US Wants Cybersecurity Protection Plan For Cars

coondoggie writes "As cars and other forms of transportation increasingly rely on online systems for everything from safety to onboard entertainment, the cybersecurity threat from those who would exploit such electronic control packages has also increased. That's why the US Department of Transportation (DOT) today issued a Request For Information to the security industry to help it build a roadmap to build 'motor vehicle safeguards against cybersecurity threats and assure the reliability and safety of automotive electronic control systems.'"

kill switch

[dotmax]

How come the first thing that came to mind was "they want to put a kill switch in my car?" They won't call it that, of course.

Re:kill switch

[blair1q]

No, they'll put in multiple switches and call it a Death Panel.

Re:kill switch

[Internetuser1248]

When I used to own a car, I had a mechanical kills switch installed anyway. It is a good idea. It meant I could leave the doors unlocked which in turn meant that no one tried to smash my windows to get in. I think they will try something more expensive and failure prone than that though. Since when do national governments ever go with the simple, cheap, effective option?

Re:kill switch

[EdIII]

You mean it will be no different than any other "security initiative". Meaning, that of course they want it to be as hack "proof" as possible, but allow law enforcement to have access at will.

I don't care how much you polish up that turd, how much lipstick on the pig, etc., you will never convince me that access by law enforcement cannot be misused and commandeered by either military forces in time of war, or criminals in search of profit.

The only security initiative worth discussing that is actually valuable to society is one in which ONLY the owner is granted access. Everything is encrypted, private, and anonymous. If the owner dies, then just recycle the parts and replace the control systems.

Of course, that kind of security does not support the supremacy of the state and enable a fascist government to operate. After all, I don't think we will ever convince them either that their monitoring and control of us is not for our own good and allows society to be stable.

In the meantime, we will continue to have insecure, ill-advised, and broken systems that make up the very foundation of our society that a special few have nearly complete control over through applied knowledge. Examples being, Sony getting owned, RSA getting owned, Wikileaks and the US, etc.

Our only security is in numbers, but that won't matter when they connect up the new digital grid and a 16 year old pissed of Iranian or Chinese hacker takes the power down on the entire East Coast because the sysadmin was an underpaid idiot that spent all of his time searching for young teenage porn.

Re:kill switch

[davester666]

How about "Don't connect the vehicle electronics to any internet connection" for starters. Even if it costs an extra $0.05 over sharing a few transistors.

Of course, if they can't do it for nuclear power stations, why bother with cars?

Re:kill switch

[ewanm89]

Considering it only takes one bent copper or dodgy judge (if warrant is needed) to misuse any law enforcement access. I'd say there is misuse of every access right they have at sometime or another. That's all assuming it's not a country where the whole establishment isn't fascist in it's policies and procedures.

what would make them even safer is

[FudRucker]

dont include networking in automobile computer systems at all, just enough to run the car things like air/fuel mixture (the basics) you cant hack what does not exist..

Re:what would make them even safer is

[Grishnakh]

You don't need to go that far. Networking can be very useful in a car, for the navigation/entertainment/communcation system. Why have a nav system where you have to buy updates on DVD for $300 every year, instead of just downloading them for free whenever you're connected to a WiFi hotspot?

The key is separation. The nav/comm computer does NOT need to be connected to the engine computer. The engine computer should be a separate system running a small RTOS, and dedicated solely to the engine management (and maybe transmission too, for auto-trans cars).

However, it might be useful to get some information from the engine computer to the networked computer, so you can see helpful information like average MPG, etc. But this information could be supplied by a one-way link from the engine computer to the dashboard computer.

I don't know how the latest cars are designed, but given the fact that engine management absolutely requires real-time response, I don't see how they could not be already using RTOS systems for that task, and having it separated by some degree from the "infotainment" (ugh I hate that word) system computer(s).

Re:what would make them even safer is

[elsurexiste]

Why have a nav system where you have to buy updates on DVD for $300 every year, instead of just downloading them for free whenever you're connected to a WiFi hotspot?

I can assure you my city (>1 million people) doesn't change THAT often.

Re:what would make them even safer is

[bws111]

Because people like having remote door lock/unlock, remote engine start, tire pressure monitoring, push button start (instead of a key). All that requires some kind of wireless networking. And almost everything inside the car is on some kind of network (CAN bus). All those buttons on the steering wheel (cruise control, radio controls, etc) are just devices on a network. Door locks and window motors are devices on a network. Same with climate controls, entertainment system, etc.

Re:what would make them even safer is

[Grishnakh]

No, but the whole country (assuming USA) does. New roads get built all the time. Who wants to be out-of-date with their nav system?
There's plenty of other applications for network connectivity, both now and in the future: downloading music or movies, videoconferencing, etc. Who knows, as we've only started putting these kinds of systems in cars.

My point is that it's not that hard to separate a networked computer from the system(s) that handles safety-critical functions.

Re:what would make them even safer is

[HTH+NE1]

Indeed, it'd take two wars against the Cylons for us to give up our networked devices completely.

Re:what would make them even safer is

[GameboyRMH]

Exactly. The car's driving systems should be airgapped. Simple. End of problem (that didn't exist).

Re:what would make them even safer is

[GameboyRMH]

And if you consider the encryption on the remote door lock to be secure (and it is), that network is a physically secure private one. There is no wireless involved apart from those damn remote door locks, and the TPMS, although that is a simple one-way radio system that is also encrypted on newer models IIRC. The entertainment system's controls tie in but the system itself doesn't, unless it's OnStar, and if you have OnStar in your car you have way bigger security and privacy issues to worry about.

Re:what would make them even safer is

[Svartalf]

Just simply don't do OnStar type idiocies.

It's not hard... Don't do anything that's easily remote hackable on the car, whether it's ignition control, door locks (Key fobs are a nifty idea, but are they as secure as they could be?), or the like.

Re:what would make them even safer is

[EdIII]

What happens when it is 9 billion degrees outside and I want my shiny iPhone BMW application to turn on my car and start the air conditioning?

Having the engine and drive systems completely separate is a great idea, but one that fundamentally precludes features that will actually sell the technology.

Unless you create an A/C system that can work independently from the car itself, you still have the same problem.

Re:what would make them even safer is

[Grishnakh]

Define "completely separate". You can already remotely start cars just by pressing a button on a remote control, and that doesn't involve interfacing computers at all, it's just one small computer (which handles the radio control) activates a relay to start the ignition. This isn't rocket science. Adding a relay module to an "infotainment" system so you can start the car from your iPhone would be exactly the same. It wouldn't be hard to eliminate the relay and have a more direct connection too, just by driving a signal line that goes to the ECU which starts the engine. This wouldn't compromise security, as long as there's no actual data on this signal line, just a simple +12V signal to tell it to crank the engine.

Where you have security issues is when you have significant data being passed back and forth between computers, such as with a network interface.

As for A/C, that's not exactly a complicated system requiring interfacing with the ECU. Some of the latest cars already handle that with a separate "body control" module.

Re:what would make them even safer is

[EdIII]

Also, it is worth pointing out that is just complete utter fucking bullshit.

$300 for a DVD?

Considering how much they were paid, it is not beyond reason to receive free DVD updates in the mail. If you paid $3000 to get the NAV system in the first place, I am pretty sure that about $50 bucks of that will easily cover replacements for the life time of the vehicle.

Charging you is just another way for them to gouge money out of you. It's also a strong incentive to pirate the crap out of it or install a system that does get wireless updates and traffic updates. If it was constantly updated, anonymous, and $10 a month and directed me around accidents and traffic, that would be worth it.

Otherwise, they know where they can shove it.

Re:what would make them even safer is

[Grishnakh]

I wasn't kidding about the $300 DVD. That's exactly the way Volvo's factory navigation systems work: the systems themselves are 5+ years behind the state-of-the-art seen in typical handheld systems from Garmin or TomTom as far as the navigation, graphics, UI, etc. On top of that, to support updates, there's a big-ass DVD drive in the glove box, taking up most of the glove box, just for the update discs. The updates cost $300 from the dealer.

This isn't unusual in the industry. Other cars I've seen are similar; instead of the nice touchscreens and voice commands that Garmin and TomTom have, many factory systems have funky remote controls you have to fiddle with to enter locations. And instead of $2-400 that the portable systems cost, the factory systems add $2000+ to the car's price.

It reminds me of the 90s, when car phones were options on many cars, and had much older tech than the handheld types, cost a fortune, and were quickly obsolete. The problem now, however, is that these crappy nav systems are heavily tied into the cars so it's hard to get a high-end car without them and it's impossible to upgrade them. Sure, you can buy a cheap econobox which doesn't have a dashboard designed for one of these already-obsolete-as-soon-as-you-buy-it nav systems, but who wants to drive one of those? The higher-end cars come with their nav systems standard, or (like the Volvo I've been looking at lately), they try to force you to buy the nav system option by packaging it with some other goodies, like a nicer stereo. Of course, in the older days you'd just forgo the nice stereo and buy one aftermarket, but these days that's not so simple, because many of these cars have the stereo and the A/C system integrated together, sharing the same screen and control panel.

Don't get me started on the fact that just about every car now still comes standard with a CD player. Who still plays CDs??? That's about as useful now as an 8-track player. Then again, Lexus was selling one of their cars just last year with a tape deck of all things.

Re:what would make them even safer is

[barry99705]

Yep, totally secure.... http://www.egmcartech.com/2011/01/19/thieves-can-easily-hack-keyless-entry-push-button-start-systems/ http://redtape.msnbc.msn.com/_news/2007/08/28/6345961-researchers-say-theyve-hacked-car-door-locks http://www.gminsidenews.com/forums/f19/keeloq-keyless-entry-system-hacked-gm-toyota-etc-62666/

Re:what would make them even safer is

[EdIII]

You missed half my point.

Security is maintained if you turn the car on... but what about malicious activity?

Can you imagine a prankster turning on a big lot of cars at the same time? Run for a couple of hours and it will be quite a bit of gas wasted.

So completely separate to me means that there is no way to manipulate the engine and drive control systems, either to turn it on, kill the engine, alter programming, change destination, etc.

I was also considering malicious activity, including kill switches.

If you are proposing something to cause the engine to start, and not the capability to turn off, then yeah that can be done without any fear of theft.

Re:what would make them even safer is

[cvtan]

Older customers who would typical buy an "old geezer" car like a Lexus would still play CDs. I agree about the built-in nav systems. Purposely didn't get one for my 2005 MINI because it dominates the center of the dash, costs $1500 and would be obsolete way before I wanted to sell the car. Cars and computer stuff do not age at the same rate I'm afraid.

Re:what would make them even safer is

[GameboyRMH]

Wow, I knew the crypto had been broken in 2007, but I didn't know they still hadn't updated it to this day.

Yet another reason to avoid keyless entry.

ugh

[blueAt0m]

Call me a tinfoil'd mad hatter, but com'on. This is atrocious! one more thing for the gov to get their meddling hands into... I'm buying engines from now on; old, lackluster diesel autos without the obd* inside.

Re:ugh

[subk]

Agreed, although they don't have to be lackluster.. I drive an 89 benz 300. I enjoy luxury and elegance along with the dependability and freedom from pesky electronics. I'm pretty sure the thing will survive an EMP.

Better Idea

[milbournosphere]

Let's stop cramming all this electronic shit into our cars. The wireless capabilities of the newer cars these days is really starting to get scary. The tech is awesome, but the potential for wrong-doing (government, vandals, or otherwise) is just too great. Only so much of the new stuff they're coming out with is actually useful; the rest of it is just junk meant to distract from the actual act of driving, or to add to the billfold of whoever builds the replacements for these in-car computers.

Cyber-Security for Owls Being Called For

[Karl+Cocknozzle]

I demand that our government immediately convene a blue-ribbon commission to survey and understand the cyber-security of Owls. It is long-past time for our government to recognize this clear and present attack vector. Imagine the carnage: Terrorists take control of owls and deafen us with incessant daytime hooting. Or disrupt our sleep with all-night hooting. Or just crap all over our cars and cost us millions in extra car-washes.

Re:Cyber-Security for Owls Being Called For

[snookerhog]

I have an owl rock that has protected me from owls for more than 12 years now.

Actually, I have a spare owl rock that I will sell you for $500 if you are interested.

Re:Cyber-Security for Owls Being Called For

[Karl+Cocknozzle]

"Lisa, I want to buy your rock."

With apologies to Homer Simpson...

Don't connect them to the internet and use ROM

[TheLazySci-FiAuthor]

At least for autonomous vehicles.

Re:Don't connect them to the internet and use ROM

[HTH+NE1]

Just because your code is in ROM doesn't mean you can't be hacked. Your stack is still in RAM. If you can find one little exploit that lets you put as little as, say, 12 bytes onto the stack, if you know everything that's in the ROM, you could repurpose the existing ROM code to do whatever you wanted by calling the tail ends of existing functions.

On that link, search forward for "Because they knew this was a voting machine, security was paramount. They made it so that it was impossible to execute code from RAM. They thought, there's no way, there's no reason that anyone has a legitimate reason for executing code from RAM" and read from there. Yes, it's long. Get the MP3 if you'd rather listen.

Microsoft automotive security essentials

[Thud457]

Brings to mind Roger Zelazny's "Last of the Wild Ones".

New Battlestar Galactica fans?

[awilden]

Somehow I'm guessing that somebody at the DOT just discovered the "new" Battlestar Galactica is on "play instantly" on Netflix...

And I want a bucket of snot

[Osgeld]

its bound to be as equally effective to protect your dumbass web cars

Cyber-cyber-security.

[cosm]

If I cyber-see the cyber word in one more cyber-news article I am going to cyber-kick the people who cyber-pen each one of these fucking cyber-articles and cyber-laws. Its about damn cyber-time that we accept that cyber-things that happen in the cyber-world are no more disconnected from cyber-reality than the communication medium we cyber-interact with.

I am electronically typing this on my electronic keyboard and viewing this cyber-page with my electronic monitor. Thankfully, after a real-day of complete cyber-bullshit, I relax with my dead-tree-books on my physical-leather couch in my real-house in the real-world.

The real cyber-question is whether or not this cyber-rant is virtual pontification or just more cyber chat. I'll get on my AOL and go AskJeeves it and see if I can find a GeoCities page that describes proper usage of 90's buzzwords that are used way to cyber-much.

There's already a model for solving this problem

[n8r0n]

There's really no sense in worrying about anything in a car that's not responsible for the actual driving of the car. If the computers that control engine timing, or braking, or airbag deployment get hacked, that's a problem. If the entertainment system gets hacked, and somebody maliciously transfers some Michael Bolton mp3s to your sound system, it's much less of a problem. You simply need to isolate the systems. Cars already have multiple internal computers, so it's not like this requires splitting one on-board computer into two.

Military aircraft have had this concept for a long time. The computing systems that actually fly the plane, like the fly-by-wire controls, are completely separate from the stuff that a pilot uses to do other tasks, like mission planning. Depending on whether your software is "mission critical" or "flight critical" or neither, there are different systems that run it, and different quality standards that apply.

I'd just hate to see a massive freak-out about "hackers" disabling your brakes remotely, when there's no reason for that to ever be even technically feasible.

Re:There's already a model for solving this proble

[triffid_98]

Drive by Rickroll in 5..4..3..2..1

Microsoft Sync = LOLs

Here is a start:

[MSesow]

As with so many other systems, when it doesn't need to be connected to a network to do what it does and when connecting it to said network opens up the chance for attacks over the network, THEN LEAVE IT OF THE FSCKING NETWORK! Regardless of if it is airplane systems, nuclear centerfuges, general industrial control systems, medical equipment, cars or whatever else, if you leave it completely unconnected from a network then you have removed a very real vector of attack. And that doesn't mean you have to stop paying attention, but it does mean you are off to a good start.

Re:Here is a start:

[FliesLikeABrick]

Agreed. My first thought was that carmakers just need to leave the sensitive/important control elements of a car decoupled from those which are network-enabled. I believe that airliners are designed similarly in that their in-flight entertainment systems are always 100% not connected to flight systems (regardless of whether or not the entertainment systems are Internet-connected, there's definitely a parallel to be made here).

Re:Here is a start:

[R3d+M3rcury]

My first thought was that carmakers just need to leave the sensitive/important control elements of a car decoupled from those which are network-enabled. I believe that airliners are designed similarly

And you would think that car manufacturers would feel the same way. However, car manufacturers produce more cars than airplane manufacturers produce airplanes. And saving, say, $10 per car by having one network that handles everything is a good thing. Besides, it makes it easier to do things like starting your car from your iPhone which is cool.

Re:Here is a start:

[Fastolfe]

Agreed. I have no problems if you want to put any sort of electronic or wireless system in my car, but it needs to be completely electrically isolated from the parts of my car that I need to drive. Assume that an attacker will pwn everything else, and can go so far as to manipulate power draw or create an electrical short. None of that should affect my ability to drive. If you want to send information like speed to the other systems, create a one way data path and use an optical connection.

Re:There's already a model for solving this proble

[flaming+error]

> there's no reason for that to ever be even technically feasible.

Google "OnStar remote kill switch"

Why so much integration?

[King_TJ]

It seems to me there's really no inherent danger in adding wireless networking and other new electronics technologies to our vehicles. A big part of the potential problem stems from the insistence of auto-makers to integrate everything into ONE common system. For example, my 2007 Jeep Patriot 4x4 uses a CANBUS interface as the central communications bus for practically all of the electronics in the vehicle. If you try to swap out something like the factory headlights with an aftermarket set of HID lamps? You're likely to run into problems, because the system senses less electrical resistance on the headlight circuit than it expects, so it makes lights blink on and off in an "error" pattern. You can't successfully change out the factory stereo with an aftermarket one either, without spending $150+ more for a CANBUS module to plug in behind it, so the computer system communicates with it as it expects to see it. Other factory accessories won't work properly either, until the Jeep is taken in to the dealer and the firmware re-flashed with a version that has those features "enabled" in it.

If things like wi-fi in the car are only interfaced with the stereo/media center, and that system is independent of the computer handling the engine, transmission, etc.? Hackers won't be able to do a single thing that directly affects the safety or performance of the vehicle. They'll only be able to mess up your in-dash entertainment system.

Re:Why so much integration?

[MachDelta]

Except you already have wireless gear that's hooked straight to your ECU. Things like TPMS (anyone remember this little gem from last year?), vehicle remotes (start/doors/windows/trunk/etc), OnStar-style services, and the like are all things we know can communicate directly with the ECU. And automakers aren't likely to start trying to secure or separate these systems further because it will affect their bottom line. No, we're stuck waiting for the day that someones Pontiac becomes a Pwntiac and slams them into a cement barrier at 80mph. Queue mass hysteria, gov't investigation committees, and one gigantic recall. THEN we might see change. Might.

Re:Why so much integration?

[King_TJ]

Yeah, but that's actually kind of my point in my original message.... These systems should be INDEPENDENT of the ECU in most cases. Vehicle remotes for starting the engine, opening the trunk, etc. don't worry me as a huge problem. I can't really see why they require any direct communications with the ECU (though they probably do simply for cost-savings reasons in many cases)? But really, those things are fairly basic; System listens for command and does ONE specific function of turning a switch on/off. If you succeed in hacking into it, what does that get you? Remote starts should be essentially disabled/non-functional while the engine is actually running and the car is in gear, so you shouldn't be able to just shut the engine off while someone's driving. Being able to open their locks means you can physically get into the vehicle while it's not moving -- but that's just a security issue, no different than being able to make a skeleton key that opens the doors/trunk.

Things like On-Star? Yeah, much more of a potential issue since they do implement "kill switches" that can be triggered remotely. So far though, I've never heard of one being mis-used -- only positive stories of killing engines to recover stolen vehicles. So I'm not sure exactly how much or little security they already use in that particular system? (Hyundai is coming out with "Blue Link" on some of their vehicles, which implements something similar.)

Re:Why so much integration?

[mr1911]

Things like On-Star? Yeah, much more of a potential issue since they do implement "kill switches" that can be triggered remotely. So far though, I've never heard of one being mis-used -- only positive stories of killing engines to recover stolen vehicles.

Maybe that has something to do with On-Star's marcom group not putting out press releases when they mis-use a "feature". I will never own a vehicle that has On-Star in it.

Re:Why so much integration?

[Fned]

Yeesh, sounds like they should rename it to CANTBUS.

Re:Why so much integration?

[GameboyRMH]

For many years I've been planning to build my own car, recently the possibility of 3D-printing the body panels in ABS has really spurred my enthusiasm (forming the body panels from fiberglass is traditionally the most awful PITA part of the process).

I've backed off the plan a bit recently because I'm waiting to see if the Scion FR-S will be any good, if it's not, well I'll feel good about building my own.

Re:Why so much integration?

[Svartalf]

So long as they've got a means to look up your car and do these sorts of things, OnStar can be hacked into and the black hats can do the same things that we're talking about being mis-used.

My cybersecurity protection plan

[FranTaylor]

Keep driving the old clunker

Re:There's already a model for solving this proble

[flaming+error]

> There's really no sense in worrying about anything in a
> car that's not responsible for the actual driving of the car.

We worry about our desktop PCs, laptops, smartphones - why should we worry less when the computer's embedded in the car?

The real reason for this being..

[Paracelcus]

The ability to track, monitor, bug & ultimately seize control of any passenger car in the "land of the free"!

Glad I drive a 66 Bel Air wagon, go ahead, make my day!

Nope...

[Graham+J+-+XVI]

...this is not a way to get a government black box in all cars at all. Nothing to see here folks.

Re:Nope...

[Attila+Dimedici]

...this is not a way to get a government black box in all cars at all. Nothing to see here folks.

No, it's not. The government black box is, for all intents and purposes, already in the car. This is to get systems set up so that the government can log in and download info from the black box whenever they want.

I drive a stick, you insensitive American clods!

[Thud457]

I'm pretty sure your Pontiac will be safe.

Fix the damn roads and rails

[tyrione]

Spend your time on actual roads and rail lines. We can manage the cars and our loss of them just fine.

There is a model-T that still runs in my area

[istartedi]

There is a model-T that still runs in my area. I've seen the guy a few times in the grocery store parking lot, and cruising about the retail district. I'm pretty sure cybersecurity is not a problem for him.

In other words, the solution is: Duh! Cars don't need to be on any stinkin' network.

Re:There is a model-T that still runs in my area

[xenobyte]

There is a model-T that still runs in my area. I've seen the guy a few times in the grocery store parking lot, and cruising about the retail district. I'm pretty sure cybersecurity is not a problem for him.

In other words, the solution is: Duh! Cars don't need to be on any stinkin' network.

Exactly what I was going to say!

Until we have cars that can fully auto-drive without any driver intervention, all that electronic junk is basically unnecessary and if it poses a problem, junk it.

Cars ran fine back in the day (no need to go that far back, the 50's and 60's had great cars too with zero electronic junk in them) and there's no reason they can't do that again. Maybe on a different fuel but still just a basic combustion engine that Ford himself would be able to fix, should it break down.

The smart / auto drive cars will need a very good

[Joe_Dragon]

The smart / auto drive cars will need a very good plan as a hack then just hack them and trun a auto drive road in to a big pile up or cars or maybe just shut down the road system.

Re:Great Idea

[Intron]

These days the car companies aren't bribing the government. The government is bribing them to stay in business.
What other sector is the government giving $500M of free research to? Birth control? Feeding the poor? Improving schools? Sorry - not priorities.

I think you might be missing something...

[Whuffo]

Each time this rubric gets spouted, it's a sham trying to hide another attempt to control the public.

So while they're "protecting you from cyber criminals" they'll also be monitoring your driving, your destinations, etc. All the better to protect us from "terrerists or child molesters.

It's just accidental, you know - to verify you're not being hacked they'd need to know what you're doing, right? And you'll buy in and feel so much safer - until the insurance companies start subpoenaing this evidence and the law enforcement people use it to send you tickets in the mail.

This is the road to hell, folks - it's paved with good intentions but the destination remains the same

Re:Great Idea

[ewanm89]

Well the oil companies are among the biggest government contributors and are happy as long as the cars burn oil based fuels.