meet with no engine computer.
(Score: 2) by The Mighty Buzzard on Tuesday January 08 2019, @04:36PM (1 child)
No personal vehicle inspections in TN. Or in OK for that matter. I'm all good even if I move back some time in the future.
My rights don't end where your fear begins.
(Score: 1) by anubi on Tuesday January 08 2019, @11:14PM
Now, that's one of the main drivers behind why I bought and am renovating a 25 year old Ford / International 7.3L IDI Diesel van, even though I could have purchased a brand new machine.
By now, I am pretty well conditioned to accept that " advanced technology" is the buzzword businesses use to mean I will agree to whatever their machine demands of me.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by MostCynical on Tuesday January 08 2019, @06:45AM
True or niot, 100 million seems to be what everyone quotes.. http://desigeek.com/blog/amit/2018/08/28/how-many-lines-of-code-does-it-take/ [desigeek.com]
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by The Mighty Buzzard on Tuesday January 08 2019, @03:12AM (5 children)
Sure you can. Paranoia and attention to detail can both be acquired as skills. They just take work like any other skills. The creativity that marks a genius rather than a clock puncher, that's another matter entirely.
My rights don't end where your fear begins.
(Score: 2) by Runaway1956 on Tuesday January 08 2019, @03:47AM (4 children)
Anyone who is concerned with security has probably heard or read that, and often. Security is a Process, not a Product. One problem seems to be that boards of directors and accountants and xOO's are only concerned with selling products.
Security in the military is a process. No one sets up a couple guard posts, and calls it "secure". Roving patrols (yes, even aboard ship) are constantly checking on the status of whatever perimeters or systems they are responsible for. It can't be automated, it can't be neglected for some hours/days/weeks. It's an ongoing process, with human eyes and hands on.
And, that is precisely what managers want to eliminate. They want everything automated, so that the humans can go on with something more fun, and less stressful, and less expensive.
In the physical world, "security" often consists of a fence and some cameras. Take away the security personnel, and there is no one to defend the fence, or to monitor the cameras. At that point, the supposed security is no more and no less effective than a standard padlock. Everyone should be aware that a padlock only keeps honest people honest. Very few padlocks can keep me out, once I've decided to get in. Even fewer padlocks actually slow me down. It only takes a couple minutes to pick the standard Master padlock, and even less time to just destroy a lock. Cheap locks are easier and faster to destroy. And, if the owner/manager doesn't check on whatever he has trusted to a lock for a week, or a month, the "crime" may go unsolved forever.
(Score: 2) by aristarchus on Tuesday January 08 2019, @07:59AM
The most likely to be doxxed (from really stupid detail disclosures) Soylentil has this to say? We have your natsav trajectory, Runaway of too many specifics. Best STFU before your employer or your wife's church group finds out who you really are, and sequestors your artillery, so to speak.
(Score: 0) by Anonymous Coward on Tuesday January 08 2019, @01:01PM (2 children)
> Security is a Process ...
Well put.
How is this going to work with an automated highway, where my car has to make many secure connections with other traffic and the road (infrastructure), on a sub-one-second time scale. This is for things like the negotiation for a lane to move over toward the upcoming exit, or to know that the light is about to change (or whatever). No possible time for human intervention here.
(Score: 2) by Runaway1956 on Tuesday January 08 2019, @03:16PM (1 child)
For you, the individual human being chauffered around by a robot, the process should have been ongoing before you committed your life to that robot. You should be aware that BrandX Highway Robots have been exploited repeatedly in recent months - and updated, upgraded, or changed to BrandZ. Or, just shut that obsolete robot down, and run it through the trash compactor. The process involves keeping up to date on how many body bags have been utilized by which brands of robots.
(Score: 0) by Anonymous Coward on Tuesday January 08 2019, @05:11PM
Well, that puts a little perspective on a future incarnation of Soylent News -- keeping track of the source bodies soon to be processed into new soylent...
I think I'll keep driving my own car and avoid (to the extent possible) areas that are infested with robot cars.
(Score: 0) by Anonymous Coward on Tuesday January 08 2019, @07:03PM
are these people using and creating Free Software or is this just a bunch of enslaveWare peddling whores misguiding the future generation to perpetuate their strangelhold on the industry?