Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday January 08 2019, @02:48AM   Printer-friendly
from the it-takes-a-thief-... dept.

This coming summer the Society of Automotive Engineers (SAE) is running their 8th annual security workshop — details at https://www.sae.org/attend/cyberauto

The SAE CyberAuto™ Challenge brings together students and engineers from different backgrounds, industries, and organizations to collaboratively seek new information on automotive cybersecurity. No matter your perspective of participation at CyberAuto Challenge, your experience will benefit you now and in the future:

  • High school and college students work with in-service vehicles and their production code, software stacks, and internal electronics
  • Automotive engineers learn new ways to think about vehicle security and safety
  • Government officials gain new perspectives about vehicle security and safety while engaging one-on-one with the next generation of cyber professionals
  • Researchers developing emerging techniques to find real solutions to cybersecurity challenges and engage the next generation cyber-auto engineers.

This AC has no idea if you can really teach security, but at least someone is trying. It's also possible that SAE is training the other side? The page has a glowing testimonial that ends:

To sum it all up: thank you. That five days of the CyberAuto Challenge changed my life.”

–Vanya Gorbachev, 2018 CyberAuto Challenge participant


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Tuesday January 08 2019, @03:11AM (5 children)

    by Anonymous Coward on Tuesday January 08 2019, @03:11AM (#783541)

    On a related page SAE says,

    With 100 million lines of code and counting (that’s 40% more code than runs Facebook) and 100 million electronic control units, the modern automobile presents challenges for developers and opportunity for hackers. In its eighth year, the 2019 SAE CyberAuto Challenge™ brings together all of the players—from researchers, hackers, engineers, and aspiring students—at this groundbreaking event in automotive cybersecurity.
    As a participant in the CyberAuto Challenge you will take part in an intensive five-day practicum-based workshop. You will learn and do:

            Both classroom lessons and discussions that are paired with hands-on experience with fully production cars, software, and electronics
            Full interaction with a cross section of industry professionals, including engineers, government engineers, and “white-hat hackers”
            The opportunity to perform analysis and provide input on current model, full-feature cars.

    Any idea if those numbers make sense?

    • (Score: 2) by The Mighty Buzzard on Tuesday January 08 2019, @03:18AM (3 children)

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday January 08 2019, @03:18AM (#783544) Homepage Journal

      Not in a car they don't. That's entirely too many places to hide really unfortunate bugs. The only complex electronics on my next car are going to be housed in the radio. Yes, radio not touchscreen infotainment center. Thankfully, I'm capable of making that happen my own damned self even if the thing comes with more processing power than my desktop when it rolls off the showroom floor.

      --
      My rights don't end where your fear begins.
      • (Score: 0) by Anonymous Coward on Tuesday January 08 2019, @12:56PM (2 children)

        by Anonymous Coward on Tuesday January 08 2019, @12:56PM (#783631)

        > The only complex electronics on my next car are going to be housed in the radio.

        Not sure about your state, but to pass a NY annual vehicle inspection (required) they plug in an OBDII tester and look for any emission system faults including system modifications. I tried once with a car that just had a new battery installed (computer powered down) and the inspector told me I had to drive it for 30-50 miles before the computer would give useful results to the tester (I believe the computer slowly dials in the correct fuel and spark map?)

        Unless you plan to drive a pre-OBD vehicle forever (and put up with fussy old fuel and spark systems), this is going to be a tough requirement to meet with no engine computer.

        • (Score: 2) by The Mighty Buzzard on Tuesday January 08 2019, @04:36PM (1 child)

          by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday January 08 2019, @04:36PM (#783718) Homepage Journal

          No personal vehicle inspections in TN. Or in OK for that matter. I'm all good even if I move back some time in the future.

          --
          My rights don't end where your fear begins.
          • (Score: 1) by anubi on Tuesday January 08 2019, @11:14PM

            by anubi (2828) on Tuesday January 08 2019, @11:14PM (#783878) Journal

            Now, that's one of the main drivers behind why I bought and am renovating a 25 year old Ford / International 7.3L IDI Diesel van, even though I could have purchased a brand new machine.

            By now, I am pretty well conditioned to accept that " advanced technology" is the buzzword businesses use to mean I will agree to whatever their machine demands of me.

            --
            "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
    • (Score: 2) by MostCynical on Tuesday January 08 2019, @06:45AM

      by MostCynical (2589) on Tuesday January 08 2019, @06:45AM (#783576) Journal

      True or niot, 100 million seems to be what everyone quotes.. http://desigeek.com/blog/amit/2018/08/28/how-many-lines-of-code-does-it-take/ [desigeek.com]

      --
      "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
  • (Score: 2) by The Mighty Buzzard on Tuesday January 08 2019, @03:12AM (5 children)

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday January 08 2019, @03:12AM (#783542) Homepage Journal

    Sure you can. Paranoia and attention to detail can both be acquired as skills. They just take work like any other skills. The creativity that marks a genius rather than a clock puncher, that's another matter entirely.

    --
    My rights don't end where your fear begins.
    • (Score: 2) by Runaway1956 on Tuesday January 08 2019, @03:47AM (4 children)

      by Runaway1956 (2926) Subscriber Badge on Tuesday January 08 2019, @03:47AM (#783551) Journal

      Anyone who is concerned with security has probably heard or read that, and often. Security is a Process, not a Product. One problem seems to be that boards of directors and accountants and xOO's are only concerned with selling products.

      Security in the military is a process. No one sets up a couple guard posts, and calls it "secure". Roving patrols (yes, even aboard ship) are constantly checking on the status of whatever perimeters or systems they are responsible for. It can't be automated, it can't be neglected for some hours/days/weeks. It's an ongoing process, with human eyes and hands on.

      And, that is precisely what managers want to eliminate. They want everything automated, so that the humans can go on with something more fun, and less stressful, and less expensive.

      In the physical world, "security" often consists of a fence and some cameras. Take away the security personnel, and there is no one to defend the fence, or to monitor the cameras. At that point, the supposed security is no more and no less effective than a standard padlock. Everyone should be aware that a padlock only keeps honest people honest. Very few padlocks can keep me out, once I've decided to get in. Even fewer padlocks actually slow me down. It only takes a couple minutes to pick the standard Master padlock, and even less time to just destroy a lock. Cheap locks are easier and faster to destroy. And, if the owner/manager doesn't check on whatever he has trusted to a lock for a week, or a month, the "crime" may go unsolved forever.

      • (Score: 2) by aristarchus on Tuesday January 08 2019, @07:59AM

        by aristarchus (2645) on Tuesday January 08 2019, @07:59AM (#783589) Journal

        The most likely to be doxxed (from really stupid detail disclosures) Soylentil has this to say? We have your natsav trajectory, Runaway of too many specifics. Best STFU before your employer or your wife's church group finds out who you really are, and sequestors your artillery, so to speak.

      • (Score: 0) by Anonymous Coward on Tuesday January 08 2019, @01:01PM (2 children)

        by Anonymous Coward on Tuesday January 08 2019, @01:01PM (#783633)

        > Security is a Process ...

        Well put.

        How is this going to work with an automated highway, where my car has to make many secure connections with other traffic and the road (infrastructure), on a sub-one-second time scale. This is for things like the negotiation for a lane to move over toward the upcoming exit, or to know that the light is about to change (or whatever). No possible time for human intervention here.

        • (Score: 2) by Runaway1956 on Tuesday January 08 2019, @03:16PM (1 child)

          by Runaway1956 (2926) Subscriber Badge on Tuesday January 08 2019, @03:16PM (#783689) Journal

          For you, the individual human being chauffered around by a robot, the process should have been ongoing before you committed your life to that robot. You should be aware that BrandX Highway Robots have been exploited repeatedly in recent months - and updated, upgraded, or changed to BrandZ. Or, just shut that obsolete robot down, and run it through the trash compactor. The process involves keeping up to date on how many body bags have been utilized by which brands of robots.

          • (Score: 0) by Anonymous Coward on Tuesday January 08 2019, @05:11PM

            by Anonymous Coward on Tuesday January 08 2019, @05:11PM (#783741)

            Well, that puts a little perspective on a future incarnation of Soylent News -- keeping track of the source bodies soon to be processed into new soylent...

            I think I'll keep driving my own car and avoid (to the extent possible) areas that are infested with robot cars.

  • (Score: 0) by Anonymous Coward on Tuesday January 08 2019, @07:03PM

    by Anonymous Coward on Tuesday January 08 2019, @07:03PM (#783792)

    are these people using and creating Free Software or is this just a bunch of enslaveWare peddling whores misguiding the future generation to perpetuate their strangelhold on the industry?

(1)