Slashdot Mirror
Ask Slashdot: Buying a Car That's Safe From Hackers?
An anonymous reader writes: I'm in the market for a new car, and I've been going through the typical safety checklist: airbag coverage, crash test results, collision mitigation systems, etc. Unfortunately, it seems 2015 is the year we really have to add a new one to the list: hackability. Over the past several weeks we've seen security researchers remotely cut a Corvette's brakes, shut down a Tesla's computer, unlock a bunch of cars, intercept Onstar, and take over a Jeep from 10 miles away.
So, how do we go about buying a car with secure systems? An obvious answer would be to buy a car with limited or archaic computer control — but doing so probably comes with the trade-off of losing other modern safety technology. Is there a way to properly evaluate whether one car's systems are more secure than another's? Most safety standards are the result of strict regulation — is it time for the government to roll out legislation that will enforce safety standards for car computers as well?
So, how do we go about buying a car with secure systems? An obvious answer would be to buy a car with limited or archaic computer control — but doing so probably comes with the trade-off of losing other modern safety technology. Is there a way to properly evaluate whether one car's systems are more secure than another's? Most safety standards are the result of strict regulation — is it time for the government to roll out legislation that will enforce safety standards for car computers as well?
Safe from EMP as well.
But the manufacturers would prefer that you can't do anything like that. More drm.
You don't own it you just have a lifetime lease.
That they charge to repair.
Minimum threshold fixed. Thanks!
Unless you are someone important, people won't spend the significant effort required to hack your car. I would say you can probably avoid the seemingly quite inept "classic" US manufacturers, especially if you don't plant to do the usb upgrades etc that they might require if a remote exploit is found, but still it should be a minor concern. Ok, if you are paranoid get a Tesla, researches spent TWO YEARS and they ended up with an exploit that required physical access to a port inside the car, could at most turn of your engine (very gracefully in neutral and with you in full control) and could be instantly patched over the air...
Again, if you are some sort of a dictator etc I could see an intelligence organization with great resources finding a way to hack your Tesla if they have physical access to it, but it will still be cheaper and more efficient to just plant a bomb...
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
if you tamper with the hardware/software.
If it's a real POS, then most assuredly it will hack you to pieces in a bad wreck.
Life is not for the lazy.
If the government has backdoor access to your car's computers -- and how do we know they don't? -- so will the hackers.
Give me my freedom, and I'll take care of my own security, thank you.
Buy a horse.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
After graduating college and transitioning to my career at Taco Bell as a cream engineer (sour) I've taken the liberty in my extensive sabbatical time to research and in fact provide the slashdot community with a hardened, hackerproof vehicle that is both affordable as well as reliable. I give you, the 2001 Ford Crown Victoria Police Interceptor.
The discerning customer will have acquired it through government auction between $600 and $800, where it will present not one, not two, but three indicator lights. One light, the engine light, serves to confirm an engine is present. The other two lights, ABS and the squiggly red noodle, are savvy decoys to confuse the hacker into presuming there is a functional breaking mechanism to exploit. Entering the vehicle the driver is greeted with the stench of so many dollar-menu breakfast sandwiches and carbon paper from a decade of parking citations. These aromas confound the hacker mind. Should the hackers persist, the vehicle contains plausible deniability technology for the engine itself. Instead of recirculating oil in the crankshaft, the security of this vehicle clandestinely burns the oil. Some people have heard of the chain of trust, and in this vehicle a sophisticated system called the chain of rust prevents tampering with idler and pitman suspension components as they are permanently affixed using oxidation technology. Finally, to seal their doom, hackers attempting to gain access to the glove box will become inextricably trapped in a foul blue, brown goo which is in fact the remenants of an exploded ballpoint pen and an old snickers bar, aged to perfection. Should the driver successfully decrypt the transmission and make it into first gear, the vehicle offers many moments of useful intermittent service.
Good people go to bed earlier.
Stay away from any cars that are popular, and all those that can be controlled by the manufacturer. For the most part hackers want the most bang for the buck, so stay away from anything that you see everyone else driving. There is a reason why so many Window's viruses exist.
Time is what keeps everything from happening all at once.
I am hoping by then I can get a car that is in the cloud.
Thermostats (wifi or 3g enabled)
Home Security Systems
Banks (some of their website security makes me really wonder)
Almost all "Internet of thing" smart home devices
I even have basic questions for (mostly android) cell phones. How long do I get security updates for any of these devices?
Many of these exploits I don't think of as exploits. They attach a device to the OBDII connector. Keep your doors and windows locked and voila not connectee. 2nd, be real, somebody really wants to mess with your brakes why not nick the hydraulic cable. Much easier. Much of this is hype. The exploit on the fob to unlock, I'd pay attention to. I thought I saw somewhere the land rover is so bad that insurance will not cover it in london unless parked in a garage.
Simply a wonderfull car, except for the fuel consumption,
On that car you can virtually do everything by your own - small amount of tools needed - it's plain & simple.
But semiconductors are on board it has a stunning 6 diodes on board - not counting the radio!
If you choose a real Suzuki Samurai with spray injection from 88 you additionally get one with a cathalysator.
You do NOT need to let OnStar or similar capabilities. No need for it at all. Maybe if your car was self-driving and designed to network with other cars you would need such functionality, but the ability to call for help or use wifi or wireless diagnostics is NOT worth making it hackable
Once you do this, your car is as safe from hacking as it needs to be.
excitingthingstodo.blogspot.com
Anything from late 90s will have power, will have modern safety (ABS, Traction, Side Airbags) if you go sufficiently upscale but will not have any integrated infotainment electronics. If you go older, you start losing safety features. Late 80s is ABS, early 80s is airbags, 70s independent rear suspension and rear disk brakes.
"- is it time for the government to roll out legislation that will enforce safety standards for car computers as well?"
Which would be covered under *any* sort of "product liability for software" legislation.
Seriously: You can't buy food without the producer going through FDA checks, you can't buy a car without all the right safety and functionality checked by a gummint agency, you can't trade stocks without oversight by the SEC, so why can software vendors continue to peddle insecure crap with no liability?
Sometimes the "writing on the wall" is blood spatter...
Therefore do not involve computers in tasks that don't require computerization. Let that be your guiding principle, and follow the logic to its conclusion.
i have a honda CR-V with 4WD. one of the most boring cars there is. sure i can buy an Acura but they are just honda's with different body panels, different engine software and a higher price tag. same with Toyota/Lexus and Nissan/Infinity. or buy a honda civic. my car has a USB port for my phone and none of that new social crap computer in there for checking facebook while driving. don't need it
If you want a modern car, you're just going to have to accept that right now, they're all full of closed-source, black-box computer stuff. Short of going to work for the manufacturer and signing an NDA, you're never going to be able to get access to the inner workings of these things. The unfortunate truth is that these manufacturers are adding features without incorporating security from the very beginning, in an effort to have more bells and whistles than the other guys. They're getting better about security, but they still have a lot to learn.
The good news is that most of these hacks are at least somewhat mitigated. The Jeep one seems the worst, as it worked over a cellular connection from seemingly anywhere, to get into the infotainment system, and then jump to the car's actual controls from there. Chrysler was able to make some change to their network that (partially?) stopped the attack even if the individual cars were still technically vulnerable. The OnStar hack was a MITM between the mobile app and the OnStar website (due to not verifying the cert); it resulted in being able to do things to the car, but wasn't actually a vulnerability in the car itself. Most of the previous hacks require physically connecting to the OBD2 port in the car. As was stated in related posting, just as with computers, if the bad guy can break into your car and install a dongle, you're pretty much screwed anyway. Just like installing only necessary packages on a server to minimize its attack surface, you can also skip unnecessary vehicle options to reduce the chance of a vuln (though you may have varying levels of success getting a car with exactly what you want and nothing you don't).
We need these hackers to keep pointing out these flaws until the manufacturers fix them (and hopefully completely avoid the same mistake in the future). For now, it's still fairly early in the cycle with lots of learning being done. We need more isolation between the vital control systems and the trivial entertainment junk to completely remove the possibility of something like a USB stick being able to take over your engine, but for the most part these vulns are still rather limited in their application, due to the inherent limitations of actually getting linked up to your car's systems. I'm afraid it might get worse before it gets better, but at least these things seem to be getting addressed by the manufacturers, rather than just covered up.
This one's really easy. Don't buy a car where the core system is internet connected unless you're confident in its security.
The Fiat/Chrysler hack was insane, the result of a total disregard for security.
The Tesla "hack" barely deserves being called that as it requires physical access to the car's data bus to work. Pretty much every car on the market these days is "vulnerable" to that, but it's stupid to worry about because that's like saying your brake system is "vulnerable" to being cut.
Likewise with the Corvette.
I wish the fucking stupid media would stop publicizing any of these that require installing extra hardware in to the car as if they actually mattered.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
if you are worried about hackers, buy a car without any wireless features. no remote starter, no keyless entry, no bluetooth, no wifi, no onstar, no uconnect, no cell phone connectivity.
Anons need not reply. Questions end with a question mark.
My 1996 Jeep Cherokee still runs well. Computer controlled, fuel injected, driver's side air bag... but no remotes. I think I'll keep it.
If you are concerned about somebody "hacking" your car over some network connection, just don't buy a car with a network connection. and your problem is solved.. If there is no cellular data connection, there is no way for anybody to hack your car using a data connection. So no "OnStar" or other such convenience services that involve data connections to your car.
If that doesn't meet your definition of safe enough, understand what you are trying to protect yourself from. MOST of the demonstrated hacks we've seen of late REQUIRE physical access to the vehicle at some point. You are going to need to provide PHYSICAL security for that car parked in the public parking lot in front of the grocery store to protect yourself from this stuff. But that's always been the case. These new "hacking" techniques don't make it any worse.
In short, don't worry about it. Buy a cheap car w/o all the quickly outdated "data connection" based services and stop being a worry wart... Well that and don't be a high profile target.... Who's going to hack my Honda Accord? I'm just a middle aged, middle class guy with my 2.3 kids driving a cheap car. I'm not important enough to be a target...
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
RestoMods are where you take an older car and upgrade it to more modern standards. Thus, you get the best of both worlds; superior handling and acceleration, some added safety features, and a car that looks vintage, styled to stand out from the crowd of oval-shaped vehicles.
There's even an upgraded pan for the VW Beetle that provides disc brakes, better handling and smoother ride; as well as a large assortment of engines that can provide anything from mild performance to tire squealing, drag-strip style that'll smoke most other cars.
And yes, almost all RestoMods eschew too much electronics, which make the cars as unhackable as they were when they were original 60's and 70's cars.
If telephones are outlawed, then only outlaws will have telephones.
The other way is if this stuff becomes easy enough to become a cheap device or an app for your smart phone ... then the bad guy presses a button which says "all cars which are ready to be hacked please honk your horn".
... and if it's worth doing, it will be done.
Just like script kiddies and other scams, if it's lucrative enough, and easy enough, it'll happen. You don't have to be a high value target. If someone knows they can pop the locks on every Escalade in the parking lot, they're going to do it. And someone might just say "oh, fuck it, let's make all the Corvettes disable their brakes because it will be funny".
If the last decade or so has taught us anything, it's that if it can be hacked, it will be
So you may be unimportant, and nobody is likely to *personally* hack your car... but nothing would prevent a motivated hacker from compiling several exploits for the most commonly driven cars into a single program that any script kiddie can use. And it really won't matter to you whether your car was singled out by a malicious entity, or merely one of thousands, if the brakes and steering are disabled at 60mph.
people might care enough about a car to hack and steal it, or punks may decide to hack 100 cars at once on a highway for shits, grins and bloodspill
Both a friend of mine and my mom had their Nissans broken into while at my sister's house and we're pretty sure the thief used a wireless hack since neither vehicle had signs of forced entry yet both were locked. Likely it's a local kid, cameras would help catch him. Funny story though, the suitcase stolen from my mom's car had about 25 pounds of bran and a book on crafting since she was getting ready for a crafting bean bag project. That thief didn't get much :-)
Here's an article that describes this a bit:
http://www.networkworld.com/ar...
Parking in the garage is a simply deterrent as always.
1. If you can't pay cash for the car you can't afford it so get an older model. Depreciation on any new model is huge and a money looser. 2. Add in your own top end stereo system for the convenience items you want. 3. Modify the dash to use an iPad or Android tablet. You can tie it into the control system if you like. You don't get crash avoidance but if you actually drive like your life depends on it you don't really need it.
It all starts at 0
Exactly. If you're worried about this, you're making the obvious mental error in thinking that stories you see on the news are about you. They aren't. Even if the news stories are true (and not misleading, or out-of-context, or dramatized, or hyped out of proportion), they're still almost never stories about you.
You don't need to take any action. You don't need to disrupt your life. You don't need ask your government to bully other people into solving this "problem" for you. It's not about you. It really isn't.
So far as I know my 2008 Toyota Tacoma with a 5-speed manual transmission doesn't have any wireless anything built into it, and you'd have to have physical access to the vehicle in order to 'hack' anything in it. The throttle pedal may be connected to a potentiometer, but the brake pedal, steering wheel, clutch pedal, and parking brake are all mechanically connected to their various systems and will all still function even with the engine off.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
This is a ridiculous scenario, why would any sane hacker hack the car they just sold to someone else? If something goes wrong, who do you think the authorities might check first? It's about as silly as saying, well what if someone sells you a car with a car bomb in it? You could argue that somehow the hacker doesn't like you but then why would he/she even bother selling you the car in the first place. The whole scenario is highly unlikely. Besides, most people who would pull pranks of this sort are not going to want to know who the victim is or met them personally.
A more likely scenario is as a prank someone crashes an entire network of cars for fun or maybe they dislike the company. Still in this situation, how many of you would knowingly do something that could potentially hurt hundreds or thousands of people? I think most hackers can distinguish between "annoying fun" and outright getting folks killed or injured.
Granted while it is important to have proper security, I doubt any of these scenarios are as dire as one might suspect.
just dont go stupid and get all the extra comfort phone control features and you are just fine.
No hacker on this planet can hack a 2015 civic without physical access.
Do not look at laser with remaining good eye.
I recommend Charlie Miller's talk from DC 22 - in which he goes through the architecture of a number of vehicles. His goal was the opposite of yours, to find the most hack-able car to set up for his talk this year (and the preceding Jeep recall) but if you turn the crank in the other direction, you should be able to get to the conclusion you want:
https://www.youtube.com/watch?...
Min
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
Buy a VW or Audi or Skoda or Seat... If you want to disable "carnet" remote access you can by unplugging the ECU under the passenger seat. If you want more security, then close the doors with the door knob, the code stored inside the key is changed every time you turn on the ignition.
At least in european versions, tyre pressure sensors are not 'wireless', in fact, there are no tyre pressure sensors, pressure failure is determined by the wheel encoders, if a wheel runs faster when you drive straight, the radius is smaller and thus the car warns you.
Seeing what other manufacturers do, I think you should consider buying a VAG Group car.
PS: you can also download on TPB the workshop manuals, elsawin, etka, and diagnose the car using VCDS and a dongle bought from eBay. This was another reason for buying a VAG group car, I can repair it by myself!
We're going to need the car equivalent of being able to turn off all wireless connections. With some hardware switch.
At least 'til manufacturers get it through their skull that it MIGHT be a good idea to separate consumer-area entertainment electronics from the electronics necessary for operation of the vehicle.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You have a lifetime lease?
Good topic, we need to change that. Can't be that you buy a car and then simply use it for as long as you please. Or even, god forbid, sell it used. Used car sales cut into car sales. Government, help us! People deserve the new car experience, don't let people sell their cars!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Sorry, security and privacy are only for the wealthy. For the rest of us, it's our duty to continue to allow them to use our security and privacy to make more money.
--- Keep the choice with the user..
Do you have datalogging going on the CAN bus are you just guessing? .. just because you return to your car minus sunglasses but without shattered glass does not mean OMG HACKERZ.
Most of those required physical access to the car. If I have physical access to any car I can hack it. Can we stop with the alarmist bullshit please?
He'll restore you one for only 65k!
I can't call that English
Just restored a 1976 Dodge pickup to near immaculate condition for less than 1 years worth of new truck payments. Insurance is $65 a year, and a 5 year registration in Colorado cost $200. Not only can I fix nearly anything with either a ball peen hammer or $20 visit to CarQuest, I'm pretty sure its immune to anything up to a nuclear EMP.
Nothing evolves faster than the word of god in the minds of men who think themselves divinely inspired.
At least 'til manufacturers get it through their skull that it MIGHT be a good idea to separate consumer-area entertainment electronics from the electronics necessary for operation of the vehicle.
That's not that feasible: they use the consumer-area electronics a lot now to allow configuration of the more critical systems, and to read data from them. With a decent API which only allows certain operations, the ability to cause damage can be limited. From what I read, the recent hacks involved rewriting the firmware in some modules, so I guess on some models (like Jeep), the consumer-area system has the ability to apply firmware updates over CAN to other modules, so if you can figure out how to make a compatible firmware image and how to build one that does what you want, you can use this mechanism to hack in and take over the car.
I wonder if every manufacturer has designed their systems this way or not.
Physically disconnect the uConnect/OnStar antenna, turn off BlueTooth or any other remote connection system if you can't disconnect their antenni. Pull the fuse for the powered lock system that allows your keyfob to unlock your door/start your engine.
Remember. If you can connect to your car remotely, so can the bad-guys.
"Grab them by the pussy" -- President of the United States of America
In short: If you want a secure car, get something with a carburetor or buy a VW, Audi, Porsche, Seat, Skoda, Bently, Bugatti or Lamborghini.
I reverse engineer automotive software for a living and I can say without question that Volkswagen Auto Group cars are as secure as you can possibly find.
Most of the cars you hear about being "hacked" are vulnerable because of something in the infotainment system. Once an outsider has access to that, in most cars, they have access to the canbus and can do "bad" things.
Vag cars are not this way. They have multiple can buses, one for each primary function. Body control, convenience and power-train are all on separate buses. Between these buses sits a device called the "can-gateway", which is essentially a canbus firewall. No packets can move between the buses except those that are necessary to allow. A "wheels are spinning, activate ABS" message cannot originate on the convenience or body control bus.
The software for just about everything important is secured with signatures (2048 bit now). Modifying the software for these cars is extremely difficult, getting access in the first place requires enormous amounts of very skilled labor. We spend many thousands of man hours each year just keeping ahead of the security features added to the ECU engine control code (we're a performance company).
It's hard enough to modify anything on these cars when you have every tool imaginable, a seasoned veteran staff, complete access to the cars and nearly unlimited financial resources.
"Is it time for the government to roll out legislation that will enforce safety standards for car computers as well?"
Here's a suggestion: make the maker of the car liable for successful remote-takeover attacks (not involving physical access). For actual damages. No matter what kind of waiver or "user agreement" the user is asked to sign (in fact, make those explicitly *illegal* if they attempt to subvert this, except in the case of experimental vehicles of very limited numbers). That way the lawyers would squash the "bright ideas" of the marketing guys, until there's security technology that management is willing to bet the company on. And, oh yes, if the government asks for a "remote kill switch"? Have the *government* be liable in court for abuse of it. That'll probably shut down *that* bright idea, too. For a little while.
This will probably retard things like self-driving cars for years. And that wireless access point in your car would for sure no longer be able to talk to the car itself. But I believe this would be a good thing. And if cars come, from now on, with only three indicator lights, that's a shame. But probably worth it. I don't like the idea of Unknown Hackers doing to highway traffic all over the country what they did to Sony's IT.
You need to find a car with a cop motor, a 440 cubic-inch plant, you need cop tires, cop suspensions, cop shocks. Find a model made before catalytic converters so it'll run good on regular gas. What do you say, is it your new car or what?
"But... 2 separate CANbus systems?!? That would increase our costs almost a whole dollar per car!!!"
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Best benefit: you can put one of those Breast Cancer "Save the Tatas!" bumper stickers on the back!
I've abandoned my search for truth; now I'm just looking for some useful delusions.
7th and 8th gen CIVICs.
Easiest cars to work on in the history of cars.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
If you want a modern car, you're just going to have to accept that right now, they're all full of closed-source, black-box computer stuff. Short of going to work for the manufacturer and signing an NDA, you're never going to be able to get access to the inner workings of these things.
And they're also locked down against even other people in the company.
Much of the low emission and long lifetime performance is the result of the ability of the engine control computer to fine-tune the engine's characteristics on the fly, far better than the mechanical/electrical/pneumatic/hydraulic "computation" systems - where every arithmetic operation is several hardware parts - ever could.
The automakers keep tight controls over the code that runs the engine. This is not just to maintain competitive advantage, but to keep people from changing the engine's (and transmission's) operating parameters - which could give you better performance but completely wreck the fine balance that keeps emissions and fuel mileage within government mandates.
Making the powertrain computers less susceptible to cracking is a really good idea. Replacing them with something other than a powerful computer is not doable, without reducing the performance (especially the pollutant emissions) to something not much better than that of vehicles just before engine control computers were first deployed.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
if you are worried about hackers, buy a car without any wireless features.
The federal government mandates a radio-based tire pressure telemetry system on all new cars. That means there's a digital radio monitoring the transmitters in the tires and reporting to the computer that displays alarms on the dashboard.
At least one such system has ALREADY been cracked, giving the attacker control of the car's data bus via the mandated tire pressure receiver.
(Also: These systems are inherently useful for tracking cars: Each wheel reports its pressure, along with a serial number (so the vehicle's system knows which are IT's tires and which ones are underinflated). This can be received by radios other than the one in the vehicle, including systems using loop antennas buried in the roadway.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
That's not that feasible: they use the consumer-area electronics a lot now to allow configuration of the more critical systems, and to read data from them.
It's not feasible to lock my front door, because my house was built with a non-stop conveyor belt running from the mailbox to the kitchen.
The entire point of this ask-slashdot is to identify cars that DON'T integrate entertainment systems and wireless access with the safety critical electronics. Cars that DON'T do the dumb&dangerous stuff you just listed.
Data flow *from* the primary systems *to* entertainment&wireless systems is marginally acceptable, if it's a physically enforced one-way data flow using optocouplers or something.
I seriously want each car manufacture to have one employee on staff, who's sole job is say "YOU'RE FIRED" every time any idiot engineer wants to permit ANY data flow from entertainment-or-wireless systems into safety-critical systems. I don't care how limited the APIs are, I don't caret how encrypted it is, I don't care how cryptographically-secure the certificates are. If there's data flow into critical safety systems, it's effectively certain that it's going to be vulnerable. You don't connect safety-critical systems to wireless input, period.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I don't care (much) if my entertainment and navigation system is hackable. But I ABSOLUTELY DO NOT WANT anything to do with the actual operation of my vehicle to be hackable! It seems to me that using two physically separate computers and networks -- one for nav/comm/entertainment and one for vehicle systems -- would be a good start. MONITORING devices could be providing data to both (to allow things like OnStar to detect an accident or to allow the entertainment system display to show vehicle status. However, absolutely ZERO vehicle CONTROL devices should be in any way accessible from the entertainment computer/network.
I write software for nuclear power plants where we have several physically separate networks and computer systems, with the most secure systems only streaming data outward towards the less secure systems. The most secure systems have no external inputs or connections at all -- as the vehicle control system should be (even the diagnostic port(s) should be in an area locked by one of the vehicles physical keys). The less secure systems have no access to any sort of control function so that, in the event of compromise, the worst that can happen is capture and possibly inaccurate display of aggregated data (operators still verify unexpected computer readings with physical instruments before controlling the reactor). The secure system needs nothing from the less secure system(s) and, if the data rate is not too high, could even stream its outgoing data using a TWO WIRE serial connection that does not even have the return signal connected!
If they care, the automotive industry could easily do these things to protect control systems. The fact that they don't bother shows just how much they value profits over human lives.
Why can't they add a pairing code to the fob and car to be set by the owner? Similar to bluetooth paring. It will obscure the default signals at least.
Pumpkin orange - even if it were hackable, no one wants to be seen in it.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
One of those matchbox cars. Or an old one.
objoke :
"What's the difference between a computer salesman and a car salesman?
The car salesman knows he's lying."
I guess the "ob"'s for obsolete, now.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Ain't no hacking there
-- Tigger warning: This post may contain tiggers! --
How about not connecting Bluetooth directly to to the ignition system with an easy to guess password.
If you're paranoid, buy a wheel clamp or steering lock. Otherwise, buy a cheap car and be paranoid, or do some smart stuff and/or don't mind.
It's ironic that this article appears just a few slots above the "the network is untrustable" article about AT&T's support of hacking. The process of keeping an Internet-facing machine safe is a more or less daily battle of 0day patches. This isn't, has never been, and likely never will be possible for consumer electronics because it imposes too much cost on the manufacturer. Automotive software doesn't get updated with the same frequency as desktop software for a bunch of reasons, and it also doesn't get updated indefinitely because there's a distinct end-of-lifecycle for it. TL;DR: The only safe-ish automotive electronics, both now and in the future, are electronics that have no connectivity. It's impossible to feel safe about connected electronics of any sort, and in a realtime control environment like a vehicle, it's frankly irresponsible to permit such connectivity.
As long as the world only contains individuals, that's a major concern put to rest. When examined at any larger social scale, though...
There are also corporate entities, including bad actors whose antics include all sorts of chaos-inducing mischief. So, what happens when New Jersey political actors shut down a busy bridge? Oh, wait, that didn't involve electromagnetics... When Russia wants to tie up all the traffic in a Ukrainian city? China versus India? India versus Pakistan? Ukraine versus Russia? Tibet versus China?
The vulnerabilities of national transportation infrastructure are very much a concern related to 'the common defense', and a dose of national involvement is very likely in the near future. From a LOT of nations, not just the US. Maybe the UN should sponsor laboratories for internet-of-things safety qualification.
If you get a car with no radio-control and a "dumb AM/FM radio" that isn't linked to the "car" part of the car, then you should be hack-proof to almost* anyone without physical access.
This means no remote-engine-start, no "OnStar"-like services, no remote-entry, and probably no cell-phone-through-the-car-speakers, etc. etc. etc.
* While there is always the theoretical ability to "beam" a signal to a wire in your car, the difficulty of doing do in anything more than a blunt fashion makes this unattractive to hackers. If a hacker wants to crash your car remotely, there are easier ways to do it and if he wants to do anything else, well, it will probably be easier for him to run you off the road, kill you, and steal the keys.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The corvette wasn't hacked, they hacked an OBD-2 dongle that was stuck connected to it - entirely different thing. And electronic access systems for opening your car with an RC have apparently all been hacked or are less than safe. Keyless Go cars can be opened with a proxy attack. So where does that leave you?
If you buy an old car, the thief can just open it and steal it the old fashioned way. So pick the car you want and stop thinking about stuff like this, it's useless anyway. If someone wants to steal your car, they'll do it. Either electronically or mechanically.
If a train station is a place where a train stops, what's a workstation?
Another more drastic (and *much* more difficult) modification you could do is create a CAN firewall and just block potentially life threatening messages from leaving modules that are network connected.
Good luck figuring out all the relevant CAN IDs for all the models you want to sell your gizmo for :)
If a train station is a place where a train stops, what's a workstation?
if lead could shield kryptonite, xray, then probably a little wifi bluetooth shouldn't be a problem. just don't do the VW ad and try to lick it.
not to mention no text or phone call would interfere with your driving.
They may not recognize it as a car.
mfwright@batnet.com
It is a 2002 Rio with 55000 miles....I never go anywhere. You might need to vacuum the floor mats.... The most advanced tech in that car is the fuel injection, the digital odometer and the FM radio. It is a stick shift, has cranks for the windows, no central locking, and none of that hackable entertainment and computer crap in it. It will be a sad day when I have to let go of it. Maybe I should take the bus instead then....