Slashdot Mirror

← Back to Stories (view on slashdot.org)

Report: Automakers Fail To Fully Protect Against Hacking

Posted by samzenpus on from the two-cyber-hands-on-the-wheel dept.

An anonymous reader writes with news about a report by Senator Edward Markey on the security of new vehicles. "Automakers are cramming cars with wireless technology, but they have failed to adequately protect those features against the real possibility that hackers could take control of vehicles or steal personal data, a member of the U.S. Senate is asserting. Basing his argument on information provided by manufacturer, Sen. Edward Markey has concluded that "many in the automotive industry really don't understand what the implications are of moving to this new computer-based era" of the automobile. The Massachusetts Democrat has asked automakers a series of questions about the technologies — and any safeguards against hackers — that may or may not have been built into the latest models of their vehicles. He also asked what protections have been provided to ensure that information computers gather and often transmit wirelessly isn't used in a harmful or invasive manner."

1 of 100 comments (clear)

  1. Easy fix... by mlts · · Score: 5, Insightful

    This is fixed pretty easily:

    Don't put the fscking radio, XM satellite stuff, BlueTooth toys and other garbage on the same CAN as the ECM/TCM.

    One CAN for the basic stuff that is vital to life safety. As for wanting to turn the climate control system on and off via an app? How about no. Automobiles are dangerous, and there is a point where you just can't let the entire Internet have access to a vehicle, in the name of security.

    Even things like OnStar are disasters waiting to happen. If/when it gets breached an attacker can turn an evacuation into an epic disaster by disabling all GM cars trying to get out of an area that is about to get nailed by a hurricane. A microcosm of this happened in Austin when a car dealer's immobilization system (the buyers of cars had to type in a code each week or else their vehicle was disabled) got "hacked" (by an ex-employee who knew the manager's user info), and all cars that were in that dealer's system shut off and made to honk until their batteries died.

    I hope car makers have sense, and don't take the IoT bait. It will mean certain loss of life in the future, when some intruder disables the power brakes on vehicles at random (for example.) Or for cars that are totally drive by wire, just disable the steering wheel, or have it turn randomly. Nobody could prove that it was anyone's fault but the driver's in that condition.