This interview suggests that GM is really working on security, http://articles.sae.org/15549/
Personally, I'd like to see every automotive engineer and programmer thinking like a black hat, to incorporate that knowledge in all their work, but this is probably impossible in the near term.
Jeff Massimilla, who has been chief product cybersecurity officer at GM since the company initiated his unit in 2014, conceded in a recent interview with Automotive Engineering that although "you never want to go out there and say you have this all figured out," he is convinced that GM—and the broad industry—has learned enough through an intensive few years of research and a variety of collaborations to feel as confident as is reasonable when your world is an ever-changing threat environment.
And here's one you don't hear much from big-company managers in the post-Recession era: "We're very well-resourced and well-funded," he added. "We have the right people and personalities on the board of directors to understand the importance of this." The company's investment in cybersecurity is deep and serious he said, because "you can't separate cyber and safety."
And further down the same interview:
It takes engineers and other trained and experience personnel to research, collaborate resources, share learning, develop standards. Depending on your perspective, an organization of 90 may seem like a lot or a little to be devoted to cybersecurity, but Massimilla said one the auto sector's chief problems is finding those qualified people. Not only are traditional engineering and technical schools only now starting to develop cybersecurity-related curricula and students, "Some of the best cyber experts are not the people who go through college and get a four-year degree," he almost wryly reminds of the computer-expert stereotype that to a meaningful extent is based on reality.
"There's a lot of activity to create more talent," he said. Major universities are beginning to "work (cybersecurity) into engineering programs," but accreditation of those tracks takes time, he lamented—and meanwhile, countless other industries are under the same pressure to find immediate solutions to for[sic] cybersecurity's maddeningly indeterminate threats.
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @02:02AM
Very fluffy.
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @02:08AM (5 children)
Think like a black hat, get fired.
It's a perfect ruse to weed out the naive fools who would have become liabilities eventually.
Loyalty is success!
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @02:29AM (4 children)
GM is ahead of the pack in always on Big Brother technology, has been since the late 90s early 00s, and has been standard on all cars since.. just after they got bailed out by the Feds?
And keep in mind the shit they have in their cars is always on cellular with remote-kill capabilities, remote updating, cellular and/or gps positioning, and all sorts of other fun shit. OBD2e or OBD3 whenever it comes out was supposed to mandate similiar features in all new vehicles, although AFAIK it has so far remained piecemeal and manufacturer proprietary. But if this stuff becomes standardized, never trust your vehicle again, especially if you end up in a situation where the authorities consider you a threat.
(Score: 2) by JoeMerchant on Tuesday August 29 2017, @02:47AM (2 children)
You could always retrofit carburetors, or even DIY EFI control (ala MegaSquirt) onto your new 2018 vehicle. Replace the in-dash system, etc. After about $5K worth of mods, you can "own" the intelligence of your new vehicle again.
Україна досі не є частиною Росії Слава Україні🌻 https://www.pravda.com.ua/eng/news/2023/06/24/7408365/
(Score: 1, Informative) by Anonymous Coward on Tuesday August 29 2017, @03:17AM (1 child)
Yes, you could make all these mods, but if you are in a state that requires passing emissions you will be off the road at your next inspection.
In at least some cases, the OBDII port is used to confirm that the emission control system is working as designed... I suppose your system could be extended to pass phony sensor data to the original OBDII computer so that it would think it was still controlling the engine? Now things are getting pretty complex!
(Score: 2) by nobu_the_bard on Tuesday August 29 2017, @02:43PM
Or you could just find a mechanic you could bribe for an extra $50 to pass you on that point. My roommate used to do that.
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @03:24AM
Yep, On-Star does more than advertised. On the other hand, older folks who got it first in luxury cars were often pretty happy when they locked their keys in the car...and an On-Star operator was able to remotely open the doors for them. Or if the airbags went off and rescue was called to the crash scene immediately.
When it comes to spying, On-Star may have been first, but these days what I know about Tesla says they are collecting much more. Aren't they using "Autopilot" data as part of their giant beta test and street mapping operation? To accumulate the enormous mileage required to "fully" train an AI for self-driving, using actual fleet data (with all the near misses and hits) may be the only way.
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @02:14AM (1 child)
Don't make me hack SoylentNews! I'm crazy enough to do it!! I'll delete you all!!!
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @03:13AM
So what if you delete us all?
It might be a little (or a lot) harder than the "kill system" command on MIT ITS, but hardly any more satisfying,
http://web.mit.edu/quentin/Documents/Class%20Notes/STS.001/ [mit.edu]