Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Buying a Car That's Safe From Hackers?

Posted by Soulskill on from the add-the-firewall-option-for-only-$499-more dept.

An anonymous reader writes: I'm in the market for a new car, and I've been going through the typical safety checklist: airbag coverage, crash test results, collision mitigation systems, etc. Unfortunately, it seems 2015 is the year we really have to add a new one to the list: hackability. Over the past several weeks we've seen security researchers remotely cut a Corvette's brakes, shut down a Tesla's computer, unlock a bunch of cars, intercept Onstar, and take over a Jeep from 10 miles away.

So, how do we go about buying a car with secure systems? An obvious answer would be to buy a car with limited or archaic computer control — but doing so probably comes with the trade-off of losing other modern safety technology. Is there a way to properly evaluate whether one car's systems are more secure than another's? Most safety standards are the result of strict regulation — is it time for the government to roll out legislation that will enforce safety standards for car computers as well?

12 of 373 comments (clear)

  1. 65 VW Bug by Anonymous Coward · · Score: 5, Insightful

    Safe from EMP as well.

    1. Re:65 VW Bug by theNetImp · · Score: 4, Insightful

      my thought as well, go back to a carburetor based non-computer timed car from the 60/70s/80s

    2. Re:65 VW Bug by Andy+Dodd · · Score: 4, Insightful

      Yeah. Automotive electronics are designed to be pretty EMP-resistant from the beginning because the ignition coils produce what amounts to small EMPs - and they're connected to the power rails!

      Automotive engine compartments are one of the most electrically noisy environments out there.

      As far as a "hacker-safe" car - buy a car WITHOUT those snazzy remote management features like uConnect/OnStar/etc. All of the remote compromises out there have used those "it's not a bug, it's a feature!" attack routes.

      --
      retrorocket.o not found, launch anyway?
    3. Re:65 VW Bug by bobbied · · Score: 3, Insightful

      You test EMP by using large voltage spikes. What are spark plugs run with? High voltage spikes.... Stands to reason that a generally well shielded set of electronics inside a metal box which was designed to generate high voltage spikes on purpose, would tolerate an EMP from an external source fairly well.

      See Page 115 and following:

      http://empcommission.org/docs/A2473-EMP_Commission-7MB.pdf

      Apparently their testing involved 37 vehicles with approximately 10% showing signs of being upset by strong EMPs and nearly all of those not permanently damaged by the pulse.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    4. Re:65 VW Bug by smooth+wombat · · Score: 3, Insightful

      As would my 2010 Hyundai. It has a key and the typical remote. No fob to get hacked, always able to get into my car even if the battery in my remote dies, don't have to worry about a malfunctioning fob.

      There's a reason analog is still better for many applications. Keyed entry for cars should be mandatory.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    5. Re:65 VW Bug by thrich81 · · Score: 3, Insightful

      Does anyone around here remember DRIVING those carbureted, non-computer cars? Or worse, keeping them tuned up? I did both, along with major hotrodding, including engine swaps, camshaft swaps, carburetor swaps. Compared to the new cars they ran like cr*p. They barely started when it was cold or hot. They had weird idle and off-idle characteristics. They had very little power for the engine displacement. Worried about hackers shutting off your engine or brakes on your new car? -- well in the old days the cars did that all by themselves! Engines shutting down while driving -- yep, it happened, brakes failing while going down hills -- yep, it happened. Power steering fail while driving -- that happened, too. Those things happened with regularity. I recently helped with the purchase of a '68 Cougar with a small block V8 (302 CID) for a friend of mine -- upon driving it both of us said, "What a death machine" -- poor acceleration, poor braking, poor handling compared to the new cars we have (I'm driving a Honda Fit!). Yeah, everyone remembers the awesome big block muscle cars of the '60s, except they don't really remember them. I do, I had several. They were fun, but not very high performance compared to now. Check the magazine tests of the time.
      If you want a decent car with no outside computer connectivity then your best bet is probably something from the mid-90's to around 2010, I would guess.

  2. The fix by Ol+Olsoc · · Score: 4, Insightful

    Buy a horse.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  3. Re:you void your warranty by quintus_horatius · · Score: 5, Insightful

    What if someone else tampers with your software by exploiting security holes? Does THAT void your warranty as well?

  4. Re:Classic FUD by cdrudge · · Score: 5, Insightful

    I'm a nobody as well. I've had my car broken into because of the brick through side window exploit. I'm searching for a car that doesn't have electronics or windows. Right now I'm left with a Razr scooter and an Amish buggy.

  5. Re:Classic FUD by epyT-R · · Score: 5, Insightful

    You might not be important, but you don't have to be if the goal is to cause accidents on major highways. In those situations the logical target would be the popular cars of the unimportant people. I'd just rather not have the connectivity in the first place. I am tired of manufacturers making excuses about their shitty software and over-automated cars. Needless complexity lowers safety and adds expense.

    Even toyota's not immune btw..

  6. How are you sure? by mindcandy · · Score: 3, Insightful

    Do you have datalogging going on the CAN bus are you just guessing? .. just because you return to your car minus sunglasses but without shattered glass does not mean OMG HACKERZ.

  7. FUD by jon3k · · Score: 3, Insightful

    Most of those required physical access to the car. If I have physical access to any car I can hack it. Can we stop with the alarmist bullshit please?