A flaw buried deep in the hearts of all modern cars allows an attacker with local or even remote access to a vehicle to shut down various components, including safety systems such as airbags, brakes, parking sensors, and others.
The vulnerability affects the CAN (Controller Area Network) protocol that's deployed in modern cars and used to manage communications between a vehicle's internal components.
The flaw was discovered by a collaborative effort of Politecnico di Milano, Linklayer Labs, and Trend Micro's Forward-looking Threat Research (FTR) team.
Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable.
Patching the issue means changing how the CAN standard works at its lowest levels. Researchers say car manufacturers can only mitigate the vulnerability via specific network countermeasures, but cannot eliminate it entirely.
"To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented," researchers say. "Realistically, it would take an entire generation of vehicles for such a vulnerability to be resolved, not just a recall or an OTA (on-the-air) upgrade."
[...] The Department of Homeland Security's ICS-CERT has issued an alert regarding this flaw, albeit there is little to be done on the side of car makers.
"The only current recommendation for protecting against this exploit is to limit access to input ports (specifically OBD-II) on automobiles," said ICS-CERT experts in an alert released last month.
[...] The research was presented last month at the DIMVA conference in Bonn, Germany. The technical paper detailing the flaw in depth is available here and here. A YouTube video recorded by Trend Micro researcher Federico Maggi is available.
Source: Bleeping Computer
(Score: 3, Insightful) by frojack on Friday August 18 2017, @06:32PM (7 children)
Here's a better idea:
Don't but the CAN bus on the internet or let it receive or send to anything outside the vehicle.
Also locate the ONLY diagnostic port inside the locked cabin of the vehicle.
No, you are mistaken. I've always had this sig.
(Score: 5, Insightful) by jmorris on Friday August 18 2017, @06:47PM (6 children)
Think you miss the point. CAN = Car Area Network. Everything in the vehicle connects to CAN. Everything. And anything that can connect to it can send commands to any other node and there is no security. Crawl under a car, attach to something like the transmission and remotely crash the vehicle at your leisure.
They would have to reinvent everything, every component would have a hardwired public key, there would have to be a maintaince keyring to allow the owner (i.e. the factory authorized service center, you don't think they will give the sucker making the note actual ownership do you?) to have the network recognize a replaced component. All communication would be at least signed, probably encrypted. And goodbye diagnostic port.
(Score: 3, Insightful) by maxwell demon on Friday August 18 2017, @07:53PM (2 children)
No. CAN = Controller Area Network. It's right in the summary. And Wikipedia agrees. [wikipedia.org]
The transmission controller should not be accessible by simply crawling under the car.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by inertnet on Friday August 18 2017, @08:50PM (1 child)
Most lights will do as well, many can be disassembled from the outside to expose the CAN bus.
(Score: 3, Insightful) by Grishnakh on Friday August 18 2017, @08:55PM
If you're talking about taillights, all the taillights I've seen lately are still pretty simple, with on/off wires going to them. There's no bus there. The bus goes to the Body Control Module, which is somewhere inside the car. Now if you're talking about HID headlights that might have a CAN bus connection, most cars these days have made it extremely difficult to even change the bulbs on these things; usually you have to remove the the bumper, or take apart the wheelwell, or something like that to get to just the bulb. It's probably easier to just break into the car's cabin if you're trying to be sneaky.
(Score: 3, Interesting) by Grishnakh on Friday August 18 2017, @08:52PM (2 children)
The other responder is correct in his two points, but I have a couple of points to add:
1) There's multiple CAN and LIN buses, among others, in any modern car. There is not a single CAN bus. There's usually low-speed and high-speed CAN buses, and maybe a medium-speed one too. Obviously, different things are on different buses. In addition to those, there's also usually multiple LIN buses, which are really simple and low-speed. Things like steering-wheel buttons probably use those. A lot of European cars also have MOST buses, which are optical buses for the audio system. (I'm not sure why they bother really; optical fiber has proven to be more trouble than it's worth for anything except extremely high-speed applications. It probably seemed like a good idea in the early 00s but modern copper networking technology works fine.)
2) Governments aren't going to accept not having a diagnostic port to plug into. Many states (and maybe countries?) use this port at your annual emissions check to make sure the car is working properly.
3) While the other responder is correct that CAN buses are generally not easy to tap into from just crawling under the car, you also need to remind yourself: how hard is it to get to the brake lines by crawling under a car? It's just as easy as it's ever been. It's stupid to worry about people hacking into your car's computer systems after gaining access to the interior of the car, when it's so trivially simple to just cut their brake lines or do other nefarious stuff that's easily done just by crawling underneath. It's not even that hard to get into a car--just ask a locksmith. But it's hard enough that people breaking into cars just isn't that much of a problem, at least not to where we're willing to accept serious drawbacks which would be necessary to counter it.
(Score: 3, Interesting) by damnbunni on Saturday August 19 2017, @12:34AM (1 child)
About emissions tests:
Only eight US states require emissions tests for everyone.
18 states require no emissions testing at all.
The rest require testing in some parts of the state but not others.
(And only about 16 states require any kind of safety inspection. Which explains a lot of the crappy cars I see on the road around here.)
(Score: 2) by Grishnakh on Saturday August 19 2017, @04:30AM
That's correct about emissions tests, but it leaves out what portion of the population is covered by emission testing. I'm sure it's a large fraction, if not an outright majority. Here in Virginia, only a handful of counties in northern VA are subject to it. However, that's where more than half the population lives. In AZ, it's only needed for people who live in the Phoenix or Tucson metro areas; but that's probably well over 90% of the population of that state.
(Score: 4, Informative) by Grishnakh on Friday August 18 2017, @06:45PM (46 children)
How is this any worse than someone cutting your brake lines like in the old movies?
If someone has physical access to the inside of your car, there's no telling what they can do.
But if the CAN bus is exposed to the internet somehow, that's definitely a massive design failure and should be harshly punished.
Anyway, this is just a bunch of scare-mongering over "Hackers!!". Physical tampering with cars (including messing with the brakes, or even planting a bomb) has been a potential problem for many, many decades now, and it's never going to change: it's infeasible to drive a tank, and you'd need something built like that to really discourage physical access by intruders.
(Score: 2) by bob_super on Friday August 18 2017, @06:47PM
> it's infeasible to drive a tank
GM/Ford/Chrysler: "Challenge accepted!"
(Score: 0) by Anonymous Coward on Friday August 18 2017, @07:24PM (4 children)
All of the older protocols are fairly wide open. The security was the impossibility to get AT the cable. That is no longer true. Then with IoT the bend it to be wide open on the internet. Usually behind some proprietary protocol. If you are lucky they may SSH it.
If you think it is bad. It isn't. Its much much worse.
(Score: 2) by Grishnakh on Friday August 18 2017, @08:17PM (3 children)
The security was the impossibility to get AT the cable. That is no longer true. Then with IoT the bend it to be wide open on the internet.
What are you talking about? It still is true, at least on my '15 car. As I said before, if a car has exposed the CAN bus to the internet, that's a design fault, and IMO should result in a full recall. I've heard of some shitty Jeeps having this, but that's what you get for buying a Jeep. It's entirely possible to design a car so that the vehicle systems are not exposed to the network.
(Score: 3, Interesting) by fraxinus-tree on Friday August 18 2017, @09:13PM
The CAN bus is not, by design, open to the Internet, in a sense it doesn't have a dedicated interconnecting device. Then again, it happily connects in peer-to-peer manner both safety-critical systems (brakes, steering, engine, transmission, lights) and the utter bullshit the modern cars are full of - tracking/"security"/remote control (cell, rf and/or BT connected) system, all the infotainment crap (BT/wifi/3G enabled, too) and so on.
Rest assured, no one really cares about the car radio security right now.
(Score: 1, Informative) by Anonymous Coward on Saturday August 19 2017, @04:54AM
It's entirely possible to design a car so that the vehicle systems are not exposed to the network.
You missed my point and sailed on by it then waved as you went by.
It is entirely possible to keep them seperate. However in IoT many companies are building huge data gathering systems built upon the fact that these networks are open. The small handful that are closed are usually behind laughable 'security'. Such as a knock code or slightly randomized port tickling. With the old protocol sitting behind it. Dead easy to sniff.
Physical access is easy to get at in most cars. However, the whole network is insecure by default. With some systems you can jump a bit from usb->radio->controller->CAN. This is not a terribly hard exploit to pull off. Where if you have physical access you can just grab the can port under the dash. However, many of these infotainment systems have cell and wifi modems in them. I worked with sever of the large manufactures a few years ago in their system they were getting ready to launch. I bailed out but they are just hitting the market now. They are not secure by design. They are designed as feature points.
(Score: 2) by tangomargarine on Monday August 21 2017, @03:00PM
Nobody is saying it's impossible; it's just cheaper and lazier to not design it properly.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 3, Interesting) by mhajicek on Friday August 18 2017, @08:26PM (25 children)
It's worse because it can be done remotely, perhaps even from the other side of the world. With On-Star, navigation, Bluetooth, and entertainment systems on the same network as mission critical functions it's as if it were designed to be pwned. Add to this that a lot of modern cars are drive-by-wire and have no physical linkage between the controls and the throttle, steering, or brakes and it's a perfect setup for remote plausibly deniable assassination.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by Grishnakh on Friday August 18 2017, @08:57PM (14 children)
Total bullshit. You obviously have no idea what the hell you're talking about.
Add to this that a lot of modern cars are drive-by-wire and have no physical linkage between the controls and the throttle, steering, or brakes
Bullshit. You're lying. Prove it.
(Score: 3, Informative) by requerdanos on Friday August 18 2017, @09:35PM (13 children)
Drive by Wire/DbW is growing in popularity.
Back in 2013, Wired reported [wired.com] a drive by wire vehicle by Infiniti, the Q50. The tech has grown and grown since then.
Cars from Toyota and Nissan [edn.com] also feature DbW technology, as do cars from Ford/Lincoln [wardsauto.com].
At least one manufacturer of aftermarket parts [jmschip.com] asserts that all modern cars use DbW technology in at least the throttle linkage if not other systems.
The footnotes from the bottom of the Drive by wire [wikipedia.org] wikipedia page are a decent intro to the subject. Note that gp says "a lot of modern cars," not "most cars" or even "most modern cars." "A lot" here means "more than you might think," which turned out to be true. Whether it's in the area of steering, or throttle, or brakes, there's more drive-by-wire out there than you seem to have thought.
The reason that's probably relevant here is that it gives not only access to tampering with controls, but tampering with controls that the driver might have thought that he was connected to, but turns out not to have been.
Say for example someone's handing out little car "monitor boxes" that attach to OBD ports and promise to produce a report helping with your insurance rates*. That's plausible access via social engineering directly into the CAN that controls these systems. Potentially not good.
* mentioned for illustrative purposes only. Please do not social engineer access to someone's car in this way.
(Score: 2) by Grishnakh on Friday August 18 2017, @09:47PM (1 child)
Drive-by-wire is where there's no physical linkage, as the parent poster asserted. DbW is indeed very commonplace on modern cars for the throttle.
I challenge you to show me any example of a car which does not have a physical linkage for either the brakes or the steering. They don't exist; safety standards likely wouldn't even allow it.
Note that this is not the same as electric steering (where an electric motor provides assist to the rack-and-pinion steering system); this is very common on cars made in the last 5 years or so. It's also not the same as ABS systems which incorporate active braking (for collision detection systems); they still have a master cylinder and hydraulic lines going to the brakes, and the ABS module is designed to be fail-safe.
(Score: 2) by mhajicek on Friday August 18 2017, @11:34PM
You obviously didn't read. The Infinity Q50 mentioned by GP is steer by wire. if you have anti-lock brakes you have at least partial brake-by-wire (at least as far as pwning potential goes), as in the car computer has the ability to un-apply the brake (which is necessary for anti-lock braking) and could theoretically prevent the brake from ever being applied at all.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by Grishnakh on Friday August 18 2017, @10:00PM (10 children)
Ok, I went through your links briefly and it seems there is one car (a high-end Nissan/Infiniti) that has some really stupid drive-by-wire steering system. That's the first I've heard of this, and it certainly isn't normal for even the newest cars. It also retains a mechanical connection, but has an electromagnetic clutch to decouple this connection when the system is operating (that way, if the car is dead and you need to turn the wheels to push it off the road, you can do so). So I stand corrected on this, but again just barely because it's not a common thing at all, and again the mechanical connection is still there.
I still challenge you to find an example of DbW braking. I honestly can't imagine how that would ever be done because you need to be able to stop a car even when all electric power is gone. You'd have to do something like the aforementioned DbW steering system with a mechanical fall-back, and at that point it's questionable how there's any benefit to DbW at all. It's not like you need it for autonomous driving; we already have cars that can brake themselves in emergencies (my close-to-economy car has it even), and it's pretty simple and cheap to do too, as it's just part of the ABS system that hooks into the hydraulic system. What's the benefit? Eliminating the hydraulic slave cylinders? You'll still need calipers and pads, and I can't see how a sufficiently torquey electric motor would weigh any less than a slave cylinder that's built into the caliper.
(Score: 5, Interesting) by mhajicek on Friday August 18 2017, @11:50PM (9 children)
Hadn't seen this when I replied to your above post.
For hacking / pwning purposes, a mechanical fallback is useless unless the driver has a panic / E-Stop button that forcefully disengages all computer control and puts everything in manual mode, and even so the drivers reaction would probably be too late. The mechanical clutch in the Infinity will not engage manual steering if your steering is pwned, only if power is cut or the computer decides to allow you to steer. Any car with any auto-driving capability (how many have parking assist and lane-keeping now?) has at least partial steer-by-wire and brake-by-wire, even though it may still have a mechanical linkage. This is more than enough for a pwned controller to swerve the vehicle into oncoming traffic, well before the driver could react and fight the controls.
The best part is that unlike a cut brake line, this would leave no physical evidence of tampering. It could even be possible to remotely return the computer to its original state leaving no evidence whatsoever. There have already been some awfully suspicious cases of people who were about to testify against powerful people all of a sudden fatally crashing their cars at high speeds (and with melted brakes!) and that was years ago when the hackers probably only had access to throttle control.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2, Disagree) by Grishnakh on Saturday August 19 2017, @04:46AM (8 children)
For hacking / pwning purposes, a mechanical fallback is useless unless the driver has a panic / E-Stop button that forcefully
You said before that modern cars didn't even have mechanical linkages, which is plainly wrong (except for throttles, which really doesn't matter because you'll never want to *increase* the throttle input when you're having a major malfunction, and a mechanical linkage would only allow an increase, not a decrease, since throttles use a cable). You're moving the goalposts. You're only partially right here: if a car has an electric motor for steering assist, it's quite possible to overpower that motor if you're in a panic; even if you can't completely overpower it, it may be enough until you can hit the engine power button to turn the car off.
There have already been some awfully suspicious cases of people who were about to testify against powerful people all of a sudden fatally crashing their cars at high speeds (and with melted brakes!) and that was years ago when the hackers probably only had access to throttle control.
1) Citation needed.
2) There is probably no car on the market (except maybe some exotics, and even then it's doubtful) where the engine can overpower the brakes, as long as the brakes are working properly. Every case of "unintended acceleration" where the driver crashed, and had a decent amount of time to react, is a case of driver error: there is simply no way you cannot make a car stop even if it's at full-throttle; you just press and hold the brakes. This whole thing is a big myth out of bad 1970s TV shows, just like cars that explode is a giant fireball as soon as they have a fender-bender or fall off a cliff (long before they hit the bottom). Now, if you simultaneously command the throttle to 100% and also disable the brakes, then sure, but that wouldn't manifest in "melted brakes", the brakes would be unharmed.
(Score: 2) by mhajicek on Saturday August 19 2017, @05:25AM (7 children)
You're sticking on an irrelevant technicality. Sure there may be a mechanical linkage to the brake, but you will not be able to overpower the ABS system if it's set to keep the brake open. Regarding brake vs throttle, I'll say citation needed back at you, since I'm sure you've done an exhaustive study of comparative brake and engine forces. And if you drive with one hand loosely guiding the steering wheel as most do, good luck preventing the system from sharply swerving you off the road without warning. Even if you car is not technically fully drive by wire, it is likely drive by wire enough that you cannot stop it from driving you into oncoming traffic.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by Grishnakh on Saturday August 19 2017, @03:30PM (6 children)
Regarding brake vs throttle, I'll say citation needed back at you, since I'm sure you've done an exhaustive study of comparative brake and engine forces.
Wow, are you really that clueless? Go sell your car now and stop driving, because you are too incompetent to be driving.
Car & Driver did an extensive test on it right here:
http://www.caranddriver.com/features/how-to-deal-with-unintended-acceleration [caranddriver.com]
Here's a discussion where someone does some high-school physics analysis (probably beyond you) in one comment:
https://community.cartalk.com/t/brakes-vs-engine/56292 [cartalk.com]
(Score: 2) by mhajicek on Saturday August 19 2017, @06:02PM (2 children)
You're sure in a childish mood, aren't you? I'll refrain from responding in kind.
If what you say is true this guy shouldn't have had any problem stopping his Prius:
"Closed captioning of: Driver claims Prius went wild on freeway
live interview.
but we begin with the wild ride involving a runaway toyota prius on a highway in california. miguel almaguer has more details.
reporter: the 61-year-old driver who has a heart condition says he did everything he could to slow down that prius , but he says the car kept going faster and faster. wedged behind a california highway patrol cruiser, the 2008 prius sat idle after a terrifying 30-mile ride that nearly cost james sikes his life.
still shook up.
reporter: it began when he tried to pass another driver and his car accelerated out of control. as he dodged other vehicles, sikes says the brakes didn't work. soon, he was doing 90. he called 911.
i was on the brakes pretty healthy. it wasn't stopping, wasn't doing anything to it, and just kept speeding up.
reporter: the patrol car pulled alongside using the p.a. system to relay instructions -- keep pressure on the brake, try to shut the car off.
when i saw him, i could smell the brakes. i saw his brake lights coming on.
i was standing on the brake pedal , looking out the window at him, and he said, "push the emergency brake , too," and i laid on both of them.
reporter: suddenly, the car began to slow down, dropping to 55 miles per hour. the chp cruiser moved in front of the hybrid, guiding the prius to a stop on the interstate. sikes just had his car serviced at a local dealer. mechanics told him his car wasn't a part of any recall, but eventually, some prius models were recalled for floor mats or brake problems. toyota 's recalled 8.5 million vehicles worldwide and 6 million here in the u.s. now the company says it's investigating this latest incident.
do you solemnly swear --
reporter: just last month, congress held hearings on the toyota recalls after the government received complaints of over 30 deaths linked to sudden acceleration since 2000 .
it's really starting to feed in and fuel a sense that possibly toyota really doesn't know what the situation is and it's a mystery that we're all going to have to discover together.
reporter: the investigation into what happened in this case could take weeks, but damage to toyota 's reputation may already be done.
i won't drive that car again, period.
reporter: this morning, both the california highway patrol and toyota say they are investigating the incident. in fact, toyota officials say they're sending a representative here to southern california to take a look at that car. matt?
hey, miguel , the highway patrolman said he told the driver to turn the ignition off. the driver did not do that, though, correct? why?
reporter: the driver said he did everything he could to turn off that car, matt, and of course, remember, these priuses don't have those key switch ignitions, they have those buttons, and the driver may have had some concern that he would have lost his power steering at speeds up to 90 miles per hour, but he does say he did everything he could to turn off that car.
all right, miguel almaguer for us this morning. miguel , thanks very much. it's now five"
http://www.nbcnews.com/id/35783011/ns/business-autos/t/how-stop-your-car-when-throttle-stuck/#.WZh8LFV96iO [nbcnews.com]
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 1, Troll) by Grishnakh on Sunday August 20 2017, @12:31AM (1 child)
You're a fucking idiot. C&D tested this stuff as I showed. I remember this incident well; this guy wasn't in any danger, he was making the whole thing up so he could sue Toyota.
The brakes work fine in an incident like that; you step on them and stop the car. Priuses do not have a lot of power. And his lies about not being able to turn off the car are bullshit too; you just press and hold the start button.
Give it up. You have no fucking clue what you're talking about, and it becomes ever more apparent with each of your pathetic replies.
(Score: 2) by mhajicek on Sunday August 20 2017, @06:37AM
You're a childish ninny. But that's ok, you have the right to be wrong.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by mhajicek on Saturday August 19 2017, @06:05PM (2 children)
Also, since you've never done any hard driving:
https://en.wikipedia.org/wiki/Brake_fade [wikipedia.org]
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 1, Troll) by Grishnakh on Sunday August 20 2017, @12:28AM (1 child)
You're clueless. You don't get brake fade unless you're driving around a track and using the brakes continuously, but never actually stopping. That's totally unlike driving along with cool brakes and suddenly having a stuck accelerator; in that case, you just slam on the brakes and stop.
You really think you know better than the people at C&D? You moron.
(Score: 2) by mhajicek on Sunday August 20 2017, @06:41AM
Insulting people always wins them over to your side of the argument.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2, Informative) by Anonymous Coward on Friday August 18 2017, @09:00PM (9 children)
on the green site. I got a degree in automotive technology. Everybody scoffed when I pointed out how just the standardized since the 90s ABS/airbag systems could be used for assassination, and how adding throttle by wire and steering by wire just made it slightly easier.
Today, with entertainment systems tied in (for vehicle monitoring, another convenience over security feature), and many of those same entertainment systems containing cellular access, including always on systems like onstar with unknown but privileged individuals having potentially full access to your car's systems in real time, the threat of remote assisted assassinations through vehicle faults are greater than ever. While the concern over terrorists using such systems to drive unmanned suicide vehicles is obvious, many of those same people have a cognitive dissonance at home when they live in the SAME COUNTRY THE VEHICLES ARE DESIGNED AND BUILT, and under a government who has been known to do whatever is necessary to take care of particularly annoying individuals, whether they are protesting for black rights, or whistleblowing on government corruption. Adding such a lucrative, easy to use, and difficult to identify exploit to take care of troublesome individuals is a huge advantage for the less morally scrupulous members of the American enforcement apparatus (note: not 'law enforcement', although there may be some overlap.)
(Score: 2) by Grishnakh on Friday August 18 2017, @09:10PM (7 children)
So are you saying it's smart to buy cars not designed or built in the US?
How many times has someone been assassinated by vehicle this way anyway?
(Score: 4, Insightful) by mhajicek on Friday August 18 2017, @11:54PM (6 children)
I think he's saying drive an old or custom built car with no electronics in the primary systems if you are, or may become, or may be mistaken for or associated with a political dissident and want to live.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 1) by anubi on Saturday August 19 2017, @12:24AM (5 children)
Its my belief my government will use these backdoors to shutdown civilian vehicles in the event of civil unrest which I feel is likely to occur at the next financial crash, as the cushion of kicking the can down the road by dropping interest rates is no longer an option.
The elite have a vested interest that their enforcement stuff works, while everyone else's stuff does not, should history repeat itself when the masses decide they have had enough.
Reference to how the French people had to free themselves from their subordination to a burdensome elite.
I believe today's elite are being proactive in getting their wishlist enforcement mechanisms in place.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Reziac on Saturday August 19 2017, @02:45AM (4 children)
This won't work so well here in flyover country, where the average vehicle age is about 20 years older than in the coastal metros.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 3, Insightful) by mhajicek on Saturday August 19 2017, @05:31AM (3 children)
Not yet anyway. That could change if they pass laws making older, less efficient cars illegal or put outrageous licence fees on them. Eventually they'll mandate automated cars "for everyone's safety."
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by Reziac on Saturday August 19 2017, @05:44AM (2 children)
Yeah, that'll go over real well in farm country.... I imagine it will be attempted, as you say, but enforcing it is another matter.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 1) by anubi on Friday August 25 2017, @09:46AM (1 child)
My guess is that they will just refuse to renew registration.... then take the thing on the road at your own risk.
Trying to keep some farmer from using a diesel engine on his farm stuff would probably be as impossible to control.
My hope is enough rich people have diesel toys, and Congress won't want to disappoint them.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Reziac on Friday August 25 2017, @02:08PM
Fortunately, vehicle registration is a state matter, not federal. And most farm states don't register farm equipment. If you want to see a quiet insurrection, try and regulate away pickup trucks where they actually work for a living.
I've been told by owners of electric vehicles that they're fine on dry pavement, but have no torque and are not fun at all on a road lumpy with old ice. I can imagine how useful they'd be as tow rigs, especially since most are front-wheel-drive... kind like the old tagline...
Optimism: Yugo with a trailer hitch
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by tangomargarine on Monday August 21 2017, @02:51PM
Unmanned? I think the more likely scenario is they hijack cars with people in them and run them into X location/crowd of people. 9/11 on the ground* makes it more terrifying, and those brake recalls a few years back show that the vast majority of drivers don't know how to stop their car with the throttle stuck open, let alone the car fighting them in other ways.
*okay the numbers differ but my point is there were people in the airliners too
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by mhajicek on Friday August 18 2017, @08:35PM (13 children)
Sorry to reply twice, but I have to add that it's also worse due to the totality of control that could theoretically be usurped. If someone cuts my brake line, I should start to notice the brakes getting weaker over time, or perhaps even that the brakes aren't working at all when I back out of the driveway. At such time I can let off the gas, pull over and stop the car with the handbrake, turn it off, and assess the situation. If someone hacks my car, it could function perfectly normally until I'm going 70 on the freeway, and then the brakes could completely cease functioning at the same time that the throttle goes wide open and the steering makes a slight swerve to the left into oncoming traffic. Attempting to turn the key to the off position may have no effect, or could cause the vehicle to go limp, with no steering or brake control depending on the design.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by Grishnakh on Friday August 18 2017, @09:09PM (2 children)
Or someone could put a bomb in your car that's connected to the ignition, so that it only blows up after you start the car. People have been doing that for ages; the IRA was infamous for it. Should we all be worried about car bombs now?
(Score: 2) by mhajicek on Friday August 18 2017, @11:58PM (1 child)
Big difference: that's an obvious assassination and would require a criminal investigation. Explosives have chemical fingerprints which can help track down their origins. Someone would have to have physically messed with the vehicle and might have been recorded doing so. Someone drives into oncoming traffic at 100MPH and kills themselves (and the innocent occupants of the other vehicle) and no one bats an eye. Happens all the time, maybe they were drunk. No physical access required.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by Reziac on Saturday August 19 2017, @02:49AM
And your modern-deathtrap-scenario may not even require that code be altered; it may only require that communication among the car's various critical parts be selectively interrupted for a few seconds. Which might be recorded by a black box, but would still be a lot harder to pin down than say a severed brake line.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by VLM on Friday August 18 2017, @09:14PM (9 children)
The most likely hack is some kind of economic hack where you can cause $10B damage to the economy of XYZ country by a software virus that takes 5 years off the life of the cat converter or helps the car emissions increase or wastes gas. Nobody will patch or fix if it "looks and sounds OK" but unfortunately the catconv is overheating to the point of vaporizing off the catalysts or something.
(Score: 2) by requerdanos on Friday August 18 2017, @09:40PM (8 children)
"The most likely hack" is to make the exhaust slightly less clean and stress the parts more so they have shorter maintenance intervals?
I grant the possibility that someone will think of that (you just did, after all), but I balk at believing that that will be the most common nefarious activity associated with vehicle hacking.
(Score: 2) by VLM on Saturday August 19 2017, @01:28PM (7 children)
Most commonly known, you mean. There's a lot more slightly crooked car mechanics out there than outright hollywood murder plots.
I suspect some "hacking" like I'm talking about will just be stupidity. My local tire place inflates all tires to 40 psi regardless of door sticker and pencil whips the little pressure report form after the fact. Other than that they do a good job, so I don't care too much, but it is kinda a joke.
They'll be a lot of "whoops I loaded your cooling system thermostat with the wrong temp resulting in 5% faster engine block wear" for every spectacular hollywood movie plot murder.
(Score: 2) by Grishnakh on Saturday August 19 2017, @03:34PM (5 children)
My local tire place inflates all tires to 40 psi regardless of door sticker
Door stickers are irrelevant. Carmakers don't manufacture tires, and if you've ever changed your tires, you're probably not using OEM model tires anyway. They usually set tire pressure recommendations lower to increase passenger comfort. Any decent tire these days can handle well over 50psi maximum, so accounting for pressure increase due to temperature, 40psi is a good spot usually for fuel efficiency without being unsafe or overinflating the tire (which would cause uneven wear).
(Score: 2) by VLM on Monday August 21 2017, @01:56PM (4 children)
I agree with all of that with two minor quibbles:
1) My car(s) only take roughly one size tire and they're all about the same. I suspect there's less than 1% difference in shape. There is probably a big difference between models in terms of rubber hardness / lifespan / friction and tread pattern pumping water out of the way. But the shape can't vary too much with model.
2) pressure times area "must" equal car weight, and higher pressure equals rounder tire, so theoretically low pressure should have longer front/back leading to better front back acceleration and braking, while higher pressure should have longer side to side contact leading to better turning performance. So there is a slight aspect of accident avoidance.
(Score: 2) by Grishnakh on Monday August 21 2017, @03:27PM (3 children)
2) pressure times area "must" equal car weight, and higher pressure equals rounder tire, so theoretically low pressure should have longer front/back leading to better front back acceleration and braking, while higher pressure should have longer side to side contact leading to better turning performance. So there is a slight aspect of accident avoidance.
Theoretically, but today's tires are very rigid, they're not like balloons, so I think the physics is a lot more complicated than that. Normally, when a tire is underinflated, it actually deforms so that it wears more on the edges of the tread, and not in the center, whereas when it's overinflated, it's the opposite: the edges will be untouched and the center will be worn. But these are extremes; today's tires again are very rigid so there's a big zone in the middle where it doesn't make that much difference in wear. To really scientifically test it, you need a pyrometer, which can tell you the temperature of the rubber across the tread of the tire. You use that right after stopping after some serious driving (such as on a highway; pull over and immediately test the tread temperature). Serious racers use these to optimize their inflation pressures. But normal drivers aren't likely to notice any difference in performance, and a few psi either way isn't going to have any noticeable downsides other than a slight hit to fuel economy if it's lower pressure.
1) My car(s) only take roughly one size tire and they're all about the same. I suspect there's less than 1% difference in shape. There is probably a big difference between models in terms of rubber hardness / lifespan / friction and tread pattern pumping water out of the way. But the shape can't vary too much with model.
A fair number of people change the wheels on their car, which means also changing the tire size. To do this correctly, and get the same outer diameter (so your speedometer works correctly and suspension and gearing aren't adversely affected), you change the sidewall height to compensate; this is called "plus 1", "plus 2" etc. if you're increasing the rim size. You can also change the width of the tire slightly with the same rim; sometimes people do this because their car came with an unpopular size and they get more selection if they get a tire that's 10mm wider. Rim sizes don't perfectly match up with tire widths, so a 7" rim can hold a (guessing here) 205 or 215 without noticing much difference. Frequently on the same car, there'll be two different rim sizes, one for the base model and one for the premium model, but the gearing and everything is the same. If you calculate it, there's a slight (less than 1%) difference in outer diameter between the two. But tires wear down as they're used, so there's also a difference between brand-new tires and ones at the end of their treadlife. So speedometers and odometers really aren't that accurate; there's no way for them to be without doing regular calibrations as the tires wear.
(Score: 2) by Reziac on Friday August 25 2017, @02:17PM (2 children)
Huh. And my complaint when looking for tires for my old pickup, which actually hauled loads, was that nowadays most have overly flexible sidewalls. And finding tires stiff enough to not get sidewall wear on the dually was an Adventure.
Tho nowadays my first criterion is Made In USA, because those damn Chinese tires apparently don't vulcanize the rubber quite correctly, and it cracks prematurely. I have tires laying in the sun in my yard that are ~40 years old and not cracked; I've seen Chinese tires get deep cracks and start to peel apart inside of two years.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by Grishnakh on Friday August 25 2017, @03:00PM (1 child)
And my complaint when looking for tires for my old pickup, which actually hauled loads, was that nowadays most have overly flexible sidewalls.
I'm talking really about car tires, and comparing to car tires of decades ago.
I don't know a lot about trucks and their tires, but I think you need to get the 100psi tires for a truck if you want load-hauling ability.
Tho nowadays my first criterion is Made In USA, because those damn Chinese tires apparently don't vulcanize the rubber quite correctly
The best overall car tires are probably made in Japan or the US (and a lot of US-made tires are made by Japanese companies: Bridgestone and Yokohama).
(Score: 2) by Reziac on Friday August 25 2017, @03:52PM
Yeah, nowadays I'm using Load Range E. 10-ply, middling-high PSI. The ones I've got now are Cooper under some other name.
Dunno about now but I had Yokohama tires back around 1980, and they didn't wear great, tho I suppose by now they're better. Sometimes it's luck of the draw, tho. Got a set of Winstons that came apart within a couple years; their warranty replacements (all four wheels) went 80,000 miles (yes, really!) over 20 years, and still weren't completely shot.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by requerdanos on Saturday August 19 2017, @09:59PM
No, I meant the most common in terms of exploitation, but I do see your point about the car mechanic profit padding angle.
(Score: 0) by Anonymous Coward on Friday August 18 2017, @07:38PM (5 children)
This is a feature not a flaw. I've used this for years to modify my vehicles systems and I would be really upset if it were changed.
(Score: 2) by fraxinus-tree on Friday August 18 2017, @09:16PM (4 children)
It is a feature when you fiddle with the settings. OTOH, a single infotainment system exploit is enough for someone to disable your brake servo.
(Score: 3, Insightful) by bob_super on Friday August 18 2017, @09:45PM (3 children)
Noticed how the brakes die when you lose power?
Oh wait, they don't! Critical stuff has mechanical links: drive, brakes...
You can assassinate someone by hacking their "autopilot" maybe, but trying to kill by cutting the brake assistance or the power steering is only gonna work on a very limited subset of targets and circumstances.
The guy selling a gun for a Franklin at the corner of the street is a more reliable solution.
(Score: 4, Insightful) by mhajicek on Saturday August 19 2017, @12:03AM
The brakes in most modern cars get very weak when the power is off. Technically you still have brakes, but you have to really stand on them to get them to do anything. Add to this that the ABS system could be pwned to fight against you and you're free-wheeling.
Yes, shooting is faster, easier, and much more reliable, but it's also far more obvious and traceable. The shooter is likely to get caught, and unlikely to keep quiet about who paid him. Assassination by car hacking isn't likely to leave any traces of wrongdoing, and even if wrongdoing is strongly suspected it would be very difficult to trace back to the instigator.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by fraxinus-tree on Monday August 21 2017, @08:26AM (1 child)
>Oh wait, they don't!
They pretty well do. Engine out and you have vacuum for 3-4 more brake actions and then the pedal solidifies. Yes, it still works, but you have to be strong enough, be ready to push hard and on everything heavier than about 2 metric tons you are not strong enough to do emergency braking. And I still talk about the usual passenger car w/ vacuum-assisted hydraulic brakes, implying that ABS is out, too. Regenerative braking systems (on electric/hybrid), air-powered brakes and everything else that does not have a direct connection between the pedal and the brake caliper is a different story.
And what is worse, anyone w/ AK-47 on the street is limited by the number of bullets and the physical proximity to the targets. Imagine a hack that disables brakes on 2-3% of the cars nationwide (and "nationwide" limit is arbitrary anyway).
(Score: 2) by Reziac on Friday August 25 2017, @02:20PM
Never mind nationwide; just pick a few random spots on a Los Angeles freeway while everyone is traveling bumper-to-bumper at 70mph. One disabled vehicle equals ~100 in the pileup.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by nobu_the_bard on Friday August 18 2017, @07:41PM (3 children)
I didn't read the article. Or the summary. Read most of the headline. I presume the problem is people finally noticed that the so called "security" of these vehicles can be defeated with a sufficient quantity of explosives. I look forward to the practical testing to determine the precise amount for each new vehicle.
(Score: 2) by MostCynical on Friday August 18 2017, @10:52PM (2 children)
Car security can also be defeated (for normal cars) by a hammer. Precise location for use of such a device is given away by the fact that they are "glass". This material is totally unsuitable for use in vehicles, and should be stopped immediately.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Saturday August 19 2017, @02:30AM (1 child)
Spoken like someone that's never actually tried to defeat safety glass with a hammer.
(Score: 2) by MostCynical on Saturday August 19 2017, @06:08AM
There used to be a really large wrecking yard with cars piled up three high, where you took your own tools and removed whatever part/s you needed, then dragged them toma shed where they'd tell you how much you owed.
Really cheap, and and OH&S nightmare.
When cars had been 'picked clean', they'd move them to an area where they'd wait to go through a crusher. Once they were in that area, they wasn't as much comcern shown. Safety glass breaks, although windows in older cars were more fun to smash.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 5, Informative) by Arik on Saturday August 19 2017, @02:28AM (1 child)
Some assholes that were getting paid more than I've ever seen approved it, and you know what? They keep their pay. Probably retired with honors by now. Even though they designed a system that any reasonably bright 12 year old in the area could and would break out of boredom.
And recruits from the same pool of assholes are currently designing cars that drive themselves. I hope you feel safe.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by Reziac on Saturday August 19 2017, @06:06AM
Perhaps not coincidental, today's remarks from Don Norman:
https://www.jnd.org/dn.mss/seeing_the_unforesee.html [jnd.org]
"Fully autonomous vehicles? Programmed to be safe, not to crash into me? Hey! I can ignore it. Drive or walk the street in front of it, regardless of traffic lights. Deliberately stand in front at an intersection, preventing it from moving forward. Hold a mirror in front of its video or laser sensors - that ought to confuse it. What a wonderful source for entertainment, tricks, and trouble making. Yup, autonomous vehicles."
And there is no Alkibiades to come back and save us from ourselves.
(Score: 3, Informative) by canopic jug on Saturday August 19 2017, @03:15AM
The source used for the summary is pretty lame. Please avoid it in the future. You can be sure if something turned up there, it was elsewhere much earlier and better.
Money is not free speech. Elections should not be auctions.