Slashdot Mirror

← Back to Stories (view on slashdot.org)

In Letter To 20 Automakers, Senator Demands Answers On Cybersecurity

Posted by Soulskill on from the no-mr.-bond,-i-expect-you-to-die dept.

chicksdaddy writes "Cyber attacks on 'connected vehicles' are still in the proof of concept stage. But those proofs of concept are close enough to the real thing to prompt an inquiry from U.S. Senator Ed Markey, who sent a letter to 20 major auto manufacturers (PDF) asking for information about consumer privacy protections and safeguards against cyber attacks in their vehicles. Markey's letter, dated December 2, cites recent reports of 'commands...sent through a car's computer system that could cause it to suddenly accelerate, turn or kill the breaks,' and references research conducted by Charlie Miller and Chris Valasek (PDF) on the Toyota Prius and Ford Escape. 'Today's cars and light trucks contain more than 50 separate electronic control units (ECUs), connected through a controller area network (CAN) ... Vehicle functionality, safety and privacy all depend on the functions of these small computers, as well as their ability to communicate with one another,' Markey wrote. Among the questions Markey wants answers to: What percentage of cars sold in model years 2013 and 2014 do not have any wireless entry points? What are automakers' methods for testing for vulnerabilities in technologies it deploys — including third pressure technologies? Markey asks specifically about tire pressure monitors, bluetooth and other wireless technologies and GPS (like Onstar). What third party penetration testing is conducted on vehicles (and any results)? What intrusion detection features exist for critical components like controller area network (CAN) buses on connected vehicles?"

13 of 80 comments (clear)

  1. Grumpy? by bob_super · · Score: 2, Funny

    There, get your ... campaign contribution... and stop asking questions.
    Just trust us, we know how to build cars and we know how to keep them safe. We're Totally and Extremely Professional and Competent Organizations, you can trust us with stuff that goes boom.

    1. Re:Grumpy? by iiiears · · Score: 3, Informative

      Have you read what researchers have written about the firmware for phones, your television, your router?

      A little poking around Blackhat Convention videos, Bruce Schnier posts and OpenWRT You bet your life it's well worth a few minutes of your time and a letter of support.

        Industry Average: "about 15 - 50 errors per 1000 lines of delivered code. Source www.forbes.com

       

      --
      15TW = 15,000 Nuclear Reactors. (Approx. one accident a month.)
    2. Re:Grumpy? by Mspangler · · Score: 2

      I feel your pain. I bought a second-hand truck with On-Star. They were really eager to turn it on for the three month free trial. then I read the Terms of Service. It was of the type "All possible liabilities shall accrue to you, and any possible benefits shall accrue to us."

      It too longer to find the box than it took to pull every connector off of it. Now the terms of service are "You leave me alone and I'll leave you alone." Much more acceptable. Still too much gadgetry on the truck, but at least the remote access connection is no more.

      The truck also randomly locks it's own doors for no reason, though rain falling on the switch was clearly implicated once. I had to pop the door panel and apply the wire cutters to make that nonsense stop. And Off isn't off enough to the radio, which pulls down the battery in about 10 days, so now there is an "I mean off dammit" switch on that too. YO! GM! The truck might be parked for three months at a time! The battery should still be able to start it after that! I'll spot you 1 milliamp to run the clock, and that should be it.

    3. Re:Grumpy? by AmiMoJo · · Score: 2

      Chances are the On-Star box did more than just contact On-Star. Probably controlled power management for the radio, and allowed remote locking of the vehicle. Since you pulled all the wires out the signals that control those features are now just floating (not connected to anything, subject to any EM interference that comes along) and so appear to randomly malfunction or simply not work at all.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Stupid Senator by Ultra64 · · Score: 2, Interesting

    If you don't know the difference between "breaks" and "brakes", will you really understand the answers to your questions?

    1. Re:Stupid Senator by hey! · · Score: 4, Insightful

      Ah yes, the culture of "zing". It's much more important to catch a politician (or more likely, one of his staff) in a typo than to pay attention to the substance of what he's written.

      My hat's off to you. You, sir, are obviously a genius.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    2. Re:Stupid Senator by hey! · · Score: 4, Interesting

      Ah yes, the culture of "zing". It's much more important to catch a politician (or more likely, one of his staff) in a typo than to pay attention to the substance of what he's written.

      If either the pol or one of his staff is semi-literate, why should anyone take him seriously?

      Well, that's begging the question. We don't *know* that Senator Markey or anyone on his staff are illiterate; we only know that they aren't as careful with proofreading as they could be.

      That said, I'll attempt to answer your question: because he (or his staff) is raising a serious, important point. That's not enough for you to listen to him? It's not enough that he served thirty years on the House Committee on Communications and Technology either? He (and his staff and the secretarial pool in his office) have to be *infallible* in matters of proofreading before you'll listen?

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  3. Awesome by onyxruby · · Score: 3, Insightful

    Out do nothing congress is finally doing something useful. These are the kinds of questions we should be asking before problems start to occur and while there are chances to try to introduce standards. It's like the Toyota sudden acceleration thing, everyone assumed it was careless people until someone did a proper audit and discovered a complete lack of industry best practices that everyone assumed had been in place.

  4. Tell him to pound sand by alvinrod · · Score: 2, Insightful

    I'd tell him to pound sand until he can provide some answers about privacy protections and safeguards preventing the government from illegally spying on its citizens.

  5. Re:I hope by tipo159 · · Score: 3, Funny

    Follow the links to the actual letter on Markey's site. It really does say "kill the breaks".

  6. For fucks' sake... by acoustix · · Score: 2

    Stop calling everything computer related "cyber".

    --
    "A plan fiendishly clever in its intricacies"- Homer Simpson
  7. Re:Boston brakes. by pla · · Score: 2

    Tesla wasn't on the list?! What is the Senator trying to say?

    +500 insightful!

    Seriously, a senator wants to know about high-tech exploits, and doesn't ask the single highest tech auto manufacturer in the US today about it? That just screams "Agenda!".

  8. 2 months is an unofficial industry standard by dutchwhizzman · · Score: 2

    Most car manufacturers dimension their batteries such, that a car parked with a full battery should be able to start after 2 months under normal circumstances. If your car only lasts ten days, either your battery or charging circuit isn't working properly, or you indeed have devices in the car that consume too much electricity in standby mode. If your radio is the culprit, it really needs to be replaced. Fortunately, car stereos follow an industry standard form factor and plugs, so replacing that should be easy. Oh wait, they all stopped using that because they wanted to integrate all the car computers with that thing.....

    You are forgetting that your engine ECU requires power too. They have quite a few dynamic parameters stored in RAM that you really don't want to store in flash because they are updated every few seconds if the engine is running and you need a quick and easy way to erase them. Maybe modern cars would be able to store them in flash, but the older generations didn't have that luxury and would need to relearn their ignition timing and fuel mixture every time you pulled the plug on them.

    --
    I was promised a flying car. Where is my flying car?