Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Car Info Tech Is So Thoroughly At Risk

Posted by timothy on from the at-least-they-can't-say-they-don't-recall dept.

Cory Doctorow reflects in a post at Boing Boing on the many ways in which modern cars' security infrastructure is a white-hot mess. And as to the reasons why, this seems to be the heart of the matter, and it applies to much more than cars: [M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them, even if those bugs are exploited by bad guys, because the bad guys are going to do everything they can to keep the exploit secret so they can milk it for as long as possible, meaning that even if your car is crashed (or bank account is drained) by someone exploiting a bug that the manufacturer has been informed about, you may never know about it. There is a sociopathic economic rationality to silencing researchers who come forward with bugs.

1 of 192 comments (clear)

  1. When the bugs become deadly NHTSA will care by zerofoo · · Score: 3, Informative

    NHTSA publishes a list of civil settlements here:
    http://www.nhtsa.gov/Laws+&+Re...

    Fiat Chrysler was recently fined for inadequate protections on Jeep gas tanks, but I did not see that on the page linked above - so the list isn't entirely current.

    NHTSA may not be the fastest regulatory group out there, but they have shown a willingness to go after car companies that do not issue timely fixes for dangerous problems. Automotive software bugs will eventually kill people. Unfortunately, NHTSA probably won't care until then.