from the everything-should-be-connected-to-the-interwebs dept.
The Federal Bureau of Investigation and US National Highway Traffic Safety Administration have issued a PSA about cybersecurity threats to vehicle owners:
The FBI and the US National Highway Traffic Safety Administration have added their voices to growing concerns about the risk of cars being hacked. In an advisory note it warns the public to be aware of "cybersecurity threats" related to connected vehicles. Last year Fiat Chrysler recalled 1.4 million US vehicles after security researchers remotely controlled a Jeep. People who suspect their car has been hacked were told to get in contact with the FBI. The public service announcement laid out the issues and dangers of car hacking.
This Public Service Announcement has an identifier, I-031716-PSA:
Vehicle hacking occurs when someone with a computer seeks to gain unauthorized access to vehicle systems for the purposes of retrieving driver data or manipulating vehicle functionality. While not all hacking incidents may result in a risk to safety – such as an attacker taking control of a vehicle – it is important that consumers take appropriate steps to minimize risk. Therefore, the FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.
(Score: 2) by c0lo on Sunday March 20 2016, @09:51AM
If somebody breaks into your car, call the local police.
If somebody breaks the firmware of your car, call the FBI.
Why???
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Insightful) by anubi on Sunday March 20 2016, @10:06AM
If the authorities are as powerless to stop car malware as they have demonstrated themselves to be in stopping internet malware... looks like we have just set ourselves up to entertain a lot of kids at insurance companies' expense.
This time, its not just blue screen, and restore from backup.
There is twisted metal, lives, doctor bills, and insurance companies with real money on the line.
Lawyers, lots of paperwork, courts and torts, and cheques to be signed.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by c0lo on Sunday March 20 2016, @10:15AM
This doesn't answer to why FBI and not local police?
You see... "twisted metal, lives, doctor bills, and insurance companies with real money on the line.+ Lawyers, lots of paperwork, courts and torts, and cheques to be signed." also happens if some kids go on a joyride with a stolen car and the joyride finishes ugly.
But only local police gets involved in such cases.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2, Insightful) by anubi on Sunday March 20 2016, @10:41AM
I get the idea a few people may finally be realizing the seriousness of data security as their "hold harmless" clauses are likely to fail when real provable damage has been done.
I have been hawking on this data security thing for years... started when I got my first ANSI bomb and I realized just how vulnerable I was - and how things like this happen.
The local police would be of much use if the problem was indeed local... like the local joyrider does not pose much of a threat outside his area.
However, I think this is more like when the DVD_CCA realized their DVD encryption scheme enforcing their wishlist onto everyone else had been de-fanged.
Its only a matter of time before the codes to remotely take over cars goes public... and will be eagerly snapped up by those with an axe to grind against someone else.
No-one can prove a thing... and the people who put this technology into cars are probably scared shitless that the "hold harmless" clauses that for years has shielded the industry from the problems of buggy code may no longer protect them from lawsuits involving people dying and real property damages.
Putting this kind of control in a car is no longer a convenience and a simple frustration to resolve hackings.
A note sent on company letterhead to the effect of "We are sorry, we spilled your beans. Here's a year of credit monitoring on us" will not resolve this one. Even if the head muckeymuck signs it. Real bills are gonna have to be funded.
I wonder how an executive would think, getting into a new car, knowing that some disgruntled ex-employee could be plotting to take over his steering on his way home and ram him into a truck? And had the skills and means to do so?
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by c0lo on Sunday March 20 2016, @11:40AM
Almost perfect!
The single major reason I see: because those damn'd car manufacturers expose their firmware (controlling the car) to outside of the car - even worse, remotely over Internet - when there's no reason for it (no, the convenience of remotely disabling the car in the eventuality of a theft does not justify the disadvantages I'll mention shortly).
And this is why everyone needs to pay extra taxes for specialized federal law enforcement (hacking the car from other state or country? Of course is beyond local police).
Even more, everyone expose themselves to being tracked by whoever has the knowledge to do it, especially govts? Maybe even foreign govts?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Interesting) by bitstream on Sunday March 20 2016, @11:55AM
We need this technology to get rid of inconvenient people.
//The men in trustworthy suits(tm) :P
This post will selfdestruct in 5.. 4.. 3.. 2.. 1.. *floating point divide by zero*
(Score: 1) by anubi on Sunday March 20 2016, @11:56AM
Right on!
My "work machine" that has all my "good stuff" on it is never connected to the internet.
I have been "pwned" on the machine I am using right now at the oddest times, which sometimes took me an hour to re-establish image via CloneZilla. Pain in the ass. But no real damage done.
I will fight tooth and nail to keep this kind of remote control skullduggery out of my car. I have already seen the mayhem which has been released onto machines which had no kinetic energy to speak of.
The uncontrolled kinetic energy of a ton of car traveling 60MPH is something I hope I never experience.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by arulatas on Monday March 21 2016, @02:51PM
Does no good for someone to refuse to use it as long as it is present at all upon the roads. If someone wants to remove you from the gene pool they only have to use an enabled car to take you out.
----- 10 turns around
(Score: 2) by MostCynical on Sunday March 20 2016, @10:35AM
If the Federal Government is in charge of vehicle standards, then *maybe* it makes sense for the FBI to be involved..
Who else has teams of l33t hack0rz to fight the Bad Guys(tm)?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by c0lo on Sunday March 20 2016, @11:42AM
Why do we need to fight the Bad Guys(tm)?
Can't we do better? [soylentnews.org]
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by mendax on Monday March 21 2016, @05:20AM
Computer hacking using a telecommunications system is a federal offense, even if the hacker and the hackee are in the same state. That's why. If the state the hacker committed the offense and the state the car that was hacked are different and either or both have their own laws making some actions illegal, they also may choose to prosecute since double jeopardy does not apply if an illegal act violates both federal and state laws.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 2) by c0lo on Monday March 21 2016, @06:12AM
And, pray tell, why is that firmware exposed to telecommunication in the first place?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by mendax on Monday March 21 2016, @07:17AM
That is the $64k question, although it'll probably be closer to $64 million and then some by the time the litigation is done after someone is killed by car hacking.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 0) by Anonymous Coward on Sunday March 20 2016, @10:00AM
This doesn't sound like something FBI should complain or give warnings about.
(Score: 0) by Anonymous Coward on Sunday March 20 2016, @10:28AM
The FBI secured a cell phone; who knows, perhaps they can secure a car.
http://9to5mac.com/2016/02/21/fbi-explains-why-it-changed-apple-id-password-in-iphone-unlock-case-retrieved-icloud-backups-up-to-october-19-but-wants-more/ [9to5mac.com]
http://www.buzzfeed.com/johnpaczkowski/apple-terrorists-appleid-passcode-changed-in-government-cust [buzzfeed.com]
(Score: 0) by Anonymous Coward on Sunday March 20 2016, @10:43AM
Well, their buddies at the NSA are probably the ones who are either creating the holes or exploiting them, so they probably only announced it to piss them off
(Score: 2) by bitstream on Sunday March 20 2016, @12:01PM
Locate all antennas for external communication and use the cable cutter or wrap them in metal foil. This means not only UMTS (cell phone) antenna but also satellite, bluetooth, WiFi etc. Cars don't need that stuff. Any antitheft device shall be completely disconnected from the steering and control system. Then it may stay with the antenna intact.
Also shun any drive-by-wire control system. The industry doesn't have the quality culture to build safe products.
(Score: 1) by anubi on Sunday March 20 2016, @12:21PM
Well, I gotta admit I feel a helluva lot safer in this 20 year old Diesel van I just got than I do in a new car.
Old beast is just like I like them.... all mechanical. Its almost music to me to hear that thing run.
Its all shafts and gears.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by PinkyGigglebrain on Sunday March 20 2016, @05:03PM
20? try 38. :)
Only thing I need to worry about when I'm drive my old station wagon is an EMP that might take out the electronic ignition. The advantage of your van is you don't even need to worry about that with a diesel, unless you have an electric fuel pump.
Only down side of my wagon is the MPG sucks :/
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 1) by anubi on Monday March 21 2016, @04:49AM
Yes, I retrofitted it with an electric fuel pump.. the mechanical one that came with it was leaking diesel into the crankcase. ( which at least explained why I always seemed to have too much oil in the machine! ). I was probably burning my crankcase oil as fuel as well - but in a diesel, that would not be obvious. They will apparently burn the oil as if it were fuel. The electric fuel pump nipped that little problem-in-the-making in the bud.
I do not know if it is brushed or electronically commutated - as the whole thing is hermetically sealed.
I guess in an emergency, I could put a container of fuel on the van's roof and siphon it down to the injector pump. I believe it would probably run on +1 PSI inlet fuel pressure ( 2 feet head ).
Actually, that fuel pump is also my emergency shutoff for the diesel, as if the little solenoid on the injection pump ever stuck open, it would be pretty difficult for me to shut the engine down in that thing as the air intake is hard to get to on this one. Once started, it really wants to live.
I guess a kinda "side benefit" I get is since the van is "pre-theft-prevention-technology", I can retrofit a surprise for attempted theft by having the pump shut down, causing the mechanical injection pump to aspirate itself full of air via the fuel-return line. This will disable the engine until someone bleeds the air out of the fuel system.
As far as MPG, I have been getting around 20. This is for a Ford E350. Actually its about the same for my little Toyota - which is on the terminally ill sick list. Yes, I could pour a lot of money into it and fix it back up, but the cost would be about the same as what I am doing with the van.... and my needs have changed a lot since I bought the little toyota. I no longer have a daily commute. But I do have a lot of tools and equipment I would like to have with me if I go out to fix something.
I am also of the belief that the shit is going to hit the fan in our economic system, and I am likely to get stranded and "on my own". I fear if I have finicky support infrastructure, if it breaks, I am SOL. If I re-do the van's electronics to the stuff I build myself, no-one will know how to use it, so hopefully they won't simply knock me off and take the van. Not only that, it is the coolness factor of having the van's controls actually being the same stuff as used in industrial panels... all SCADA and ModBus. Today, there are a lot of really neat displays I can get pretty cheap. ( Actually, all I can do is display stuff, the engine is on a completely separate circuit. The only monkey wrench I can really throw into the works is shutting off the fuel pump or monkeying with the horn and lights - however I consider "Hollywood Theatrics" on the display panels fair game.)
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by mendax on Monday March 21 2016, @05:27AM
My 2006 Ford Ranger pickup has no bells and whistles. Want to hack it? Go ahead! Navigation system? What's that? Oh, you mean the road atlas I keep behind the seats? Computer? Well, it has one of those but the only hackable computers in it on most occasions are my MacBook and Samsung tablet. So, if you want to hack my truck you're going to need an axe!
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 2) by c0lo on Sunday March 20 2016, @12:39PM
Note: do this with a self-driving car and most probable it will refuse to start.
Which raises an interesting question: who will be the actual (p/)owner of a self-driving car?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by bitstream on Sunday March 20 2016, @12:58PM
The manufacturer and whoever can outsmart them technically or juridically.
(Score: 3, Touché) by c0lo on Sunday March 20 2016, @01:32PM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by iwoloschin on Sunday March 20 2016, @08:09PM
You're looking at it wrong. Why buy an autonomous car when I can hire one for the time I need? I typically use my car on weekends, I'd much rather sell it and just rely on renting an autonomous car. In my use case I'd probably save money (no car insurance, no car maintenance, etc) and I wouldn't have to worry about who owns the autonomous car driving me, because it wouldn't be my problem.
I can't wait for the future.
(Score: 3, Insightful) by darkfeline on Sunday March 20 2016, @08:18PM
Maybe they should stop trying to defang encryption then, hmm?
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Sunday March 20 2016, @09:38PM
TL:DR We're doing it wrong and self driving cars won't overly change that!
A few problems with the wonderful future of self driving cars (inspired by iwoloschin's post about being unable to wait for the futre:
1. Privacy. You WILL be tracked. Right now you can disable tracking by turning off your cell phone, and license plate readers aren't that prevalent so you can only be tracked with marginal accuracy by those. "I have nothing to hide!" etc. etc. only falls into the trap of when/why your info may become useful. Perhaps its not a problem for you, but could very well be a problem for someone targeted for social engineering, kidnapping, extortion, etc. when some hackers steal/bribe their way to your data for very real sinister reasons.
2. You can hire a car right now, its called a taxi.
3. You might not actually save money in the long run. Once autonomous care companies become common place you can damn well expect the costs to increase while your options decrease.
4. Autonomy, its one of the biggest factors for many people.
With all these various factors (and others I'm sure) I don't see actual car ownership going anywhere for a long time. I like the idea of an autonomous car network for dense urban areas, though I think a distributed rail system for small pods of 2-4 people would be a better and safer investment.
We have solved lots of these problems before, and I feel like the self driving cars is a new gimmick to track the population while selling a whole new fleet of vehicles. Public transit in the US was axed by car companies, Los Angeles being the famous example. Between subways and a light rail system you can solve many of the transportation problems, and one great side effect would be reclaiming public space. So much geographic area is taken up by streets, not only for driving but for parking. How great would it be if 50% of all current street area was converted to medians with plants and trees? Also, we could add bike only lanes where people can safely cruise non-stop from one point to another like Norway (?) is testing out.
(Score: 2) by c0lo on Sunday March 20 2016, @09:42PM
Option: eBikes. Simple enough for you to be able to put one together - kits already available for sale.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford