Slashdot Mirror
Hackers Reveal Nasty New Car Attacks
schwit1 writes "Stomping on the brakes of a 3,500-pound Ford Escape that refuses to stop–or even slow down–produces a unique feeling of anxiety. In this case it also produces a deep groaning sound, like an angry water buffalo bellowing somewhere under the SUV's chassis. The more I pound the pedal, the louder the groan gets–along with the delighted cackling of the two hackers sitting behind me in the backseat. Luckily, all of this is happening at less than 5mph. So the Escape merely plows into a stand of 6-foot-high weeds growing in the abandoned parking lot of a South Bend, Ind. strip mall that Charlie Miller and Chris Valasek have chosen as the testing grounds for the day's experiments, a few of which are shown in the video below. (When Miller discovered the brake-disabling trick, he wasn't so lucky: The soccer-mom mobile barreled through his garage, crushing his lawn mower and inflicting $150 worth of damage to the rear wall.) The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry's security problems before malicious hackers get under the hoods of unsuspecting drivers."
"The duo plans to release their findings and the attack software they developed at the hacker conference Defcon in Las Vegas next month–the better, they say, to help other researchers find and fix the auto industry's security problems"
As a security researcher who believes in the spirit of the open release of vulnerabilities, I feel that this is irresponsible behavior on the part of these security researchers. We're not talking about releasing a vulnerability that will compromise someone's e-mail. We're talking about a high risk vulnerability that could cost some random person their life. These two gentleman should take a deep breath before releasing this information to the computer industry first rather than the auto industry. The auto industry may not have a tradition of attending these types of conferences and so by releasing the information at Def-con you're giving the wrong people a head start. Sure, the auto industry already knows about these problems, but you have to try to give them the benefit of the doubt when you confront them about the problems that they will try to fix it.
This hack only works on journalists.
One of my cars has no electronics. The other has two systems, one logs data and the other controls how much fuel the engine gets (and soon when the spark plugs fire as well).
To access either you must plug a cable into it. Good luck.
"When information is power, privacy is freedom" - Jah-Wren Ryel
I can appreciate applying Anti Tamper and other IA techniques to 'harden' cars, but I hope this doesn't return us to where only ''licensed' repair facilities can work on cars.
Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
And this is why having a physical key to shut the damn car off should be an absolute requirement.
So they had hard-wired physical access to the car's data network and they were able to cause trouble? News at 11! (aka so what?)
The only solution would be to run secure data channels between all the computers in a car, and while this is possible and not even a real burden, why would you?
We all know it is only a matter of time before cars are all wirelessly connected to the internet.
Then the lolz getz turboz.
So
if I'm sitting in your car, plugged in to the canbus, I can control things on the canbus....
Yeppers....
Just like if I have access to your laptop for long enough, I can get whatever is on it. (encryption will slow it down, but like I said, given time and access?)
But you'll probably notice me sitting in your car, plugging a cord into the port before I take the time to crash your car, with me riding in it.....
While this is amusing, I'm not that nervous about "security through not having some donkey plug his laptop in your car with a death wish while you are hurtling down the highway"
Having them use the "open" canbus specs, you can add aftermarket devices, and not have to take your car to the dealer for any service.
If they fully lock it down, the dealer will be the ONLY place that could work on it. And the ONLY parts you could add to your car.
I am 31337 or something.
I appreciate that what they are doing is scary but the video doesn't seem to indicate what they had to do in order to get that level of power. It seems that they have wires hooked up between the laptop and dash so, for all we know, they could be feeding bad sensor data into the computers. Is there things that could be done to mitigate the risk....sure. But if that is really how they are messing with things (by tearing apart the dash and rewiring everything) it would seem cutting the break lines would be nearly as dangerous and a lot easier.
Just wait until somebody reverse-engineers the communications between vehicles.
Then, you can just send a rogue car down the road "Hey, I'm a police car, please pull to the outside lane(s) and slow down to 10mph" and watch the road magically open up for you!
Or, even worse "OMG! YOU'RE GONNA HIT SOMETHING! EMERGENCY STOP!" to all the cars you pass.
Or even worse than that.... every nth car you pass....
Support FSF: Stop thinking with your wallet, and think with your imagination. (cc/non-commercial)
While they're at it - I don't think anyone has really discovered what the deal was with the Accura/Honda remote-control doorlock gadget that thieves were reportedly using to effortlessly break into cars. All the article said was "police are stumped" (duh).
Them there are the breaks!
Now we know how Hitchens was killed. Maybe.
In any case Toyota's opinion on the whole matter is incredibly naive. Just because a wireless attack can't be launched against a stock vehicle doesn't mean that a savvy attacker can't and won't attach a device capable of tampering with the vehicle's computers which responds to wireless signals. Considering how inconspicuous such a device could be, perhaps something the size of a thumb drive these days, the device in question would be for all intents and purposes an invisible car bomb. If a vehicle your company manufactures has any such vulnerabilities, making them as inaccessible as humanly possible isn't just prudent, it can and likely will save lives.
The hackers sum this up brilliantly: "If the only thing keeping you from crashing your car is that no one is talking about this, then you're not safe anyway."
To enter the Pad Service Mode, perform the following with the vehicle stationary:
1. Place the vehicle in Park and turn the ignition to the ON position.
2. Apply the brake pedal.
3. Turn the ignition OFF, then ON three times and then release the brake pedal. The total time elapsed for the three ignition cycles and brake release must be less than 3 seconds.
That's how you replace the brake pads. If they figured out how to do it through the OBD connector, whooptie do.
I have one of these vehicles. Fly-by-wire regenerative brakes are a little creepy, but supposedly if something goes wrong and you mash the pedal all the way to the floor, there's a hydraulic backup down there somewhere. I haven't had to try it.
Oh, and all this is no different than your holier-than-thou Toyota Prius, so don't blame Ford.
Seems like a good reason to drive a manual (even if clutch is some sort of clutch-by-wire contraption, you can always just yank the gear out with the stick) with a mechanical handbrake. Whatever happens you still retain the ability to stop the vehicle.
Sensationalist headline & summary tries to give the impression that the car was hacked remotely.
RTFA and it says:
Likely they were hooking up to the OBD plug.
Seriously, is this really an issue? Once someone has physical access to the vehicle, they can do all sorts of nasty things...most of which require substantially less technology and computer know-how than a hacker using a MacBook.
I'm hoping the car industry spends the minimum effort fixing this problem, by applying the obvious solution:
a) Put a friggin' lock on the ODB plug.
b) Put the ODB plug under the hood.
Requiring the ODB plug to be within 2 feet of the steering column was a stupid stupid decision.
And people wonder why I drive a vehicle from the 1980s... let's see, no electronics hooked to the vehicle control systems making it externally vulnerable to attack, no expensive electronic failures, no overly complex electronic controls, no expensive electrical/computer modules to fail, simple isolated systems, and an overall lower count of possible parts which can fail.
Result: I can have my fancy gadgets on their own 12v relay, completely independent from anything else working.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
So he learned how to plug into the can-bus and send messages. How is that a security hack??
I really, really, really sincerely hope they put the code EVERYWHERE so that we can have about a thousand cars go through their garages and up curbs and onto porches, etc. Then finally CNN would hop on it like Oprah on a cheese tray and the industry would actually have to do something about it. You know those out of control Priuses? Software glitch. You have an out of control car that's specifically caused by another person at will and it's like a circus Christmas to the media. Then finally the auto industry would get a clue and fix security permanently.
In order to disable the breaks, they gained access to the car's interior and plugged a computer into the system bus. It's easier and less intrusive to cut a brake line. Wake me up when they can hack the car from outside.
This is a real world exploit right now, all one has to do is hack together a wireless module that plugs right into the odb buss and it's a done deal.
Slash Dot has gotten so soft, no thinking out of the box anymore, just snarky comments on why it's not a valid hack.
Most of you are potential victims because you can't see how easy it is to accomplish.
... can some one explain it to me with a car analogy?
Now there's a way to dispatch targets without diluting suspicion in tragedy by having to kill so many others just to get to the target.
". . . it would seem cutting the break lines would be nearly as dangerous and a lot easier."
True. But haven't you noticed that people will do all kinds of malicious things with a computer when they would never do the equivalent by other means.
There are all kinds of thieves, but the type to rob a bank in person and the type to rob it via computer hacking tend to be very different, even though the crime is broadly the same.
Which is all to say that if a crime can be done a "smarter" way, especially a way that involves a much different skill-set, some marginal increase in the number of people committing the crime seems inevitable.
Or, even worse "OMG! YOU'RE GONNA HIT SOMETHING! EMERGENCY STOP!" to all the cars you pass.
I had something kinda like that 20 years ago. A microwave transmitter from an automatic door opener sensor. $15. A battery. $1. A switch. $1.
Watching the tail lights light up on all the cars that have just zipped past you on the freeway as the radar detectors in those cars start squawking. Priceless. Passing them as they slow to well below the speed limit. Priceless. Watching them zip past again, slam on brakes again, get passed again. Priceless.
Both of those things are already possible and with similar levels of detectability.
I could easily instal strobes into my lights to make my vehicle look like an unmarked cruiser.
I can lob paint balloons (or anything really) out the windows at other drivers.
Same outcome. These things have been possible for ever yet we don't see some epidemic of them happening.
It's always a good idea to drive a car with an emergency disconnect-engine-from-transmission pedal. :-)
If only because their helmsmen are required, by law, to maximise shareholder value. Nothing else. In fact: senior management can be sued if they don't set policy to that effect.
The upshot is that no publicly traded company can really afford a moral or ethical compass. What passes for ethics in companies is usually nothing but well-understood self-interest (as in: avoidance of PR damage and a resulting slump in sales through bad publicity).
Whilst I'm against releasing any kind of software vulnerabilities before the responsible parties have had a decent chance to fix it, I'm just as skeptical as most regarding the inclination of e.g. car manufacturers to improve security unless there is a massive PR debacle. For massive PR debacle read: a nasty and widely covered crash involving a photogenic celebrity (ugly celebrities won't cut it) and his/her children, that can be traced unequivocally to the lax security of a car's on-board datacommunication infrastructure.
That's the main thing I can see as getting their attention and lending the issue any kind or urgency. If only because of CYA considerations on part of top management. The only alternative would (in my view) be compulsory network safety standards for cars.
Gee, that doesn't sound the least bit sociopathic. Do you own the local body shop, or something?
What this convinces me of, more than ever, is that not everything needs a cpu and not every cpu needs to be online. I can foresee hooking up a cell device to a target car and taking control of it over the internet. Perhaps the folks on the Battlestar Galactica were right to keep some things "old school."
Nitewing '98
Everything works...in theory.
Really hard to believe these remote features were not known by someone. I wonder how many accidents weren't?
No such law, just a convention. Ignoring it will likely to cost a CEO his/her job however ( or at least a lot in bonuses)
In general population, there are still a lot of people who don't know where their OBD2 connector is located. With the advent of OBD2 bluetooth adapter, I wonder if this can be done wirelessly as long as the bluetooth is attached. General population won't have to worry because of the effort and techniques required to pull this off, but targeted individuals might need to be more wary.
For the details, see http://www.autosec.org/pubs/cars-usenixsec2011.pdf. (Pretty scary reading. In this case they are also able to disable the brakes and they are also able to engage the brakes on only one of the front wheels for all sorts of "fun"...)
I have no idea whether the this story is true, but for cars in Europe, the rule is that the brakes must always be stronger than the motor, and that applies to both independent hydraulic strands. As long as one is working, you _can_ kill the engine, no matter what gear and no matter how much you are also standing on the gas pedal and even if you are a small (but healthy) person. There have been some incidents reported where people were racing on motorways due to the brakes failing, but they are just folklore, or at the very least incomplete. The last one to do so had a specially modified car due to some disabilities and should have had his driver's license removed before, because he was _not_ capable to drive safely and had demonstrated that before. The one before was just to stupid to really break hard. And it is also always possible to put the transmission into neutral, even if that may involve a reasonable amount of force and ignoring some grinding noises for automatic transmission.
So either the US has gone stupid on car safety, or this is a hoax.
Side note: For trucks, this is different. One reason why being allowed to drive them requires additional qualification.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
This puts Hasting's death in a new and interesting light...
That's all I need to do to replace my brake pads? Thanks for the knowledge. I thought I was going to have to remove the lug nuts and tires and then pull the rotors off and then disassemble the pad/plunger thing and then reverse the whole process. Your way is much quicker and doesn't even involve the expense of purchasing the new pads. Awesome.
Unfortunately, this is probably only available on the newer cars so I'll have to do my 2001 Yukon the old-fashioned way.
Same outcome. These things have been possible for ever yet we don't see some epidemic of them happening.
Because both of those are trivially detectable by any law enforcement office who observes your vehicle/activity. Sending a bogus radio message from one car to another is not. If thirty seconds ago your car got an "emergency stop" command via radio, all you know is that something within the last thirty seconds was within some unknown range of your vehicle. That could be a car now half a mile down the road ahead of you, a car half a mile down the road the other way, or anyone within an unknown radio range of your car.
Nobody could tell why all those radar detectors were going off unexpectedly. There were companies selling the transmitters.
I have a TV-B-Gone. The only limit on using it is my concern that I'll use it in a place with a lot of CCTV and the high level IR output will be caught on camera. Otherwise, it is only because I'm a nice guy that I don't use it more often. That and the problem that the kit has the power wires coming into the board so close together that shorting them accidentally is very likely.
Even with the easy detectability of some things, like dropping rocks from overpasses, it happens enough that they've had to install fences on some overpasses where it was common, and in some areas they have extra patrols looking for it on nights like Halloween.
Isn't that how they got Michael Hastings?
Correct. On this type of hybrid vehicle, there is a regenerative braking system.
Under normal driving conditions, while the vehicle is in motion, the motor/generator will be used to retard the vehicle. The brake pedal is connected to a electronic pressure sensor, and also mechanically to a hydraulic master cylinder.
Unlike on conventional vehicles, there is no vacuum powered booster, instead the master cylinder hydraulics are used to operate an electro-hydraulic servo, with electronic override. This way, under emergency braking, you get full hydraulic force applied to the wheel cylinders with minimal pedal effort. The electronic hydraulic control will also apply hydraulic pressure when the vehicle is stationary and the brake pedal depressed, and also periodically applies hydraulic pressure when the vehicle is stopped and the transmission in P (for self-test purposes) and when the vehicle is powered on.
The hydraulic servo mechanism can be disabled in order to permit brake maintenance (this releases hydraulic pressure in the booster and prevents automatic application of pressure to the wheel cylinders), permitting access to maintain the friction surfaces. It appears that this hack, merely consisted of transmitting the CAN bus command to put the hydraulic servo system into maintenance mode.
At low speeds, when the electrical regen isn't operative, this will result in the brake pedal travelling further than expected and loss of power assistance. However, with sufficient pedal pressure, it should be possible to slow the car using unboosted pressure.
Easily detectable like the one car on the road that isn't screeching to a halt?
Any car-to-car network is going to be an organized mesh network not random blasts of signal. It's pretty easy to log where these commands are coming from for the most part. Sure you can think up some crazy scenario where Lex Luther figures out an anonymous way to alter the system that relies on 100 levels of "what-if"s. But it's just not realistic; real life isn't a bad Hollywood movie (Die Hard wasn't a documentary).
If hyper advanced random acts of cyber terrorism were actually a concern you would already see it. Why isn't the emergency response system being hacked constantly? It uses radio waves so it has to be vulnerable right? And as soon as something is vulnerable it's already been used for senseless killing right?
Doing these things would be highly illegal (just like they are now). That's what stops people from doing them currently (that and most people aren't sociopaths). The people that would do this intersected with the people that could do this is so vanishingly small (probably 0) that it's really not a concern. If that set is larger than 0 you can guarantee they would already be getting those results by other means anyway.
The worst that can happen is you do a Starsky and Hutch.
This for NO electronics i think. 1975 - 1980 lots of electronic ignitions
Our 1980 Phoenix died on an onramp from computer failure :/
Don't know if computer dependence goes back earlier or not.
Still probably can't do much but kill the engine until the 90's
This hacker shit is about to get real.
Wait until someone is hurt or killed from this disclosed vulnerability and these guys are going to be sued into the ground.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Anyone else concerned about the mention that one of the researchers was DARPA funded? Is the US Military already looknig into this for covert means?
I have not read TFA yet, will do so later, so my apology if I'm in error, but....
Why the hell are engineers designing, or being allowed to design, a life-critical system like brakes on a car so that the system lacks a direct, non interruptible physical connection between the driver and the brakes? Any mechanism can fail. Putting electronics between the driver and the brakes increases the number of failure modes as well as the probability of failure. State monitoring, fine. Computed intervention that applies the brakes when the car's AI thinks it's necessary, OK. But selling a car that cannot be stopped when the driver mashes the brake pedal? NFW.
This is simply incompetent engineering. Product liability will attach, as it should.
Meanwhile, I know what to investigate and what not to buy for my next car.
That scenario was based on the Ford Pinto. Ford made a decision that it would be cheaper to pay damages than it would be rework the Pinto design, so it went ahead with the Pinto:
"But at the time, management's attitude was to get the product out the door as fast as possible. So, Ford did a cost-benefit analysis. To fix the problems would cost an additional $11 per vehicle, and Ford weighed that $11 against the projected injury claims for severe burns, repair-costs claim rate and mortality. The total would have been approximately $113 million (including the engineering, the production delays and the parts for tens of thousands of cars), but damage payouts would cost only about $49 million, according to Ford's math. So the fix was nixed, and the Pinto went into production in September 1970."
http://www.popularmechanics.com/cars/news/industry/top-automotive-engineering-failures-ford-pinto-fuel-tanks
I saw a low tech version. A blue Crown Vic with a blue sheet of paper in a mayonnaise jar on the dash.
It *IS* creepy when unsecured entertainment devices are on the same bus as the OBD. Otherwise it would be more of a feature than a threat.
It may be that a custom programmed device has been placed in cars to cause the occupants of said vehicle(s) to have a horrible accident. However, in this case it's hard to say that is what caused this accident and death.
Judging by skid marks made in the intersection just before the accident and the high speed at which the intersection was crossed, a way more likely explanation is possible. The car slammed over the bumps in the intersection so hard, that the rear bottomed out (skid marks visible that comply with this theory), the car suddenly changed direction, launched itself on a fire hydrant, hooked the drive train on it, slid nose-down towards the tree. Once it got to the tree, kinetic energy was still so high that the rear of the car flipped up and the front of the roof actually hit the tree. Due to the massive destruction of the floor pan, fuel tank and area under the hood, gasoline got distributed in large enough quantities to start a fire. It is speculation, but it's most likely that any occupants of the vehicle would have at least been unconscious and very likely deceased before the fire started.
Witness reports are by far the worst kind of evidence you can get. You'll get a filtered recollection of how people perceived a certain event, laced with opinions and speculations at best. The longer you wait getting the report and the more people they told the story to, the worse the quality of the witness report will be. There are probably plenty of scientific tests that give statistical qualities of witness reports based on if the witness was told to pay attention to a certain event in advance, visibility, age, amount of people in a group and such. If those things have never been studied, I'd say it's well time we get some statistical data on how bad witness reports actually are when it comes to proof.
Most likely, Hastings was thrashing his car in the middle of the night to get home. He bounced over an intersection, lost the rear due to it bottoming out and found a hydrant and a tree in his way he couldn't avoid any more. Whether he was followed by some government agency or his state of mind because of his interactions with an agency were part of why he was speeding is unknown at this time. Chances that his crash was caused by a manipulation of the programming of his on board computers in the Mercedes are extremely limited. Pulling this off in a car in such a way that you'd be able to selectively only block the rears if someone was over a certain speed is maybe feasible in cars with "break assist" (I doubt it, the main brake cylinder would probably prevent pressure build up if not pressed slightly) and in hybrid cars that turned braking to fully electronic (regenerative braking requires this). Getting this to deploy in such a way and on the exact moment that you can "reliably" crash someone into a hydrant and a tree however, is pure fiction. Chances that your manipulation will not kill or hurt the person you're after when it deploys are so big, that it'd be absolutely useless to put something like this on a car of someone that you'd want to get an accident.
I was promised a flying car. Where is my flying car?
This is why I'm glad I drive an older car that doesn't rely upon so much electronic crap.
I don't have to worry about the extra electronic crap failing on top of mechanical failures. I only have to worry about mechanical failures.
Sheer stupidity all in the name of making everything electronic-controlled, and 'accessible.'
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Designing a system where code can completely disable the big red STOP panic button (in the case of a brake pedal) is reckless to the point of being worthy of multimillion settlements and charges of manslaughter placed upon the heads of the designers.
They are not Emergency Brakes. I'm not sure they ever were, officially. You could plow through (heh) every domestic and imported car owners' manual going back to the sixties and likely never find that phrase.
What you will find is the phrase Parking Brake, as that is their sole design and function: to hold a parked vehicle in place as relying on a rather tiny pin or prawl inside an automatic transmission to hold tons of weight in place is a bit silly.
Even attempting to use a Parking Brake during an Emergency will rarely result in anything but an unintended 'Rockford' manuever.
I'm not really sure if you're trying to be funny or if you're just an asshole.
Oh, bull-shit these are new. They're new to the reporter.
These guys are legit, but the coverage is all fearmongering - this included. You need a tether, at present, and a deep understanding of vehicle networks to effect any sort of real impact. In most vehicles, safety-critical networks aren't connected to wireless / telematics systems, and those parameters are kept at a minimum under seed/key lock. Is it possible to do? Sure. It's been done for years! But, there are easier ways to disable the brakes, especially since this requires physical access anyway. Their own post on the talk they'll be giving alludes to this.
Color me unimpressed, and frankly, pissed at the media for giving this so much attention. My qualifications? A Master's degree on the topic (and a Bachelors on the same).
Want to see the positive side of things? Check out MIT's open standard "Cloud Think" and how we can use CANBus intelligently with CarKnow's app platform (www.carknow.me). Not everything needs to be locked down all the time.
If one can find a OBD II bluetooth dongle on Amazon in 5 seconds, and for less than ten dollars, how trivial is it to make a similar cellular device?
Most OBD II ports have covers on them. A potential victim would never notice it.
Easily detectable like the one car on the road that isn't screeching to a halt?
One car? I'd say more than half of the people didn't have radar detectors, so less than half the cars within a mile or so had their detectors go off. Of that less than half, many (if not most) weren't speeding so had no need to slam on the brakes to avoid being detected speeding. So no, there wouldn't be just one car not screeching to a halt. Nobody even once screeched to a halt, even, in all the times I did this. So, of all the cars that didn't screech to a halt, which one is the one with the radar transmitter?
If you're talking about someone sending another car a "stop now" command, why would any other car not involved "screech to a halt"? You wouldn't want all cars "screeching to a halt" because that would create a huge pileup. (Imagine, this network has reached half-saturation so half the cars were participating, half weren't. All of a sudden, half of all traffic going both ways for a mile's worth of interstate slams on the brakes. Chaos and death. So, no, there will not be a blanket "everyone stop right now" command, unless the designers of the system are total morons, and indeed, psychopaths.)
You could easily send such a command from the opposite direction lanes, and there would be nobody screeching to a halt over there. So, not easily detectable.
Any car-to-car network is going to be an organized mesh network not random blasts of signal.
Any car-to-car mesh is going to have nodes joining and dropping out on a regular basis. The black-hat node joins up just like any other member. Wait a few minutes, BLAM. Not "random blasts of signal", a valid looking command from an existing member of the mesh.
It's pretty easy to log where these commands are coming from for the most part.
We're talking about a hacker being able to create "stop now" commands using an unauthenticated network with no control over who connects and who they are. Sure, log to your heart's content. Nothing says that the log entry you have that says "VIN number 2903j3f8230u21j21 transmitted an emergency stop message to VIN number 229jfg20u2029" has a valid source address.
Or do you trust the MAC address spoofers who take over someone else's paid transient WIFI session, too?
If hyper advanced random acts of cyber terrorism were actually a concern you would already see it.
Why yes, clearly, bogus messages in a car-to-car mesh network that has functions that cause vehicles to stop aren't a concern because we aren't seeing such messages happen already. No, it can't be that they aren't happening today because we don't have the underlying network today, it must be because they won't happen when we do.
Doing these things would be highly illegal (just like they are now).
I'm so glad that people won't do it because it would be highly illegal but almost impossible to catch.
That's what stops people from doing them currently (that and most people aren't sociopaths).
"Most people aren't sociopaths" is what stops MOST people from doing bad things today. It clearly does not stop ALL people from doing bad things, because bad things happen. What stops people from issuing bogus emergency messages in a car-to-car mesh net is that the net doesn't exist. What stops them from putting up bogus reader-board announcements? Or announcing zombie apocalypses over the EAS network? Security that will be hard to implement in a car-to-car mesh that needs to allow arbitrary users to send emergency messages.
The people that would do this intersected with the people that could do this is so vanishingly small (probably 0) that it's really not a concern.
Two words: script kiddies. Create a one hundred million node potential network with obvious and immediate feedback and they will come to play.
I'll buy my next car once they work out the security in networked autos.
I don't even know what you are talking about but I just had to do a double take because what I see is a 5 digit UID named hipster........I guess you were posting to /. before it was cool. Tip of the hat to you sir!
Why are the brakes not connected to any sort of physical mechanism? They should be power assisted, not totally dependent on power to work.
Every car has a firewall between the engine compartment and the passenger cabin. One or two lines of code, and Problem Solved.