Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Sunday July 24 2016, @01:46PM   Printer-friendly
from the not-just-locking-the-doors-anymore dept.

The Automotive Information Sharing and Analysis Center has published an executive summary of their Automotive Cybersecurity Best Practices.

From the summary

As vehicles become increasingly connected and autonomous, the security and integrity of automotive systems is a top priority for the automotive industry. The Proactive Safety Principles released in January 2016 demonstrate the automotive industry's commitment to collaboratively enhance the safety of the traveling public. The objective of the fourth Principle, "Enhance Automotive Cybersecurity," is to explore and employ ways to collectively address cyber threats that could present unreasonable safety or security risks. This includes the development of best practices to secure the motor vehicle ecosystem.

Unfortunately the public executive overview is somewhat content free and refers to NIST documents on security practices but something is better than nothing. It's been six years since the publication of Experimental Security Analysis of a Modern Automobile and five years since Comprehensive Experimental Analyses of Automotive Attack Surfaces . In those research papers compsci students splay open the control system of a car through standard security analysis techniques such as fuzzing. My favorite technique they used was to install custom software into the QNX powered OnStar device then use it to bridge between the body bus and the bus that handles the engines, brakes, steering, etc. Very clever indeed.

How does the community feel about the poorly secured two ton (metric or imperial, you pick) rolling robot that the modern vehicle has become?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Knowledge Troll on Sunday July 24 2016, @06:31PM

    by Knowledge Troll (5948) on Sunday July 24 2016, @06:31PM (#379454) Homepage Journal

    Just run your battery cable through the firewall, and back to the engine compartment.

    For many reasons on a modern vehicle it is better to cut power to the fuel pump. Nothing will happen with out a few hundred PSI of gasoline pushing against the injectors and the entire rest of the vehicle and it's control systems remain powered and functional.

    Also no need to add in a bunch of 6 gauge wire to the cab with the weight and safety savings.

    Added bonus: if your car decides to accelerate out of control trying to kill you and your passengers, you can just knife it with your switch.

    Ok well that is one of the draw backs of the pansy fuel pump approach - no knifing the car.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Runaway1956 on Sunday July 24 2016, @09:02PM

    by Runaway1956 (2926) Subscriber Badge on Sunday July 24 2016, @09:02PM (#379507) Journal

    You and AC make the best replies to "my idea". Of course, it's not my idea at all, because I've seen vehicles jury-rigged as I've described. One guy did it on a truck, because his battery was always dead when he came out in the morning. The kill switch "solved" that problem for him.

    To be perfectly honest, I hadn't given any serious thought to trying anything like that myself. Now, I'm thinking. I guess you could run a disable switch without screwing up the car.

    • (Score: 2) by Knowledge Troll on Sunday July 24 2016, @09:16PM

      by Knowledge Troll (5948) on Sunday July 24 2016, @09:16PM (#379513) Homepage Journal

      Going at the fuel pump is a good way to augment theft prevention the vehicles offer as well in contrast to providing a panic switch for a vehicle in a fail-floored mode. The electronic coded key reading ECUs that manufacturers use implement the lockout in software. The ECU will refuse to operate the ignition system, injectors, or some critical component so the engine can not run. The problem is that thieves will carry modified ECUs with them and when they hit the car swap in their hacked ECU that does not require the key code. Notorious technique for stealing a car I used to own.

    • (Score: 2) by deadstick on Monday July 25 2016, @01:34AM

      by deadstick (5110) on Monday July 25 2016, @01:34AM (#379619)

      I guess you could run a disable switch without screwing up the car.

      Or the warranty?