Auto Industry Teams Up With Military To Stop Car Hacking

← Back to Stories (view on slashdot.org)

Auto Industry Teams Up With Military To Stop Car Hacking

Posted by Soulskill on Wednesday November 26, 2014 @05:32AM from the feel-free-to-stay-on-top-of-that dept.

An anonymous reader writes: A team of hackers is collaborating with military and industry groups to develop cyber security defenses for commercially available cars, in response to a growing threat from criminals and terrorists. In the U.K., hackers are now responsible for a third of car thefts in London and there are fears that while technology is progressing, older models will remain vulnerable to attack. Although there have been no reported instances of a car being completely commandeered outside of controlled conditions, during tests hackers come out on top every time – unlocking car boots, setting off windscreen wipers, locking brakes, and cutting the engine.

6 of 114 comments (clear)

Min score:

Reason:

Sort:

First rule of computer security!!! by Karmashock · 2014-11-26 05:41 · Score: 3, Insightful

1. Physical security.
If you let the machine get into the hands of hackers... they will break it the controls. And that is doubly certain if the device is mostly functional regardless. It will interact and that will let people either exploit flaws in the security or just decrypt it.
If you want to stop hackers from getting into the system then the first thing you have to do is make it pretty much impossible for a hacker to physically access the system. As in steel. And beyond that, the wireless connections are a serious vulnerability. Scale them back or secure systems from the wireless radios.
If you can't do that, then at the very least don't let a hacker turn my engine off while I'm driving down the free way. Some features are simply not worth that vulnerability.

--
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
1. Re:First rule of computer security!!! by geekmux · 2014-11-26 06:31 · Score: 2
  
  1. Physical security.
  If you let the machine get into the hands of hackers... they will break it the controls. And that is doubly certain if the device is mostly functional regardless. It will interact and that will let people either exploit flaws in the security or just decrypt it.
  If you want to stop hackers from getting into the system then the first thing you have to do is make it pretty much impossible for a hacker to physically access the system. As in steel. And beyond that, the wireless connections are a serious vulnerability. Scale them back or secure systems from the wireless radios.
  If you can't do that, then at the very least don't let a hacker turn my engine off while I'm driving down the free way. Some features are simply not worth that vulnerability.
  First rule of Capitalism: Make money.
  Second rule of Capitalism: Actually give a shit how you make it.
  Good luck getting anyone to pay attention to any other rule but the one that counts.
  In other words, fuck your risks. The vendor is going to massively profit from those insecure features you never asked for, and won't stop installing them until enough people die to make it illegal (key word there being enough, that threshold is a lot higher than you think thanks to political gaming.)
Overkill! by Anonymous Coward · 2014-11-26 05:44 · Score: 2, Funny

Nothing, and I mean nothing the security guys ever come up with will have anywhere near the effect of the six inch square piece of plywood with 25 six inch nails hammered through that i place under the driver seat of my car. The second a would be thief jumps into my car seat is the second they begin to understand just how bad their life choices have been. I also have a conventional car alarm that serves to let me know that i should call an ambulance for the 'tard, should but wont, baseball bat feels better in my hands than phone.
Re:OT: I have a small feature request for car-make by sinij · 2014-11-26 06:19 · Score: 2

A number of reasons this isn't a simple feature request:

* continuous monitoring will drain your battery, so you will come to a dead battery every time you go on vacation;

* the system will also have to monitor for precipitation, so additional sensors are needed (you wouldn't want to come back to wet seats now, would you?);

* there are better ways to spend ~100$ in parts and 5lb of weight.
Re:OT: I have a small feature request for car-make by mi · 2014-11-26 06:26 · Score: 2

You want a machine to decide that for you...
No, I want it to decide for itself — when I am not there.

--
In Soviet Washington the swamp drains you.
Re:No reason to network cars by geekmux · 2014-11-26 06:58 · Score: 2

Car manufacturers want to double-dip by tracking you using your car. When you pair your phone with infotainment system, they can sell real-time location data (your car's GPS) strongly tied to your identity. Even if you opt out of OnStar and such system, they are still active.
Let's be realistic here for a moment. When is your cellular GPS data not your real-time location?
There is no opting out of being tracked if you own a cell phone, whether you own a car equipped with OnStar or not.
And you signed away that GPS data about 17 EULAs ago.