Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Wants Cybersecurity Protection Plan For Cars

Posted by samzenpus on from the gentlemen-start-your-anti-virus dept.

coondoggie writes "As cars and other forms of transportation increasingly rely on online systems for everything from safety to onboard entertainment, the cybersecurity threat from those who would exploit such electronic control packages has also increased. That's why the US Department of Transportation (DOT) today issued a Request For Information to the security industry to help it build a roadmap to build 'motor vehicle safeguards against cybersecurity threats and assure the reliability and safety of automotive electronic control systems.'"

10 of 87 comments (clear)

  1. kill switch by dotmax · · Score: 4, Insightful

    How come the first thing that came to mind was "they want to put a kill switch in my car?" They won't call it that, of course.

    1. Re:kill switch by blair1q · · Score: 4, Funny

      No, they'll put in multiple switches and call it a Death Panel.

  2. ugh by blueAt0m · · Score: 2

    Call me a tinfoil'd mad hatter, but com'on. This is atrocious! one more thing for the gov to get their meddling hands into... I'm buying engines from now on; old, lackluster diesel autos without the obd* inside.

  3. Better Idea by milbournosphere · · Score: 4, Insightful

    Let's stop cramming all this electronic shit into our cars. The wireless capabilities of the newer cars these days is really starting to get scary. The tech is awesome, but the potential for wrong-doing (government, vandals, or otherwise) is just too great. Only so much of the new stuff they're coming out with is actually useful; the rest of it is just junk meant to distract from the actual act of driving, or to add to the billfold of whoever builds the replacements for these in-car computers.

  4. Cyber-cyber-security. by cosm · · Score: 2

    If I cyber-see the cyber word in one more cyber-news article I am going to cyber-kick the people who cyber-pen each one of these fucking cyber-articles and cyber-laws. Its about damn cyber-time that we accept that cyber-things that happen in the cyber-world are no more disconnected from cyber-reality than the communication medium we cyber-interact with.

    I am electronically typing this on my electronic keyboard and viewing this cyber-page with my electronic monitor. Thankfully, after a real-day of complete cyber-bullshit, I relax with my dead-tree-books on my physical-leather couch in my real-house in the real-world.

    The real cyber-question is whether or not this cyber-rant is virtual pontification or just more cyber chat. I'll get on my AOL and go AskJeeves it and see if I can find a GeoCities page that describes proper usage of 90's buzzwords that are used way to cyber-much.

    --
    'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
  5. Here is a start: by MSesow · · Score: 5, Insightful

    As with so many other systems, when it doesn't need to be connected to a network to do what it does and when connecting it to said network opens up the chance for attacks over the network, THEN LEAVE IT OF THE FSCKING NETWORK! Regardless of if it is airplane systems, nuclear centerfuges, general industrial control systems, medical equipment, cars or whatever else, if you leave it completely unconnected from a network then you have removed a very real vector of attack. And that doesn't mean you have to stop paying attention, but it does mean you are off to a good start.

  6. Why so much integration? by King_TJ · · Score: 3, Insightful

    It seems to me there's really no inherent danger in adding wireless networking and other new electronics technologies to our vehicles. A big part of the potential problem stems from the insistence of auto-makers to integrate everything into ONE common system. For example, my 2007 Jeep Patriot 4x4 uses a CANBUS interface as the central communications bus for practically all of the electronics in the vehicle. If you try to swap out something like the factory headlights with an aftermarket set of HID lamps? You're likely to run into problems, because the system senses less electrical resistance on the headlight circuit than it expects, so it makes lights blink on and off in an "error" pattern. You can't successfully change out the factory stereo with an aftermarket one either, without spending $150+ more for a CANBUS module to plug in behind it, so the computer system communicates with it as it expects to see it. Other factory accessories won't work properly either, until the Jeep is taken in to the dealer and the firmware re-flashed with a version that has those features "enabled" in it.

    If things like wi-fi in the car are only interfaced with the stereo/media center, and that system is independent of the computer handling the engine, transmission, etc.? Hackers won't be able to do a single thing that directly affects the safety or performance of the vehicle. They'll only be able to mess up your in-dash entertainment system.

    1. Re:Why so much integration? by King_TJ · · Score: 3, Informative

      Yeah, but that's actually kind of my point in my original message.... These systems should be INDEPENDENT of the ECU in most cases. Vehicle remotes for starting the engine, opening the trunk, etc. don't worry me as a huge problem. I can't really see why they require any direct communications with the ECU (though they probably do simply for cost-savings reasons in many cases)? But really, those things are fairly basic; System listens for command and does ONE specific function of turning a switch on/off. If you succeed in hacking into it, what does that get you? Remote starts should be essentially disabled/non-functional while the engine is actually running and the car is in gear, so you shouldn't be able to just shut the engine off while someone's driving. Being able to open their locks means you can physically get into the vehicle while it's not moving -- but that's just a security issue, no different than being able to make a skeleton key that opens the doors/trunk.

      Things like On-Star? Yeah, much more of a potential issue since they do implement "kill switches" that can be triggered remotely. So far though, I've never heard of one being mis-used -- only positive stories of killing engines to recover stolen vehicles. So I'm not sure exactly how much or little security they already use in that particular system? (Hyundai is coming out with "Blue Link" on some of their vehicles, which implements something similar.)

  7. Re:Don't connect them to the internet and use ROM by HTH+NE1 · · Score: 3, Informative

    Just because your code is in ROM doesn't mean you can't be hacked. Your stack is still in RAM. If you can find one little exploit that lets you put as little as, say, 12 bytes onto the stack, if you know everything that's in the ROM, you could repurpose the existing ROM code to do whatever you wanted by calling the tail ends of existing functions.

    On that link, search forward for "Because they knew this was a voting machine, security was paramount. They made it so that it was impossible to execute code from RAM. They thought, there's no way, there's no reason that anyone has a legitimate reason for executing code from RAM" and read from there. Yes, it's long. Get the MP3 if you'd rather listen.

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  8. There is a model-T that still runs in my area by istartedi · · Score: 2

    There is a model-T that still runs in my area. I've seen the guy a few times in the grocery store parking lot, and cruising about the retail district. I'm pretty sure cybersecurity is not a problem for him.

    In other words, the solution is: Duh! Cars don't need to be on any stinkin' network.

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?