Slashdot Mirror
Ask Slashdot: Buying a Car That's Safe From Hackers?
An anonymous reader writes: I'm in the market for a new car, and I've been going through the typical safety checklist: airbag coverage, crash test results, collision mitigation systems, etc. Unfortunately, it seems 2015 is the year we really have to add a new one to the list: hackability. Over the past several weeks we've seen security researchers remotely cut a Corvette's brakes, shut down a Tesla's computer, unlock a bunch of cars, intercept Onstar, and take over a Jeep from 10 miles away.
So, how do we go about buying a car with secure systems? An obvious answer would be to buy a car with limited or archaic computer control — but doing so probably comes with the trade-off of losing other modern safety technology. Is there a way to properly evaluate whether one car's systems are more secure than another's? Most safety standards are the result of strict regulation — is it time for the government to roll out legislation that will enforce safety standards for car computers as well?
So, how do we go about buying a car with secure systems? An obvious answer would be to buy a car with limited or archaic computer control — but doing so probably comes with the trade-off of losing other modern safety technology. Is there a way to properly evaluate whether one car's systems are more secure than another's? Most safety standards are the result of strict regulation — is it time for the government to roll out legislation that will enforce safety standards for car computers as well?
Well, that's one way of looking at it.
The other way is if this stuff becomes easy enough to become a cheap device or an app for your smart phone ... then the bad guy presses a button which says "all cars which are ready to be hacked please honk your horn".
Just like script kiddies and other scams, if it's lucrative enough, and easy enough, it'll happen. You don't have to be a high value target. If someone knows they can pop the locks on every Escalade in the parking lot, they're going to do it. And someone might just say "oh, fuck it, let's make all the Corvettes disable their brakes because it will be funny".
If the last decade or so has taught us anything, it's that if it can be hacked, it will be ... and if it's worth doing, it will be done.
Pretending like the security risks aren't real because you're a low value target ignores the fact that if there's money to be made. The more automated it can be made, the more it will happen.
As to the OP's question -- there is no standards body, everything is closed/proprietary, and the corporations aren't going to say up front "yeah, the following cars are totally hackable". They're going to hide this as much as possible.
I'm just not sure short of following every news story for every company and hoping and guessing you've got a hope in hell of finding this in a way that will be useful.
Right now, cars are pretty much like every other consumer device .. the companies want to make them all shiny and digital, but they don't know (or don't care) how to make them secure. Which means they don't have a culture of security, accumulated best practices, or anybody telling them the minimum they're allowed to do.
If you're that worried about getting hacked, buy a car which is a few years old and doesn't have as much electronics in it.
Beyond that ... I'm not sure how you are going to know what's hackable.
Pretty much any car with a system like OnStar is going to be remotely accessible even if you don't use it, and the car companies have admitted this.
Lost at C:>. Found at C.