from the not-just-locking-the-doors-anymore dept.
The Automotive Information Sharing and Analysis Center has published an executive summary of their Automotive Cybersecurity Best Practices.
From the summary
As vehicles become increasingly connected and autonomous, the security and integrity of automotive systems is a top priority for the automotive industry. The Proactive Safety Principles released in January 2016 demonstrate the automotive industry's commitment to collaboratively enhance the safety of the traveling public. The objective of the fourth Principle, "Enhance Automotive Cybersecurity," is to explore and employ ways to collectively address cyber threats that could present unreasonable safety or security risks. This includes the development of best practices to secure the motor vehicle ecosystem.
Unfortunately the public executive overview is somewhat content free and refers to NIST documents on security practices but something is better than nothing. It's been six years since the publication of Experimental Security Analysis of a Modern Automobile and five years since Comprehensive Experimental Analyses of Automotive Attack Surfaces . In those research papers compsci students splay open the control system of a car through standard security analysis techniques such as fuzzing. My favorite technique they used was to install custom software into the QNX powered OnStar device then use it to bridge between the body bus and the bus that handles the engines, brakes, steering, etc. Very clever indeed.
How does the community feel about the poorly secured two ton (metric or imperial, you pick) rolling robot that the modern vehicle has become?
(Score: 2) by DECbot on Sunday July 24 2016, @02:23PM
... than the smaller industrial robotic arms when I'm in reach and the servo is engaged. Of course with the car their is no dead man's switch.
cats~$ sudo chown -R us /home/base
(Score: 3, Interesting) by Runaway1956 on Sunday July 24 2016, @02:44PM
Just run your battery cable through the firewall, and back to the engine compartment. Install a knife switch into that battery cable - under your seat or somewhere out of sight. When you leave the vehicle, open the switch. No one is going to steal it, or talk the computer into opening up for them.
Added bonus: if your car decides to accelerate out of control trying to kill you and your passengers, you can just knife it with your switch.
“Take me to the Brig. I want to see the “real Marines”. – Major General Chesty Puller, USMC
(Score: 0) by Anonymous Coward on Sunday July 24 2016, @03:33PM
Every time you disconnect the battery cable, don't be surprised when you:
+ Have to supply security code and re-program radio stations
+ Need to reset the clock
+ Lose the built-in burglar alarm (maybe a good thing--no honking horns)
+ ?? I think there are a number of other systems that depend on continuous 12VDC
(Score: 2) by mhajicek on Sunday July 24 2016, @04:36PM
If the car is fly-by-wire as more and more are, you would also lose brakes and steering.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by Knowledge Troll on Sunday July 24 2016, @06:20PM
If the car is fly-by-wire as more and more are, you would also lose brakes and steering.
Can you name models that do not include a direct mechanical linkage that is boosted? True fly by wire would require no direct linkage at all between the brake pedal and brake pads or steering wheel and steering rack.
Boosted systems can be fully robot and look like fly by wire but the only pedal that I know of that lost the direct connection is the gas pedal. The gas pedal is now attached to a position or angle sensor and the butterflies in the throttle body are operated by a servo. Might be tempted to call it throttle by wire but actually its FADEC [wikipedia.org].
As far as I know fly by wire can't be used to describe any vehicle that is on the road.
(Score: 3, Informative) by mhajicek on Sunday July 24 2016, @07:52PM
Infinity Q50. It has a clutch that's supposed to engage mechanical steering in case of an electronic failure, but that can fail under the same circumstances that would cause the electronic system to fail:
http://jalopnik.com/the-infiniti-q50s-steer-by-wire-could-fail-when-it-get-1484200188 [jalopnik.com]
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by Knowledge Troll on Sunday July 24 2016, @07:57PM
Now aint that lovely.
(Score: 2) by Runaway1956 on Sunday July 24 2016, @08:55PM
That is kinda scary, but, no one drives when the temperature goes below freezing, do they? And, global warming!! :^)
“Take me to the Brig. I want to see the “real Marines”. – Major General Chesty Puller, USMC
(Score: 0) by Anonymous Coward on Sunday July 24 2016, @05:05PM
When the car is running, the electric systems run off the generator. The generator also recharges the battery while running. So the kill switch you suggest will only work when the engine is off.
For car running off and trying to kill occupants, I suggest:
a) Install a cable from the acceleration controller electronics box positive terminal, and grounded through a switch (using a heavy gauge wire and high current switch). When car tries to kill you, turn the switch on. This shorts the killer acceleration controller box power supply to ground, blowing the fuse or at least interfering with its murderous intentions.
or if you are sophisticated:
b) Install a relay between the positive input and acceleration controller box input (Common and NC) so that it is normally connected. The relay can be turned on through a switch from passenger compartment. The relay opens the controller circuit when active, etc.
(Score: 2) by Knowledge Troll on Sunday July 24 2016, @06:31PM
Just run your battery cable through the firewall, and back to the engine compartment.
For many reasons on a modern vehicle it is better to cut power to the fuel pump. Nothing will happen with out a few hundred PSI of gasoline pushing against the injectors and the entire rest of the vehicle and it's control systems remain powered and functional.
Also no need to add in a bunch of 6 gauge wire to the cab with the weight and safety savings.
Added bonus: if your car decides to accelerate out of control trying to kill you and your passengers, you can just knife it with your switch.
Ok well that is one of the draw backs of the pansy fuel pump approach - no knifing the car.
(Score: 2) by Runaway1956 on Sunday July 24 2016, @09:02PM
You and AC make the best replies to "my idea". Of course, it's not my idea at all, because I've seen vehicles jury-rigged as I've described. One guy did it on a truck, because his battery was always dead when he came out in the morning. The kill switch "solved" that problem for him.
To be perfectly honest, I hadn't given any serious thought to trying anything like that myself. Now, I'm thinking. I guess you could run a disable switch without screwing up the car.
“Take me to the Brig. I want to see the “real Marines”. – Major General Chesty Puller, USMC
(Score: 2) by Knowledge Troll on Sunday July 24 2016, @09:16PM
Going at the fuel pump is a good way to augment theft prevention the vehicles offer as well in contrast to providing a panic switch for a vehicle in a fail-floored mode. The electronic coded key reading ECUs that manufacturers use implement the lockout in software. The ECU will refuse to operate the ignition system, injectors, or some critical component so the engine can not run. The problem is that thieves will carry modified ECUs with them and when they hit the car swap in their hacked ECU that does not require the key code. Notorious technique for stealing a car I used to own.
(Score: 2) by deadstick on Monday July 25 2016, @01:34AM
I guess you could run a disable switch without screwing up the car.
Or the warranty?
(Score: 3, Insightful) by bzipitidoo on Sunday July 24 2016, @02:51PM
Security has been marketed as safety for everyone against dangers to everyone.
But it's been twisted. Sometimes security changed to security for vendors against their own customers. Microsoft did that with their campaign against piracy, a few times slipping anti-piracy and spying measures into their security updates. When caught, they tried to claim anti-piracy was in fact security for users. Incredibly, they used Mafia style reasoning. Yes, those "security" measures "protect" the customer from committing piracy! Be a real shame if you were investigated by the BSA and sued for copyright infringement. No one should blindly trust MS's security measures.
So with cars, I can certainly see manufacturers being a little too interested in protecting themselves by putting their own customers at greater risk. Cars are all getting black boxes now? What happens if police are actually given access to data from all black boxes not just the ones involved in accidents? Police always want more information, and privacy be damned. Even if denied that, do they still get to go on fishing expeditions with black boxes that have been in accidents? Do these black boxes have any sort of protection against unauthorized access? Does the owner have the option to password protect the data that cars record, or just turn that feature off?
(Score: 2) by canopic jug on Sunday July 24 2016, @04:10PM
Money is not free speech. Elections should not be auctions.
(Score: 2) by melikamp on Sunday July 24 2016, @04:19PM
Direct link to pdf, if you want to avoid javascript: http://www.automotiveisac.com/assets/img/executive-summary.pdf [automotiveisac.com]
I agree, this is exactly the case here. From the customer's point of view, being able to understand and control the software is absolutely necessary for any kind of security evaluation, let alone assurance, but free/libre software is simply not on the table. This is all about security of auto manufacturers from lawsuits, and nothing else. Any resulting safety of passengers, other drivers, and pedestrians is just a nifty side-effect they can keep pointing to, while they are trying to "sell" us a car with software which we cannot analyze, control, or modify.
(Score: 2) by fido_dogstoyevsky on Sunday July 24 2016, @11:17PM
(0) DON'T allow wireless acess to ANYTHING in the car.
(1) DON'T allow any system to communicate with any other system (this allows excluding the radio from (0)).
(2) ANYTHING (except maybe the accelerator) drive by wire has to have a mechanical backup (said backup being permanently connected).
(3) DON'T allow wireless acess to ANYTHING in the car.
(4) Include a mechanical kill switch.
(5) Make the software open source - this is one situation where imaginary property can kill people.
It's NOT a conspiracy... it's a plot.
(Score: 2) by Scruffy Beard 2 on Sunday July 24 2016, @11:40PM
And this is why I am leery of Tesla Motors.
This is coming from somebody who read the manual for the Tesla roadster cover-to-cover.