Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Car Info Tech Is So Thoroughly At Risk

Posted by timothy on from the at-least-they-can't-say-they-don't-recall dept.

Cory Doctorow reflects in a post at Boing Boing on the many ways in which modern cars' security infrastructure is a white-hot mess. And as to the reasons why, this seems to be the heart of the matter, and it applies to much more than cars: [M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them, even if those bugs are exploited by bad guys, because the bad guys are going to do everything they can to keep the exploit secret so they can milk it for as long as possible, meaning that even if your car is crashed (or bank account is drained) by someone exploiting a bug that the manufacturer has been informed about, you may never know about it. There is a sociopathic economic rationality to silencing researchers who come forward with bugs.

2 of 192 comments (clear)

  1. Laugh by koan · · Score: 5, Funny

    Narrator:
    A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.

    Business woman on plane:
    Are there a lot of these kinds of accidents?

    Narrator:
    You wouldn't believe.

    Business woman on plane:
    Which car company do you work for?

    Narrator:
    A major one.

    --
    "If any question why we died, Tell them because our fathers lied."
    1. Re:Laugh by FranTaylor · · Score: 3, Funny

      which units do you use to measure the enjoyment of a chocolate bar? do you use wonkas or toblers? it makes a difference in the calcuations.