Fiat Chrysler Recalls 1.4 Million Autos To Fix Remote Hack

← Back to Stories (view on slashdot.org)

Fiat Chrysler Recalls 1.4 Million Autos To Fix Remote Hack

Posted by Soulskill on Friday July 24, 2015 @03:48AM from the where-we're-going,-we-don't-need-roads dept.

swinferno writes: Fiat Chrysler announced today that it's recalling 1.4 million automobiles just days after researchers demonstrated a terrifying hack of a Jeep that was driving down the highway at 70 miles per hour. They are offering a software patch for some of their internet-connected vehicles. Cybersecurity experts Chris Valasek and Charlie Miller have publicly exposed a serious vulnerability that would allow hackers to take remote control of Fiat Chrysler Automobile (FCA) cars that run its Uconnect internet-accessing software for connected car features. Despite this, the researchers say automakers are being slow to address security concerns, and are often approaching security in the wrong way.

157 comments

Min score:

Reason:

Sort:

Too bad by hcs_$reboot · 2015-07-24 03:50 · Score: 4, Funny

So good to have a relaxing time while someone drives the car on your behalf.

--
Slashdot, fix the reply notifications... You won't get away with it...
1. Re:Too bad by Sponge+Bath · 2015-07-24 08:29 · Score: 1
  
  ...and plays Miley Cyrus on your radio at top volume and locking the doors.
2. Re:Too bad by Anonymous Coward · 2015-07-24 13:35 · Score: 0
  
  Forget relaxing, how much for 1 hour of Ken Block?
  Can Tesla offer it as an add-on for "maximum plaid"?
Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 03:53 · Score: 5, Insightful

This type of bugs should not even be possible. There should be no data connection between the entertainment crap and the actual, important things, like engine control.
And now we hear that they even pull this crap on airplanes - entertainment sections, connected to internet, are connected to same switches like engine control - "firewall will stop things!". Fucking idiots.
1. Re:Approach security the wrong way? No shit! by TWX · 2015-07-24 03:59 · Score: 4, Insightful
  
  I've made this argument on and off for a decade. Connections between the ECM and the BCM should be one-way, with the ECM notifying the BCM of status only, no response, not even a reply, going back. The ECM doesn't need to know anything from the car's entertainment system. Unfortunately I think that some aspects of the operator's interface funnel through the BCM before ending up at the ECM now, so drive-by-wire might be at least partially to blame for this.
  
  This is only going to get worse with the advent of cars that are capable of driving themselves while still allowing a human to override and take control unless automakers and their suppliers figure out how to sanely allow disparate computer systems to work together without compromising security.
  
  --
  Do not look into laser with remaining eye.
2. Re: Approach security the wrong way? No shit! by gweilo8888 · 2015-07-24 04:03 · Score: 1
  
  And now we hear that they even pull this crap on airplanes - entertainment sections, connected to internet, are connected to same switches like engine control - "firewall will stop things!". Fucking idiots.
  
  [citationneeded.jpg]
3. Re: Approach security the wrong way? No shit! by pixelpusher220 · 2015-07-24 04:07 · Score: 1
  
  Uh, you didn't hear the story about the guy who controlled the the plane he was on via the wifi? Caused it to climb and descend? Got a nice visit from the FBI?
  
  --
  People in cars cause accidents....accidents in cars cause people :-D
4. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 04:08 · Score: 0
  
  Absolutely none of the shit they exposed to world+dog should ever be exposed, there isn't a valid use case. The jackass(es) who removed airgap protection for Chrysler's vehicles should be publicly flogged.
5. Re: Approach security the wrong way? No shit! by fustakrakich · 2015-07-24 04:13 · Score: 1
  
  Fake out!
  
  --
  “He’s not deformed, he’s just drunk!”
6. Re:Approach security the wrong way? No shit! by Impy+the+Impiuos+Imp · 2015-07-24 04:20 · Score: 1
  
  They put a great deal of effort to have a simple gateway processor talk to the car network instead of the giant 32 bit radio processor directly, lest some bug in a hundred gigantic code pieces broadcast nonsense and crash the network.
  But directed hack attacks, well, whodathunk?!?!?
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
7. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 04:21 · Score: 0
  
  I could have sworn the command and control systems on aircraft were on a seperate, non wireless, network than the wifi people seem to think they can hack. Of course this is coming from people with a vested interest in saying it's not possible.
  I agree and take it a step further.... if these systems are connected... why? Why on earth would this get past the design phase with this type of vulnerability? It's not even about finding bugs, that's how software works.
  But any engineer or network technician would look at a design and facepalm, there's no reason the radio should be connected to the control CPU, that's just plain silly.
8. Re: Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 04:21 · Score: 0
  
  Was this story on the Internet? Because if it was it must be true!
9. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 04:23 · Score: 1
  
  Except for the part where the various control modules HAVE to talk to each other to work together for things like adaptive suspension and overall vehicle control that need to know about engine speed, requested power output, traction conditions, tire temps/pressures, intended vehicle direction based on steering input, etc. etc. I'd rather my car work cooperatively with itself than the individual modules be required to guess what the others are doing.
10. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 04:44 · Score: 0
  
  And how would a one way connection between the ECM->BCM prevent that?
11. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 04:46 · Score: 1
  
  There may be a need for some modules to talk to others as you detail, but they should be minimized.
  There is no need for the door locks or lights or navigation system or entertainment system or other ancillary items to output to the modules responsible for the engine running or steering. ( for an autonomous system, any required nav functionality should move "inside" a protected environment that has no ability to have external actors influence it )
12. Re:Approach security the wrong way? No shit! by timelorde · 2015-07-24 04:47 · Score: 1
  
  With wireless, everything's air-gapped.
  Shields up!
13. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 04:54 · Score: 0
  
  Not going to happen. It has been a few years since I worked in that field and back then the car makers where in the process of setting up a uniform API for maintenance and added conversion layers between the different network types you can find in a car. The goal was to install/update the firmware of everything in a car in minutes instead of hours, having a single access point for the cars diagnostics was also a nice feature. Everything being connected is seen as a feature.
  The main issue is that security is implemented to protect against faulty software ( packages controlling the engine may only be send by corresponding control units and get priority over volume control of the radio ). Targeted attacks ( lets pretend to be the control unit for the engine and send it a shutdown command) where a non issue for decades since the network itself was isolated from outside connections.
14. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 04:56 · Score: 0
  
  Even StarFleet couldn't get it right.
  If you know the code, it's shields down!
  (ref: Star Trek: Wrath of Kahn)
15. Re: Approach security the wrong way? No shit! by wonkey_monkey · 2015-07-24 05:03 · Score: 1
  
  I remember a story about a guy who was said to have claimed that he did that. I don't think we ever actually heard the real truth of it, though.
  
  --
  systemd is Roko's Basilisk.
16. Re:Approach security the wrong way? No shit! by bleh-of-the-huns · 2015-07-24 05:04 · Score: 1
  
  The problem today is that the entertainment unit is often tied into the ECU for control and metrics. Look at the Hellcat, most of the tunables (suspension, boost, breaks, even displaying key mode (red and black keys have difference performance profiles), as well as the track apps, all of that is on the uconnect system. They would need to add a completely different display and system to completely isolate the entertainment unit. While I agree this is better, the costs and complexity increase result in everything going to the one main screen. I can see within the uconnect system, isolating the entertainment functions from the apps/performance functions, then limit the cell/wireless comms to just the entertainment portion.
  
  --
  I came, I conquered, I coredumped
17. Re: Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 05:47 · Score: 0
  
  Uh, you didn't hear the story about the guy who controlled the the plane he was on via the wifi?
  Nope, I didn't. I did hear the story about a guy who CLAIMED to have done that, with no evidence supplied to corroborate his story and almost every expert saying it was impossible, though.
18. Re: Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 06:01 · Score: 0
  
  He claimed he did it on a simulator, that he got some parts from a junk yard or the internet or somewhere and did it at his home. He never said he did it on an actual plane.
19. Re:Approach security the wrong way? No shit! by plover · 2015-07-24 06:08 · Score: 1
  
  Consider the safety network, which has data from the crash sensors, rollover sensors, seatbelt sensors, and seat occupancy sensors, and mixes all of that data together in a set of rules that instantly trigger the correct airbags and seatbelt pre-tensioners. It also needs to connect to the infotainment system to take over the car's data or phone connection to send a message to emergency services. In turn it may also get data from the navigation system to report location information. It may trigger an unlock of the car doors to assist bystanders in rescuing the occupants, and it may shut off the engine to prevent further injury. It may talk to the signalling systems to turn on the 4-way flashers to help first responders find the car. The car door lock system is part of the security bus, which talks to the engine immobilizer, responsible for talking to the ECU to start and run the car. All of those data feeds that seem like they could be isolated have real operational needs to come together in multiple devices.
  The rules in a car are exponentially more complex than ever before, and they're increasingly vital for safety; not just comfort or entertainment. Consider how many lives have been saved because their airbags deployed, and the emergency responders were able to dispatch an ambulance in time to save a crash victim from dying. Now consider how many people have died from crashes directly induced by CANBUS hacking.
  The safety systems of today are doing their jobs better than ever, which is the topmost goal of the engineers. Also consider the safety systems need to guarantee reliable operation to work for the first time ever in an actual crash. If they can layer on system security without compromising occupant safety, they will, but not at the expense of crash survivability.
  
  --
  John
20. Re:Approach security the wrong way? No shit! by TWX · 2015-07-24 06:09 · Score: 3, Informative
  
  Exactly. If the functions of the vehicle's control systems have changed from a relatively simple engine spark and fuel injection management system to something that controls most aspects of the mechanics of the vehicle-in-motion, then the systems need to be balanced so that these critical systems are not run on poorly-secured or unsecured systems like the infotainment and passenger-comfort parts of the controls. If there is a need for something like the feedback from the body control module to tell the ECM how to set the suspension based on driver input, go back to basics, set a serial-link a simple four-bit byte that just changes values based on the setting chosen, and anything else is simply ignored and last-setting is retained. Doesn't have to be complicated.
  
  --
  Do not look into laser with remaining eye.
21. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 06:23 · Score: 0
  
  If these cars have electronic counter-measures, how are these hacks happening at all?
22. Re:Approach security the wrong way? No shit! by SirAudioMan · 2015-07-24 06:49 · Score: 2
  
  It's so easy to hack CANBUS, and I would assume other similar automotive data buses. Personally I have played around a bit with the CANBUS in my two cars. Using an Ardruino, a CANBUS shield and some custom software, I can read and write on the CANBUS with full control. In my two vehicles (both Ford Fusion's) I have confirmed via wiring diagrams that there are two CAN buses in the vehicle. On for non critical elements like locks, windows, radio, climate control, etc, and the other is a higher speed for more critical things like engine control, airbag modules, steering angle sensors, transmission, etc.
  Now, that design is great but there are two places where the buses meet. One is the instrument cluster, which is the gateway that passes data between the two buses. This is likely so that things like vehicle speed can be relayed to the stereo unit for adaptive volume control WITHOUT having the head unit have access to the critical systems bus. The other place is the Ford Sync module - bingo this could be a problem!
  What is needed is strict control of what data is allowed to pass between the buses, and which way. Essentially where each bus meets together, it should be thought of as a very strict firewall. The problem is, manufactures want to be able to add bells and whistles cheaply and easily, so they leave it wide open. In theory this seems okay, but with security, it's always best to have multiple levels of security. It sounds like Chrysler has only one, 'security' by hiding in plain sight. It's exactly the same as putting a PC direct on the internet without a router/firewall. For a while you will be fine because nobody is looking to break in, but eventually they'll figure it out. In this case, with Chrysler's uConnect, they did.
23. Re:Approach security the wrong way? No shit! by Capt.Albatross · 2015-07-24 07:07 · Score: 1
  
  Your exposition is informative, but it doesn't reach the point of explaining why the access necessary for this sort of remote exploit is necessary for the proper operation of the car. You cannot make a case for that from generalized "it's complicated" arguments.
24. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 07:55 · Score: 0
  
  Even if they were intended to be one way, the nature of computing software doesn't assure you that it will be on way. How about we not have remote access at all to cars via electronic means? This seems much more reasonable. There's no reason a software update cannot occur via a physical medium from within the vehicle itself.
25. Re:Approach security the wrong way? No shit! by plover · 2015-07-24 08:07 · Score: 1
  
  Good point. First, IANAAEE (I am not an automotive electrical engineer) so much of this is speculation, but not all of it. I do think small, hardware firewalls ("data diodes") could help prevent a lot of these problems. I also agree with you in that I don't think the direct access is necessary, but I think it might loop around in such a way that the holes end up being present anyway.
  Consider: the crash message from the airbag sensors, which is on the high speed engine control bus (ECB) goes to the door locks. The door locks are on the low speed bus (security network), but bridge both networks. A data diode could stop messages from the door locks from flowing back to the high speed ECB. The door locks, ignition key, and immobilizer are all on the security network. The ignition key talks to the immobilizer. Finally, the immobilizer talks to the ECU, which is on the high speed ECB.
  The security network is supposed to be isolated from the cabin comfort network (where the infotainment system, navigation system, and cell phone stuff are.) But the crash signal has to travel to the cell modem somehow, so another component has to allow messages from the ECB to the cabin bus. Plus, some of these cars have "remote start via cell phone", so something still has to enable messages from the cell modem to travel to the immobilizer. How do they get to the security network? (Bigger question: do the Chryslers even have a security network, or do all low speed messages share a common bus?)
  If everything were perfect, the immobilizer would be the only potential spot for the bridge; and because the immobilizer's entire job is to prevent the engine from starting unless all the security is perfectly aligned, it seems like the natural place where the engineers would focus their security attention to isolate the low speed bus from the ECB. But obviously not everything's perfect.
  It seems like they should have a set of dedicated data protection devices that would be similar in concept to a traffic signal's conflict monitor, somehow hard-wired with a rule that allows only whitelisted messages from the modem to go to the immobilizer.
  
  --
  John
26. Re:Approach security the wrong way? No shit! by Capt.Albatross · 2015-07-24 08:15 · Score: 1
  
  To follow on from my earlier reply, but with regard to your last sentence specifically: "If they can layer on system security without compromising occupant safety, they will, but not at the expense of crash survivability."
  That's a non-sequitur in this case. The correct viewpoint should have been "if they can connect to outside networks without compromising occupant safety, they will, but not at the expense of anyone's safety."
  Once you have chosen to make such connections possible, layering on security is not optional. If they say they can't do that without impairing crash survivability then don't create the security risk in the first place.
27. Re: Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 08:21 · Score: 0
  
  It could be done by transmitting the appropriate VOR signals from a radio in the cabin. If you knew which the autopilot was listening, you could broadcast a "louder" signal to make the autopilot think it needed to change elevation or bank to maintain course.
  hypothetically speaking of course.
28. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 08:38 · Score: 0
  
  McAffee for Automotive Systems© of course
29. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 08:40 · Score: 0
  
  http://www.mcafee.com/us/resources/reports/rp-caution-malware-ahead.pdf
30. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 08:50 · Score: 0
  
  You don't need to hack anything. The autopilot is happily listening to unsecured VOR radio stations. Pretend to be one louder than the real one and you can fly the plane remotely back in the cabin with the rest of the cattle.
31. Re:Approach security the wrong way? No shit! by Anonymous Coward · 2015-07-24 09:01 · Score: 0
  
  100% agree. This is (mis)management at work - time to market, but no time to make stuff work correctly!
32. Re:Approach security the wrong way? No shit! by guruevi · 2015-07-24 09:10 · Score: 1
  
  Firewall will stop these things. The problem is them not implementing a firewall. VLAN/Firewalling/Subnetting has been appropriate for ages, it's how the Internet works and we connect some pretty sensitive things to these networks which are typically unreachable even if you had fine hacking skills because they are not routed.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
33. Re:Approach security the wrong way? No shit! by guruevi · 2015-07-24 09:14 · Score: 2
  
  Did you read who they hire: Harris Corp and similar companies. Those companies are too big and stupid to handle these things and only care about billing out massive amounts for work that is half or not done by the cheapest H1B's and outsourced at multiple levels. You have to look for startups or actually hire competent individuals for this kind of work, nothing a good software/hardware/network engineer couldn't do by himself or with a small team.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
34. Re:Approach security the wrong way? No shit! by jonwil · 2015-07-24 13:44 · Score: 1
  
  I have watched enough Top Gear to know that there are plenty of fancy cars (sports cars etc) out there where you use the infotainment system (or at least the screen for the infotainment system) to configure all the various settings for how the car will perform. So on those cars at least, there must be a 2-way link between the infotainment system and the car control systems.
35. Re:Approach security the wrong way? No shit! by jonwil · 2015-07-24 13:56 · Score: 1
  
  If you dont provide remote access to the car systems, how will systems like OnStar be able to start the car remotely (ala Die Hard 4.0)?
36. Re:Approach security the wrong way? No shit! by davester666 · 2015-07-24 15:18 · Score: 1
  
  Even that could be abused, as changing the suspension settings could result in a change in ride height, so a malicious program could order the suspension up and down repeatedly. And if you could do it at the harmonic frequency of the vehicle...
  
  --
  Sleep your way to a whiter smile...date a dentist!
37. Re:Approach security the wrong way? No shit! by davester666 · 2015-07-24 15:23 · Score: 1
  
  the uconnect can still display the settings just fine [I guess, potentially a rogue program could try to trick the user by displaying false data on the screen], but it shouldn't be allowed to control the settings.
  And that's the rub, the extra couple of dollars for separate, completely independent buttons is too much...
  
  --
  Sleep your way to a whiter smile...date a dentist!
38. Re:Approach security the wrong way? No shit! by TWX · 2015-07-25 06:53 · Score: 1
  
  Those kinds of suspension settings, at least on most vehicles, are slow. While I don't doubt that a car accident could be caused in specific circumstances, I doubt that most drivers would even experience that, let alone some kind of harmonic resonance that causes them to lose control.
  
  --
  Do not look into laser with remaining eye.
39. Re: Approach security the wrong way? No shit! by viperidaenz · 2015-07-26 18:16 · Score: 1
  
  Air con needs to send messages to the engine control unit when the compressor gets activated or you risk stalling the engine.
  Entrainment unit controls the aircon
Obvious Solution! by fuzzyfuzzyfungus · 2015-07-24 03:55 · Score: 4, Funny

If you already have a devastating remote hack, why not make a virtue of necessity and just distribute the patch by mass-p0wning all your units in the field and rewriting the affected software? Nothing could go wrong!
1. Re:Obvious Solution! by Anonymous Coward · 2015-07-24 04:02 · Score: 0
  
  Because you'd have to get all the vehicles in range of a network to distribute the patch, you fucking retard.
2. Re:Obvious Solution! by pixelpusher220 · 2015-07-24 04:09 · Score: 4, Funny
  
  It only works from the Sprint network. Not enough coverage or reliability ;-)
  
  --
  People in cars cause accidents....accidents in cars cause people :-D
3. Re:Obvious Solution! by FranTaylor · 2015-07-24 04:11 · Score: 1
  
  Because you'd have to get all the vehicles in range of a network to distribute the patch, you fucking retard.
  http://vzwmap.verizonwireless.com/dotcom/coveragelocator/default.aspx?zip
4. Re:Obvious Solution! by ArhcAngel · 2015-07-24 04:13 · Score: 3, Insightful
  
  Good thing we don't use DAB in the US or we'd be in REAL trouble!
  
  --
  "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
5. Re:Obvious Solution! by fuzzyfuzzyfungus · 2015-07-24 04:24 · Score: 1
  
  Touché.
6. Re:Obvious Solution! by Aaden42 · 2015-07-24 05:25 · Score: 1
  
  TFA from a few days ago said they're on Sprint, not Verizon, but close...
7. Re:Obvious Solution! by DeVilla · 2015-07-24 17:14 · Score: 1
  
  If they can't fix you, were you really vulnerable to begin with? Sprints shoddy ...err... selective network is a security feature.
8. Re:Obvious Solution! by Anonymous Coward · 2015-07-27 03:15 · Score: 0
  
  Good thing you don't have smart people there that could translate a well known buffer overflow in an image library to work from an HD Radio broadcast instead of a DAB one.
Really? by gandalfu · 2015-07-24 04:02 · Score: 3, Interesting

From the press release: "No defect has been found. FCA US is conducting this campaign out of an abundance of caution."
1. Re:Really? by Opportunist · 2015-07-24 04:15 · Score: 2
  
  I believe them that they were unable due to incompetence to recreate the hack.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2. Re:Really? by burtosis · 2015-07-24 04:22 · Score: 2
  
  Read more carefully. They acknowledged the attack was viable and real, they just aren't calling it a defect. They patched it by blocking access over the cellular network as demonstrated, and further are providing a patch and additional security updates, whatever that actually turns out to be.
3. Re:Really? by Anonymous Coward · 2015-07-24 04:26 · Score: 0
  
  I believe it completely, you can only call it a defect if it wasn't designed that way.
  Sure it had some unforeseen consequences, but that doesn't mean that the function isn't intended.
  As far as we know the fix is that you now have to send a four number pin code before you can control the vehicle.
4. Re:Really? by Opportunist · 2015-07-24 04:59 · Score: 1
  
  Can you see that dialogue?
  "You need to send a 4 digits pin to control the vehicle now!"
  "And when you send the wrong one?"
  "Well, then of course you can't control it!"
  "And ... how many tries do I have?"
  "What do you mean?"
  "After how many tries does it lock you out?"
  "It doesn't, what if the driver enters the wrong code? Then he could not access it anymore!"
  "And ... what keeps an attacker from trying codes 'til he guesses the correct one?"
  "Erh... can we do that recall thing once more?"
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
5. Re:Really? by Aaden42 · 2015-07-24 05:29 · Score: 1
  
  I've got a problem with splitting that particular hair (design).
  I'm sure they don't design the things for the wheels to fly off when you're going down the highway at 70, but nobody in their right mind would try to call it NOT a "defect" if that did indeed happen to a vehicle.
  The fact that they failed to design in adequate security is a defect in the design.
6. Re:Really? by Anonymous Coward · 2015-07-24 05:44 · Score: 0
  
  You've totally missed the 'hair splitting' as you call it.
  Yes, wheels flying off the car as it drives down the highway at 70 would be a defect, because the car *wasn't* designed to do that. (In fact, it was designed to *prevent* that.
  The situation here isn't something they designed the system to prevent. It's someone taking advantage of a feature designed into the system (cross-component communication) in an unanticipated manner. It is, indeed a problem, but it isn't a defect, it's an oversight.
7. Re:Really? by Anonymous Coward · 2015-07-24 08:56 · Score: 0
  
  If you expect something to happen it's not a defect, i.e. not a hit on your quality numbers :)
Where's the hardwired switch? by kheldan · 2015-07-24 04:02 · Score: 5, Interesting

Where's the hardwired switch that kills power to the transceiver(s) in the car? We've had these on laptops for a long time now, why doesn't your car have one? You can't hack what you can't access, and if the wireless access to the vehicle is literally powered off, you can't hack it.

Also could you people please just drive your cars and stop making them a lifestyle?

--
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
1. Re:Where's the hardwired switch? by hjf · 2015-07-24 04:08 · Score: 1
  
  hardwired switches are expensive. it's all touch screen or iphone apps nowadays.
2. Re:Where's the hardwired switch? by FranTaylor · 2015-07-24 04:09 · Score: 1
  
  Also could you people please just drive your cars and stop making them a lifestyle?
  Yes, small children should be driving cars, not admiring them.
3. Re:Where's the hardwired switch? by Opportunist · 2015-07-24 04:16 · Score: 1
  
  Yeah, they could cost half a buck! That's not in the profit margin for cars!
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
4. Re:Where's the hardwired switch? by fustakrakich · 2015-07-24 04:17 · Score: 1
  
  Laptops do not have a hard wired switch, and with some, you can't remove the battery. The only way to know it's off is by letting it run down, but the good old CR2032 will keep everything on 'standby' for you for years :-)
  
  --
  “He’s not deformed, he’s just drunk!”
5. Re:Where's the hardwired switch? by Anonymous Coward · 2015-07-24 04:21 · Score: 0
  
  The only thing you can do is remove the battery. The car is technically always on because you can start it using a phone app. I actually have one of these jeeps, it's a very good vehicle, this is the first major problem that I've seen with it, and it's not that big a deal since I'm taking it to the dealer for an oil change next weeks so I'm sure they'll update the software then.
6. Re:Where's the hardwired switch? by Anonymous Coward · 2015-07-24 04:21 · Score: 0
  
  > could you people please just drive your cars and stop making them a lifestyle?
  Had a conversation with a German acquaintance, and he basically said that driving in Europe vs. driving in the US could be summed up in one simple thing: cup holders. In Europe, when you're driving, you're DRIVING. You're not drinking a literal gallon of coffee, you're not putting on make-up in rear-view mirror, you're not eating breakfast, you're not emailing anyone, in fact, you're not doing anything that doesn't involve operating your vehicle.
  I find it interesting that we can do all of those things simultaneously and not crash into anything.
7. Re:Where's the hardwired switch? by Anonymous Coward · 2015-07-24 04:23 · Score: 0
  
  People fill the empty void of their existence with shit. Shit includes automobiles. The blingier the better.
  The idea that it might be stupid to connect the brakes and steering to the internet is less important than showing your friends the song currently playing on your car stereo....on Facebook.
  This world deserves everything it gets[creates].
8. Re:Where's the hardwired switch? by sconeu · 2015-07-24 04:28 · Score: 1
  
  My Toshiba Satellite has a hard wired switch which disconnects the built-in WiFi antenna.
  You have no clue what you're talking about.
  
  --
  General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
9. Re:Where's the hardwired switch? by FranTaylor · 2015-07-24 04:28 · Score: 4, Funny
  
  The car is technically always on because you can start it using a phone app.
  
  me, you, the guy down the street, we can all start your car with a phone app, apparently.
10. Re:Where's the hardwired switch? by FranTaylor · 2015-07-24 04:30 · Score: 1
  
  that switch turns off the radio, it doesn't disconnect the antenna
  you are the one who doesn't know what they are talking about
11. Re:Where's the hardwired switch? by FranTaylor · 2015-07-24 04:31 · Score: 1
  
  Had a conversation with a German acquaintance, and he basically said that driving in Europe vs. driving in the US could be summed up in one simple thing: cup holders. In Europe, when you're driving, you're DRIVING.
  
  My car was originally sold in germany, it has that weird german brake light and MANY cup holders.
12. Re:Where's the hardwired switch? by fustakrakich · 2015-07-24 04:33 · Score: 3, Funny
  
  :-) It turns off the light...
  
  --
  “He’s not deformed, he’s just drunk!”
13. Re:Where's the hardwired switch? by andyring · 2015-07-24 04:34 · Score: 4, Funny
  
  Sheesh. EVERY car needs cup holders! Where else are you supposed to put your beer?
14. Re:Where's the hardwired switch? by Anonymous Coward · 2015-07-24 04:55 · Score: 0
  
  And then it only turns off the radio if the radio feels like it.
  I have a miniPCI 802.11b card here that happily ignores pin13 state...
15. Re:Where's the hardwired switch? by Anonymous Coward · 2015-07-24 04:57 · Score: 0
  
  disconnecting the antenna has serves no extra purpose if the radio is powered off.
16. Re:Where's the hardwired switch? by Anonymous Coward · 2015-07-24 05:04 · Score: 0
  
  Maybe that's the case in Germany, I've yet to make it there. But I have been to Rome. The feats their drivers pull while driving in the traffic they pull them in....well, I'm not sure if I should be impressed or terrified. But then again, I don't know if the statement is factually correct as it came from Top Gear, but they claimed Rome has in the order of 140 traffic accidents per day. Which honestly, if that's true, and having first hand seen traffic there, I'm shocked it's that low.
17. Re:Where's the hardwired switch? by bleh-of-the-huns · 2015-07-24 05:13 · Score: 1
  
  No, there is probably a fuse you can pull. Anything with an antenna in a vehicle has it's own fuse.
  
  --
  I came, I conquered, I coredumped
18. Re:Where's the hardwired switch? by Aaden42 · 2015-07-24 05:39 · Score: 3, Insightful
  
  Killing the receiver would disable the entertainment system. I'd agree that's a far better situation than the possibility of disabling my brakes, but a non-techy with a screaming four-year-old who wants to watch Frozen for the 300th time while driving to see grandma might feel differently. The confirmed attack on their eardrums may well be worse than the theoretical attack on their brakes...
  That said, one thing that would make sense in terms of a physical lockout is firmware updates. The attack required rewriting the firmware on the radio in order to enable sending arbitrary commands over to the CAN bus. Not unlike the write-protect jumper for a BIOS update on a motherboard, it would make sense to have a physical jumper be installed before writes to any EEPROM / flash in a car would be possible.
  Most writable chips I've seen have a physical pin that's required to be connected to power or else it's impossible to write to them, regardless of whatever software flaws might cause valid write commands to be sent to the chip. Ship that disabled by default, and have an access panel or something when field upgrades are necessary. Better than a jumper, maybe a momentary contact button that you have to physically hold down for the upgrade to succeed?
  As far as design goes, it seems like the design included a "simple" network interface chip that was designed to moderate access to the CAN from the more advanced software running on the radio / display. Why was that chip even field upgradable? If your goal is to have a limited, controlled interface between two systems moderated by some kind of microcontroller, FFS make that uC read-only mask ROM!
  I'm also inclined to wonder whether there was zero signature checking on firmware updates or whether the attack exploited a flaw in whatever checking their was. My guess would be no checking at all...
19. Re:Where's the hardwired switch? by Anonymous Coward · 2015-07-24 05:47 · Score: 0
  
  Actually, its more likely that your Toshiba Satellite has a switch that *tells the computer to turn on/off the Wi-Fi radio*.
  Quite a few of those 'hard-wired switches' are anything but in this day and age. Instead, they send a signal which is interpreted by software.
20. Re:Where's the hardwired switch? by sconeu · 2015-07-24 06:13 · Score: 1
  
  Even better. The point is that yes, SOME laptops (hint -- not every laptop is a Dull) have a physical hardwired switch to turn off the WiFi (antenna or radio).
  
  --
  General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
21. Re:Where's the hardwired switch? by kheldan · 2015-07-24 06:17 · Score: 1
  
  The word I'd use for the auto industries' handling of this, from design to revelation of the problem, is 'sloppy', and I'm being kind about it. There should be NO connection between non-essential systems and critical systems in the vehicle, there should be strong protections of the critical systems, and there should be a way to completely override and lock out any wireless access to ANY systems of the vehicle, and that lockout should be available to the operator of the vehicle at all times. Fucking hell.. I'm glad I drive a small, basic pickup truck, not subject to any of this nonsense..
  
  --
  Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
22. Re:Where's the hardwired switch? by plover · 2015-07-24 06:29 · Score: 1
  
  Want a more adventuresome automotive experience? Go to India. During the three weeks I was there, our driver's car was struck more times by more vehicles and pedestrians than I've seen in my 35 years of driving in the US.
  The drivers are worse than you can imagine. "Keep left" is more of a guideline than an actually obeyed rule; "keep center" seems to be the observed behavior. The few traffic police I saw were standing in small gazebo-like boxes in intersections - they were not driving interceptors or squad cars. Peddlers and beggars wander among cars slowed down on the roads, selling umbrellas and toys, and asking for handouts. Fuel tankers have signs lettered across the back: "KEEP BACK 25 FEET", but nobody pays attention. Lane markers are apparently nothing more than wasted white paint decorating the road. On the road in front of you you may encounter a farmer with a pony cart, bicycles, pedestrians, elephants carrying loads, and yes, the occasional unattended cow.
  And the honking! Seriously, India, WTF is up with the continual honking? You can drive a full week in many cities in the USA without hearing a single car horn.
  We saw all this on every single trip, including a 2AM drive from the airport.
  An inattentive driver would cause an accident within a split second; this may be why minor accidents and collisions are so common.
  
  --
  John
23. Re:Where's the hardwired switch? by FranTaylor · 2015-07-24 06:37 · Score: 1
  
  I'm glad I drive a small, basic pickup truck, not subject to any of this nonsense..
  so your vehicle somehow by magic avoids accidents with other vehicles? wow!
24. Re:Where's the hardwired switch? by guruevi · 2015-07-24 09:15 · Score: 1
  
  Yeah, let's pull the fuse of the thing that controls not just your media center but also your brakes, steering and engine.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
25. Re:Where's the hardwired switch? by guruevi · 2015-07-24 09:18 · Score: 1
  
  They are generally a software switch though. It's possible to turn the radio back on in software regardless. Also, disconnecting an antenna may still give the unit some range (not quite as much, but probably enough). I've run into issues where the antenna and radio were accidentally disconnected by repair, the thing still worked but had very flaky wifi. Try troubleshooting that.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
26. Re:Where's the hardwired switch? by kheldan · 2015-07-24 09:53 · Score: 1
  
  so your vehicle somehow by magic avoids accidents with other vehicles?
  Yes: The magic of 'being a competent driver'. In over 30 years of driving cars and riding motorcycles I've only ever been in one accident that was my fault, and there were mitigating circumstances even in that case. Just because some drivers and riders are accident-prone doesn't mean all drivers and riders are accident-prone.
  
  --
  Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
27. Re:Where's the hardwired switch? by Anonymous Coward · 2015-07-24 14:59 · Score: 0
  
  Old Thinkpad laptops had a switch to turn the radio on and off. T500 and before (at least to the T61 series, perhaps earlier). I would avoid the newer Thinkpads as they are crap. The older ones have better user oriented features than the newer ones.
28. Re:Where's the hardwired switch? by mjwx · 2015-07-26 14:08 · Score: 1
  
  Sheesh. EVERY car needs cup holders! Where else are you supposed to put your beer?
  Jokes aside, THIS.
  
  Cup holders are essential. I can live without Twitbook integration, voice activation, in-car DVD and all that other bollocks but cup holders are a basic need in an automobile.
  
  If you're going for a long drive, you'll need a bottle of water and this sits in a cup holder. Same with transporting a drink from where you buy it to where you drink it. Especially if its in a cup instead of a bottle.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
29. Re:Where's the hardwired switch? by StikyPad · 2015-07-27 06:01 · Score: 1
  
  Actually, automakers are well aware of the importance of cupholders.
  http://wardsauto.com/news-amp-...
  http://www.thetruthaboutcars.c...
  
  --
  https://www.eff.org/https-everywhere
30. Re:Where's the hardwired switch? by Anonymous Coward · 2015-07-27 06:05 · Score: 0
  
  India: Come for the suicidal traffic, stay for the open defecation and floating bodies.
tip of the iceburg by The-Ixian · 2015-07-24 04:14 · Score: 4, Insightful

It is becoming increasingly obvious to me that we have no idea how to secure information systems.
It's this kind of stuff that scares the crap out of people and there is no end in sight. As a matter of fact, this is only going to get worse as we migrate to an IoT.
I sometimes wonder if the technology bubble will someday be crushed under the weight of exploitation. A victim of its own complexity and insecurity.

--
My eyes reflect the stars and a smile lights up my face.
1. Re: tip of the iceburg by Anonymous Coward · 2015-07-24 04:24 · Score: 0
  
  Sure we do. But it costs money and the auto industry is about stuff not costing money. Well, at least until you need to recall vehicls apparently...
2. Re:tip of the iceburg by silas_moeckel · 2015-07-24 04:26 · Score: 1
  
  Oh we know how, it requires time and thought.
  Now the ECM should be able to send things to the BCM and Infotainment gear. The reverse should be very limited, pretty much remote start and that should be thoroughly checked for sanity. Old school would be serial in one direction yea there are some hardware hacks but not that problematic.
  
  --
  No sir I dont like it.
3. Re:tip of the iceburg by burtosis · 2015-07-24 04:28 · Score: 2, Insightful
  
  It is becoming increasingly obvious to me that we have no idea how to secure information systems.
  It's this kind of stuff that scares the crap out of people and there is no end in sight. As a matter of fact, this is only going to get worse as we migrate to an IoT.
  I sometimes wonder if the technology bubble will someday be crushed under the weight of exploitation. A victim of its own complexity and insecurity.
  Yep no one cares. Rather than just the potential murder of an annoying journalist few people know about or care about its probably going to take some complete ahole(s) with an exploit like this causing the first mass cyber fatality incident before anything really gets done and your average person cares.
4. Re:tip of the iceburg by ckatko · 2015-07-24 04:31 · Score: 5, Informative
  
  We have absolutely every idea of how to secure IT systems. Nobody wants to freaking listen.
  
  I know of a college's root password stored in plain text file on a PUBLICLY accessible url so "new computers can install ghost copies quicker." I know of companies actually using "password" for their password. I know companies that deny access to copy-and-paste on remote desktop, refuse to use e-mail because it's insecure, but are fine with me using a domain administrator account to do my work.
  
  The reason businesses don't care about security is two reasons. 1) They're not afraid and people and the laws should make them afraid so it becomes cost-effective to care. 2) The IT field is full of bullshitters so even when people do hire IT, they assume the guy they hire understands security. When most companies only need one IT guy, they have no experienced guy on hand to tell them if the guy if full of crap. I'm a software developer and I had to teach one admin how Kerberos authentication works and how to resolve issues with it, and another thought that intranet ip addresses were somehow accessible from the web.
  
  However, with the IoT, the situation is mark darker. The IoT is a movement. If it cannot get good market penetration fast, it dies out. So people know that IoT is inherently dangerous but they don't have the time and resources to make them secure and solve those problems so they bank on, and hope for, that nobody ever notices so they can sell enough of their products to keep the market going. People buy features, but security only matters if someone finds out.
  
  The IoT is the NSA's wet dream. Why spy on Americans when you can willingly get them to sign a EULA that lets their Smart TV keep the microphone on 24/7? (This has already happened.) And worse still, if the NSA can do it, so can any government. And people are so stupid they're willingly giving up their privacy just so they can "keep up with the tech Joneses" for a gadget that doesn't even improve their lives in any significant way.
5. Re:tip of the iceburg by FranTaylor · 2015-07-24 04:40 · Score: 2
  
  We have absolutely every idea of how to secure IT systems. Nobody wants to freaking listen.
  Sure we do. How many times has amazon been hacked into? Zero. Apparently they know how to do it, and do it well. So you start out with a 100% bogus assertion and it just goes downhill from there.
6. Re:tip of the iceburg by Anonymous Coward · 2015-07-24 04:49 · Score: 0
  
  why to be alarmist. stfu.
7. Re:tip of the iceburg by Fire_Wraith · 2015-07-24 05:00 · Score: 1
  
  I can distill it even further. There are two primary reasons things don't get secured:
  
  1) Cost
  2) Convenience
  
  People want Cheap and Easy. They want those far more than they want Secure, so when it comes to the "pick any two" moment, that's the way they go, and come up with ways to justify it. People, and companies, tend to do this up until the point that they are forced to compromise because the lack of Security has bit them hard enough in the ass.
8. Re:tip of the iceburg by bleh-of-the-huns · 2015-07-24 05:22 · Score: 1
  
  The biggest problem I have run into (as a Security consultant for state local and federal agencies for the last 15 years), is that they won't spend the money on the "appropriate" personnel and equipment needed to secure anything. They do not see any return on investment, so budgets are shoestring. They only wake up when they themselves are compromised, no matter how many high profile ones appear in the news.
  
  --
  I came, I conquered, I coredumped
9. Re:tip of the iceburg by Anonymous Coward · 2015-07-24 06:19 · Score: 0
  
  The IoT is a movement.
  It sure is.
10. Re:tip of the iceburg by Anonymous Coward · 2015-07-24 07:35 · Score: 0
  
  I'm a software developer and I had to teach one admin how Kerberos authentication works and how to resolve issues with it, and another thought that intranet ip addresses were somehow accessible from the web.
  
  In all fairness, if someone is used to a pure Linux environment, they are not likely to know how to deal with Kerberos. Further, intranet addresses can be accessed from the public internet depending on the network setup. No everyone is a packet head and should not be expected to know the nuances, but it is rather ironic that you criticized one person about not knowing the nuances of one system while criticizing another falsely due to you not knowing the nuances of another.
11. Re:tip of the iceburg by ckatko · 2015-07-24 08:48 · Score: 1
  
  Kerberos predates Windows using it (invented at MIT and published publicly in the late 80's), and is supported on Linux systems. This was also a Windows admin, not a Linux one, so your straw man argument is moot. If you're an admin and you don't understand basic windows domain structure, and internet packet routing, I am fully confident in judging you. If you can't do those two things, what are you employed for? Installing Outlook by pressing the "Next" button?
12. Re:tip of the iceburg by ckatko · 2015-07-24 08:53 · Score: 1
  
  Thanks for the supporting experience.
  
  That's why I think there should be legal and social consequences for data breaches. The public treats IT like it is magic... a black art (as opposed to science), dangerous/volatile, and expected to blow up in your face once-in-awhile. Nobody treats bridges that way--everyone understands you can't cut safety out of a budget for a bridge and that you have to take precautions.
  
  Businesses don't treat IT failures like they do an oil spill, but they should. It's a spill of information, and information is extremely valuable.
13. Re:tip of the iceburg by Anonymous Coward · 2015-07-24 09:19 · Score: 0
  
  You're making a massive assumption here. How do you know they haven't ever been breached but kept it quiet?
Get rid of the computer controls... by Anonymous Coward · 2015-07-24 04:15 · Score: 0

I eventually moved to vintage vehicles for ease of repair and because I simply can't stand computer-control of any kind while I'm driving, as I continually have to fight those systems for control of a vehicle (I drive in a variety of motor-sports, and I do it very well. I know exactly how my car should respond in the dry, in the wet, on dirt, in snow, on ice, etc. Any time a computer interferes with my control it throws me off big time and has several times nearly caused minor accidents when a couple of my newer vehicles (which I no-longer own) failed to respond to inputs correctly, or attempted to self-correct what they thought was a problem but was actually just me driving). I now have zero computers in either of my cars, the newest being a '76. Honestly I couldn't be happier. I no longer have even the minor annoyances of a car doing idiotic things like locking the doors for me (I can do that myself, if I want to, when I want to, thank you), and now it looks like there is a new worry I'll never have (people hacking my cars). So what started out as a "I hate ABS/TC/Stability Control" has turned into a realization that I never want to own any car with any computer in it ever again. It's looking more and more like a good decision. Dare I suggest that we build cars without computers controlling things the driver should have been taught to properly manage anyway, and then actually teach people how to drive? That's makes a lot more sense than teaching people how to parallel park and then setting them loose on the roads... With people trained to actually drive, we would not need computers to control the most vital and safety-related systems of throttle, brakes, and steering. Get the computers completely out of those three systems and the problem is solved, forever...
1. Re:Get rid of the computer controls... by FranTaylor · 2015-07-24 04:22 · Score: 4, Interesting
  
  Dare I suggest that we build cars without computers controlling things the driver should have been taught to properly manage anyway, and then actually teach people how to drive?
  sure, if you want lots more death on the highway
  this technology that you hate has saved many hundreds of thousands of lives
  https://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in_U.S._by_year
  see how the death rate drops dramatically when these features you hate are implemented
2. Re:Get rid of the computer controls... by swimboy · 2015-07-24 04:25 · Score: 2
  
  You forgot "Hey you kids, get off of my lawn!"
  
  --
  Ask me how the Heisenberg Principle may or may not have saved my life.
3. Re:Get rid of the computer controls... by Anonymous Coward · 2015-07-24 04:35 · Score: 0
  
  I don't know where you live, but any such cars here in Minnesota are either completely rusted out or are extremely expensive 'classic cars'.
4. Re:Get rid of the computer controls... by Anonymous Coward · 2015-07-24 05:39 · Score: 0
  
  Yes, but only because those driver's haven't been taught proper driving skills in the first place... Go do some motor-sports; start at the purely amateur level; autocross, rallycross (US-style; autocross on dirt), ice-racing, etc. In a few seasons (fewer if you are a natural), trust me, you'll figure out exactly what all of us in motorsports figure out: a) a human, properly trained, can control a car far better than a computer and b) most of the driver on the roads are terrifyingly awful and completely oblivious that this is the case (including you and me pre-training). Move up from there if you like it. If nothing else, it will make you a better and safer driver (Since I started motor-sports, almost 10 years ago now, I've avoided 3 accidents which I would have been unable to avoid before I actually learned what the hell I was doing behind the wheel; one of them would have involved hitting, possibly killing, a drunk pedestrian who hopped out of his (probably equally drunk) friend's car directly into a line of traffic! Very scary and a situation where only my immediate, instinctive, actions learned in motor-sports prevented the accident. Well, that, and knowing the exact limits of my vehicle - something everyone should also know). We've got computers controlling our cars because we have a system that can't be bothered to make sure drivers are actually competent. I don't suggest that everyone actually needs to do motorsports; but something more like what is required in Finland would most likely make our roads far safer than hackable computers controlling throttle, brakes, or steering do.
5. Re:Get rid of the computer controls... by Anonymous Coward · 2015-07-24 06:25 · Score: 0
  
  How many of those people survived, but wish they were dead?
6. Re:Get rid of the computer controls... by FranTaylor · 2015-07-24 06:27 · Score: 1
  
  Yes, but only because those driver's haven't been taught proper driving skills in the first place...
  
  ONLY?? ONLY??? Then WHY did they go down in Germany, too, where people ARE taught proper driving skills in the first place???
  https://www.destatis.de/EN/FactsFigures/EconomicSectors/TransportTraffic/TrafficAccidents/Tables_/RoadTrafficAccidents.html
  
  trust me
  why? you are a proven liar
7. Re:Get rid of the computer controls... by FranTaylor · 2015-07-24 06:34 · Score: 2
  
  all of your friends, apparently
8. Re:Get rid of the computer controls... by Anonymous Coward · 2015-07-24 13:47 · Score: 0
  
  Well, maybe you are right, possibly there are many people who are simply untrainable, or who choose to believe that their "driving education" consisting of learning how to park actually makes them a safe driver. In those cases I suppose automatic controls are, in fact, safer than proper training (although, I expect that proper training would still help).
  Oh, and while I may be "a proven liar", that's better than being a proven asshole... How about this, instead of being a complete jerk, maybe do what I suggested. Try some amateur motorsports for a season, it won't cost you much, and trust me, you WILL be a better and safer driver after a season. (You may "catch the bug" and never stop too... It's a curse...) You will have a very good time doing it too.
9. Re:Get rid of the computer controls... by Anonymous Coward · 2015-07-25 05:37 · Score: 0
  
  Yes, but only because those driver's haven't been taught proper driving skills in the first place...
  ONLY?? ONLY??? Then WHY did they go down in Germany, too, where people ARE taught proper driving skills in the first place???
  https://www.destatis.de/EN/FactsFigures/EconomicSectors/TransportTraffic/TrafficAccidents/Tables_/RoadTrafficAccidents.html
  Apples to oranges. The link only makes comparison of one population year over year, not two different populations as the previous commenter was talking about.
  
  trust me
  why? you are a proven liar
  Your argument is misleading and you're calling him a proven liar? Not convinced.
  So I'm not the original AC. I don't have any rally training. However, I did learn to drive in a snow belt in Canada, have driven daily for 25+ years, and have been through some of the fastest, busiest, and worst weather conditions in North America, Eastern Europe, and Asia (I travel for business, wife is from Eastern Europe, etc.). On the extremes, I've had to handle drunks, avoid high speed spin outs both on dry pavement and on ice, and dodge reckless transport drivers in blind mountain passes. Believe me, I drive, but I hate driving. Over the 25 years I've had just one accident. Although I wasn't "at fault", it was my fault for not attending to the current "judo" of the road. Still, it was a multi-car highway pile up, me in the middle in a first gen smart car and I drove away without injury and just a smashed fender.
  Trouble is, it was entirely within my control to have avoided it altogether, to simply not be in the hazardous zone, rather than mitigating it. That's what the previous commenter is saying.
  You're free to disagree with this point of view, of course, but I should point out that those "safe" SUVs around me in the pile up didn't fare so well. Rather than being simply additive, the importance of car safety empirically seems to vary inversely with driver safety.
10. Re:Get rid of the computer controls... by Anonymous Coward · 2015-07-25 06:02 · Score: 0
  
  You may be on to something.
  However, there's a big cultural hurdle that I expect most could not overcome. We'd need people to actually want to control their lives first. I guess I'm still hoping for that day, but I'm not holding my breath.
dumdums by Anonymous Coward · 2015-07-24 04:34 · Score: 0

They should totally use the hack to "hack-proof" and update the software without an actual recall.
According to this by s.petry · 2015-07-24 04:46 · Score: 1

here... You only need the car to receive a radio signal, so could use standard radio stations for the push.. just make a commercial.

--
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
1. Re:According to this by Aaden42 · 2015-07-24 05:26 · Score: 1
  
  DAB is an out-of-band communication from the audio of the broadcast. The audio of a commercial can't transmit signals in DAB format that the radio would parse.
2. Re:According to this by Anonymous Coward · 2015-07-27 03:19 · Score: 0
  
  DAB is a what? Can you try talking from the hole at the other end of your body next time perhaps?
The Internet of Vulnerable Things by bill_mcgonigle · 2015-07-24 04:46 · Score: 1

Excuse me while I go find a pickup from 1980.

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
1. Re:The Internet of Vulnerable Things by FranTaylor · 2015-07-24 04:49 · Score: 1
  
  Excuse me while I go find a pickup from 1980.
  hey baby, wanna disco?
2. Re:The Internet of Vulnerable Things by Anonymous Coward · 2015-07-24 07:54 · Score: 0
  
  Excuse me while I go find a pickup from 1980.
  That's not going to save you when a smart car going 70mph plows into your old car without airbags. I'm afraid to state the worst case scenario now for fear of it giving others ideas.
3. Re:The Internet of Vulnerable Things by StikyPad · 2015-07-27 06:21 · Score: 1
  
  Are you a ticket? Cause you got "fine," written all over you!
  
  --
  https://www.eff.org/https-everywhere
Slow Response? by Thelasko · 2015-07-24 04:56 · Score: 1

As an automotive engineer, I'm frightened by the rapid response to this issue. This isn't Facebook. When an auto manufacturer "moves fast and breaks things" people get hurt. Every change should go through months of validation before being released to the customer.

I realize this exploit is a concern. However, is Chrysler sure they haven't introduced a bug with far worse consequences by implementing this change?

--
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
1. Re:Slow Response? by Anonymous Coward · 2015-07-24 05:10 · Score: 0
  
  Please detail things that could go more wrong, from a hurried patch, than someone being able to control your direction, speed, stopping (or lack of) remotely?
2. Re:Slow Response? by edtice1559 · 2015-07-24 05:32 · Score: 1
  
  Wouldn't the best solution just be to remove the entertainment system?
3. Re:Slow Response? by ColdWetDog · 2015-07-24 06:21 · Score: 1
  
  I realize this exploit is a concern. However, is Chrysler sure they haven't introduced a bug with far worse consequences by implementing this change?
  Of course not, but they are Doing Something. That counts for quite a bit in our strobed-goldfish attention span media. If they waited six months to fix it, they would just have a bunch of bad publicity. They would look like bad guys. Hopefully, they realize this is a stopgap and will actually go through the motions to fix the the problem.
  Hopefully.
  
  --
  Faster! Faster! Faster would be better!
4. Re:Slow Response? by Anil · 2015-07-24 07:36 · Score: 1
  
  The 'how could it be worse' would be something like the Toyota incident from a few years back where people claimed the drive-by-wire accelerator malfunctioned.
  It would be good to know the content of their quick patches; I would assume that a quick patch of this type would just be disabling networking links to drive train capabilities, but considering how criminally stupid the development team (or more likely the product management for the dev team) has been thus far, who knows what they are doing; maybe changing an existing default password to a new default password.
5. Re:Slow Response? by Anonymous Coward · 2015-07-24 08:59 · Score: 0
  
  Maybe they had a new firmware release in the back pocket but were too cheap to roll it out?
Ironic by MrL0G1C · 2015-07-24 05:04 · Score: 3, Funny

How massively ironic is it that they can't fix these cars remotely when the vulnerability is due to remote hacking.

--
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Bet that's gonna cost a bit by da_guy2 · 2015-07-24 05:05 · Score: 1

Maybe next time they'll invest a bit more in security before hand.
I have an idea by slashmydots · 2015-07-24 05:09 · Score: 1

Maybe they should keep the internet the fuck out of my car. All it is is a gimmick to sell ongoing services. It's the same bullshit Microsoft tried to pull with Office 365.
Re:Shit cars marketed to fools by bleh-of-the-huns · 2015-07-24 05:09 · Score: 1

There is nothing wrong with the Wrangler, or Grand Cherokee, both of which use the same unconnect system, so they are potentially vulnerable as well. Same goes for any Dodge, say the Viper, Hellcat Chargers and Challengers. With the exception of the challenger, the rest are decent to great cars (I hate it for some reason).

--
I came, I conquered, I coredumped
REQUIRES PHYSICAL ACCESS TO CAR FIRST! by Anonymous Coward · 2015-07-24 05:15 · Score: 0

Don't let these two guys ANYWHERE near your Jeep and they can't install their shit.
1. Re:REQUIRES PHYSICAL ACCESS TO CAR FIRST! by billyswong · 2015-07-24 05:29 · Score: 2
  
  Don't let these two guys ANYWHERE near your Jeep and they can't install their shit.
  Sorry, but they don't need to
Cruise control by justthinkit · 2015-07-24 05:31 · Score: 5, Insightful

I installed cruise control on my otherwise primitive '65 Chevy station wagon. Loved it. I'm hard pressed to think of a drawback of cruise control.
But then I would say exactly the same thing about ABS.
The rest...I agree with you. Oh, except for electronic ignition -- my car starting problems disappeared when I started owning cars with electronic ignitions.
And I'm kinda fond of those lights that come on automatically. Not the ones that are always on, but the ones that can tell when it is a little too dark. Like when you go in a tunnel. I positively love that.
Oh, and automatic overdrive, "torque lockout" and the 3-way catalytic converters.
But yeah, old cars, that weigh twice as much as new cars, are the best! Trucks that ride like trucks? Man I miss those. My crap 2002 GMC Sierra, with that high strength steel? Too car-like for me. Who needs comfort? I want the smell of oil and the bounce of a bench seat.
Oh, and the rear-view mirror that shows the outside temperature and the letters I-C-E when it is near freezing? I hardly ever use that. Mind you, when it does get near freezing I kind of appreciate knowing there might be black ice.
But the compass direction indicator is a bit much. Except when I'm driving on an unfamiliar road, at night, in the rain.
So, yeah, you're right. Who needs anything better than a model T? Well, except for the time that hand crank broke my wrist...

--
I come here for the love
1. Re:Cruise control by strikethree · 2015-07-24 16:59 · Score: 1
  
  I am still trying to figure out why all of those things that you mention require a remote connection or need to be tied in to the "entertainment" system. There should be zero possibility that "remote" commands could be sent to any of those systems. I would go so far as to say those circuits should all be encased in a faraday cage to prevent the circuits themselves from acting like an antenna.
  For myself, I am pretty happy with many of the advances; however, I have had issues with drive-by-wire throttles and would hate to see a similar problem with drive-by-wire brakes. Some, dare I say most, of the systems on a vehicle should have a mechanical linkage to fall back on.
  
  --
  "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
2. Re:Cruise control by StikyPad · 2015-07-27 06:37 · Score: 1
  
  All of them, once car makers catch on to SAAS.
  
  --
  https://www.eff.org/https-everywhere
The water is getting warmer, frogs by golgotha007 · 2015-07-24 05:33 · Score: 1

This happened because auto-makers think it's OK to remotely communicate with your vehicle at their leisure. They think it's OK to download usage information and other private forms of data from your vehicle without your knowledge. Maybe they're even downloading GPS data, creating profiles out of their customers, and selling it all to a third party. All that said, I don't agree to be a future product and revenue stream for an auto vendor. I value my private data.
There should not be any listening services running on my new car at all. Any wireless connectivity must be sourced FROM the vehicle only. If I want the auto vendors to have all this private data, they'll make a button that I can push to give it on my terms.
Do we really want all our electronic things to be communicating our usage information (and god knows what else) back to the vendors?
1. Re:The water is getting warmer, frogs by FranTaylor · 2015-07-24 07:11 · Score: 1
  
  There should not be any listening services running on my new car at all.
  
  no fm radio?
2. Re:The water is getting warmer, frogs by golgotha007 · 2015-07-24 08:36 · Score: 1
  
  Haha, sure the radio is fine. And to head off any future responses about sourcing from the inside out and maintaining a static connection via long-polling, I don't agree to that, either.
3. Re:The water is getting warmer, frogs by FranTaylor · 2015-07-24 09:02 · Score: 1
  
  Haha, sure the radio is fine.
  until they put bogus packets in the amber alerts and break into your car radio
Dumb. by xenotransplant · 2015-07-24 05:53 · Score: 1

There are just some things that don't belong on the internet. Cars are one of those things.
1. Re:Dumb. by StikyPad · 2015-07-27 06:34 · Score: 1
  
  Busses, on the other hand, are going to be much harder to remove.
  
  --
  https://www.eff.org/https-everywhere
Terminator by Anonymous Coward · 2015-07-24 06:00 · Score: 0

Remember the police car chase scene from Terminator 3. Now you can do it too.
buy fiat? you are retarded by Anonymous Coward · 2015-07-24 06:23 · Score: 0

thats right, if you buy fiat cars you deserve all the buttrape you can get, and get it you will
old 70s era pacer or granada by Anonymous Coward · 2015-07-24 06:30 · Score: 0

not looking so ugly now, with their all mechanical components.....
Security for self-driving cars by Macdude · 2015-07-24 07:05 · Score: 2

Let's hope the people designing self-driving cars think about this situation when they start to implement base-to-vehicle and vehicle-to-vehicle communications and isolate the exterior communications from the vehicle control system.

--
"Grab them by the pussy" -- President of the United States of America
Rise of the new generation of engineers by mi · 2015-07-24 08:30 · Score: 1

Remember that 90ies joke about software engineers designing cars? How such cars would only run on certain roads, require reboots to fix, etc.?
Somehow we've entered that alternative reality now...

--
In Soviet Washington the swamp drains you.
New business opportunities for 2020 by MarkH · 2015-07-24 08:32 · Score: 1

De Tangley home services - our specialist crew will disable and remove all appliance, heating, structure and alarm systems with network connections. Our team use the latest tracking tools to disable the most hard to reach sensors. Guaranteed dumb house back in your control.
Dumb mot - Clean and service your car. Ensure all network equipped systems disabled. DumbCar certified agent
Clean payment services - clean simple point of sale systems. Network isolated dumb terminals. No more downtime from network attacks. Just simple straightforward and dumb as he'll terminals.
Michael Hastings? by Anonymous Coward · 2015-07-24 09:23 · Score: 0

Make more sense now?
OTA??? by Anonymous Coward · 2015-07-24 10:03 · Score: 0

Would have been much cheaper to pay the extra buks to implement some kind of OTA update functionality than recall 1.4 M cars...
List of Cars Affected by PrimaryConsult · 2015-07-24 16:31 · Score: 1

Looks like only the ones that have functionality to integrate with cell phone apps:
2013-2015 MY Dodge Viper specialty vehicles
2013-2015 Ram 1500, 2500 and 3500 pickups
2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
2014-2015 Jeep Grand Cherokee and Cherokee SUVs
2014-2015 Dodge Durango SUVs
2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
2015 Dodge Challenger sports coupes
I have a uconnect as well but it is not internet enabled (predates the years here)... now I'm glad I cheaped out and bought used, heh... anyway it's simple enough to update the firmware on these things, IIRC it's just copy some files from their website onto a usb and "boot" the uconnect off it.