US Wants Cybersecurity Protection Plan For Cars

coondoggie writes "As cars and other forms of transportation increasingly rely on online systems for everything from safety to onboard entertainment, the cybersecurity threat from those who would exploit such electronic control packages has also increased. That's why the US Department of Transportation (DOT) today issued a Request For Information to the security industry to help it build a roadmap to build 'motor vehicle safeguards against cybersecurity threats and assure the reliability and safety of automotive electronic control systems.'"

kill switch

[dotmax]

How come the first thing that came to mind was "they want to put a kill switch in my car?" They won't call it that, of course.

Re:kill switch

[blair1q]

No, they'll put in multiple switches and call it a Death Panel.

Better Idea

[milbournosphere]

Let's stop cramming all this electronic shit into our cars. The wireless capabilities of the newer cars these days is really starting to get scary. The tech is awesome, but the potential for wrong-doing (government, vandals, or otherwise) is just too great. Only so much of the new stuff they're coming out with is actually useful; the rest of it is just junk meant to distract from the actual act of driving, or to add to the billfold of whoever builds the replacements for these in-car computers.

Here is a start:

[MSesow]

As with so many other systems, when it doesn't need to be connected to a network to do what it does and when connecting it to said network opens up the chance for attacks over the network, THEN LEAVE IT OF THE FSCKING NETWORK! Regardless of if it is airplane systems, nuclear centerfuges, general industrial control systems, medical equipment, cars or whatever else, if you leave it completely unconnected from a network then you have removed a very real vector of attack. And that doesn't mean you have to stop paying attention, but it does mean you are off to a good start.

Why so much integration?

[King_TJ]

It seems to me there's really no inherent danger in adding wireless networking and other new electronics technologies to our vehicles. A big part of the potential problem stems from the insistence of auto-makers to integrate everything into ONE common system. For example, my 2007 Jeep Patriot 4x4 uses a CANBUS interface as the central communications bus for practically all of the electronics in the vehicle. If you try to swap out something like the factory headlights with an aftermarket set of HID lamps? You're likely to run into problems, because the system senses less electrical resistance on the headlight circuit than it expects, so it makes lights blink on and off in an "error" pattern. You can't successfully change out the factory stereo with an aftermarket one either, without spending $150+ more for a CANBUS module to plug in behind it, so the computer system communicates with it as it expects to see it. Other factory accessories won't work properly either, until the Jeep is taken in to the dealer and the firmware re-flashed with a version that has those features "enabled" in it.

If things like wi-fi in the car are only interfaced with the stereo/media center, and that system is independent of the computer handling the engine, transmission, etc.? Hackers won't be able to do a single thing that directly affects the safety or performance of the vehicle. They'll only be able to mess up your in-dash entertainment system.

Re:Why so much integration?

[King_TJ]

Yeah, but that's actually kind of my point in my original message.... These systems should be INDEPENDENT of the ECU in most cases. Vehicle remotes for starting the engine, opening the trunk, etc. don't worry me as a huge problem. I can't really see why they require any direct communications with the ECU (though they probably do simply for cost-savings reasons in many cases)? But really, those things are fairly basic; System listens for command and does ONE specific function of turning a switch on/off. If you succeed in hacking into it, what does that get you? Remote starts should be essentially disabled/non-functional while the engine is actually running and the car is in gear, so you shouldn't be able to just shut the engine off while someone's driving. Being able to open their locks means you can physically get into the vehicle while it's not moving -- but that's just a security issue, no different than being able to make a skeleton key that opens the doors/trunk.

Things like On-Star? Yeah, much more of a potential issue since they do implement "kill switches" that can be triggered remotely. So far though, I've never heard of one being mis-used -- only positive stories of killing engines to recover stolen vehicles. So I'm not sure exactly how much or little security they already use in that particular system? (Hyundai is coming out with "Blue Link" on some of their vehicles, which implements something similar.)

Re:Don't connect them to the internet and use ROM

[HTH+NE1]

Just because your code is in ROM doesn't mean you can't be hacked. Your stack is still in RAM. If you can find one little exploit that lets you put as little as, say, 12 bytes onto the stack, if you know everything that's in the ROM, you could repurpose the existing ROM code to do whatever you wanted by calling the tail ends of existing functions.

On that link, search forward for "Because they knew this was a voting machine, security was paramount. They made it so that it was impossible to execute code from RAM. They thought, there's no way, there's no reason that anyone has a legitimate reason for executing code from RAM" and read from there. Yes, it's long. Get the MP3 if you'd rather listen.