Slashdot Mirror
Why Car Info Tech Is So Thoroughly At Risk
Cory Doctorow reflects in a post at Boing Boing on the many ways in which modern cars' security infrastructure is a white-hot mess. And as to the reasons why, this seems to be the heart of the matter, and it applies to much more than cars: [M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them, even if those bugs are exploited by bad guys, because the bad guys are going to do everything they can to keep the exploit secret so they can milk it for as long as possible, meaning that even if your car is crashed (or bank account is drained) by someone exploiting a bug that the manufacturer has been informed about, you may never know about it. There is a sociopathic economic rationality to silencing researchers who come forward with bugs.
and thousands of people die the same moment because some terrorist pressed a button. Of course, well informed, as the big data terrorist is, they will find out whether you are a muslim and your wife wears a burqua with even their ankle being covered all day, they will spare your car if you are one.
We only see risks where we've seen the risk actually causing harm. This is also a reason why its so hard to find motivation to fight against climate change.
Someone in the car industry needs to stand up and say "There will be no networked computers in my vehicles."
-- Thou hast strayed far from the path of the Avatar.
A significant problem is that computer-related security lessons seem to have to be learned from the ground up, industry by industry. Contrary to this, the smartphone industry (especially Apple) has relatively sophisticated security in both hardware and software, and I think it was because they could learn a lot of valuable lessons from their experience with the PC. As a result, iOS users enjoy a relatively malware-free system.
The automobile industry on the other hand, is probably somewhere in the early 2000's mindset, comparatively speaking. You see the same mistakes being made with many early Internet of Things manufacturers with brain-dead security mistakes, such as storing hard-coded encryption keys right on the devices themselves. Router manufacturers, just as little as a few years ago were still leaving shipping with services open to the internet by default. They're STILL shipping devices with known, default passwords, mysterious backdoors, and all sorts of other vulnerabilities. You can probably point to any other industry and see the same lack of basic security knowledge and practices. It's not going to change until these issues are dragged, kicking and screaming, into the light of day... either by lawsuits, legislation, or simply too much bad press.
Irony: Agile development has too much intertia to be abandoned now.
Disagree. Proprietary software is just as buggy and sometimes extremely buggy. There may even be NDA agreements that forbid revealing any bugs to third parties.
Narrator:
A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.
Business woman on plane:
Are there a lot of these kinds of accidents?
Narrator:
You wouldn't believe.
Business woman on plane:
Which car company do you work for?
Narrator:
A major one.
"If any question why we died, Tell them because our fathers lied."
There are arguments that can be made that state the stakes are higher now (due to the interconnectedness of systems), and it is plain that the attack surface of just about anything is larger, but those still are symptoms, not causes.
On the flip side of that, those with power and money have amassed more, and that interconnectedness plays to their advantage, resulting in the psuedo-regulated oligarchy we see across most industries and governments today.
The invisible hand of the free market is a hand that will push all to wrack and ruin if allowed to be completely free.
Silence is a state of mime.
The problem with vulnerabilities is when you are in an organization where simple patching is overmanaged to death so that the patches are never applied in a timely manner.
As I have discovered, it is a lot better in a legal sense to leave things unpatched. The patching requires downtime, it adds nothing to business, it introduces risks to the system of a failed change. If the patching screws up, then YOU take the blame.
It is just MUCH easier to leave the vulnerability unpatched and tolerate getting hacked. Reason? Because then somebody else takes the blame. It wasn't you, Mr. System Admin, who broke the system, but someone else. Therefore, it's not your fault. You can walk away with your paycheck as the system explodes in the background. If you noticed the vulnerability and made plans to patch it, and it doesn't get patched due to some bureaucratic ITIL wrangling, you can just walk away from the carcrash.
Patching vulnerabilities just isn't a priority for many IT environments.
READY.
PRINT ""+-0
we're talking about security exploits and the well-documented tendency for the guys in the corner office to hush things up rather than fix it, and you complain about "union campaign money" linked to deferred convictions. of whom? union bosses? don't you mean the corporate suits the union bosses hate, who are the decision makers on this topic?
do you even try to make sense when you spew your propaganda?
you're a moron. not a baseless insult. objective true: your partisan obsession has so eclipsed whatever dim wattage your brain possesses that you can no longer think rationally on a topic
this is no defense of unions. there's plenty wrong with unions. but linking this topic to unions is a blind obsession. laughably moronic, objectively so
you are what is wrong with this country
partisanship so blind, no sense of reason can prevail in your empty skull
exactly what is wrong with this country
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Seriously, whenever you have mission-critical control systems and networks, you _isolate_ them. As in _physical_ isolation. Anything else is asking for trouble and can charitably be described as grossly negligent. But apparently, this utter stupidity does gets some people better bonuses, when it should get them a few decades in prison instead for criminally negligent homicides.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Hey right wing dumbass.... Union people don't design the cars, nor do they decide to ignore problems with them.
As to insulation from competition: you mean like making sure that we didn't have a race to the bottom like we do now? Because 30 plus years of right wing economics have worked so well for everyone. Just look at how wages and productivity have gone up! Oh, wait. Productivity has gone through the roof and wages have gone nowhere.
Even the front runner in your own party gets that 'free trade' is a disaster you know. That the rest of the party establishment hates his guts is rather telling too.
NHTSA publishes a list of civil settlements here:
http://www.nhtsa.gov/Laws+&+Re...
Fiat Chrysler was recently fined for inadequate protections on Jeep gas tanks, but I did not see that on the page linked above - so the list isn't entirely current.
NHTSA may not be the fastest regulatory group out there, but they have shown a willingness to go after car companies that do not issue timely fixes for dangerous problems. Automotive software bugs will eventually kill people. Unfortunately, NHTSA probably won't care until then.
Because the tech is invariably based on open Source and written by some unpaid intern.
Though it's probably not in the way that you intended, you do have a valid point. Far too many companies seem to piece together open source software then slap on some proprietary code, without adequately testing it. Since they are doing so to save development and licensing costs, it frequently ends up as a disaster.
That being said, many companies do spend some time in integrating open source software and do thorough testing. So the success or failure of open source software in such circumstances is more a product of the company's motivation and culture than an indicator of the quality of open source software.
...M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them...
If it costs nothing to ignore security bugs that can cause car crashes and human injury, then clearly the cost of ignoring such bugs is far too low.
.
The question becomes, how can security bugs be made expensive to ignore and cheap to fix?
The problem is that though the code can be fixed, it can't be installed.
Honestly, however, most of the vulnerable Android devices aren't fixed even when it's possible, because their users don't understand what they're doing. And the system was designed under the premise that they shouldn't.
But the code can be fixed. And may be in next year's model.
I think we've pushed this "anyone can grow up to be president" thing too far.
unions do not have jack shit to do with ignoring car security
to try to shoehorn that obsession into this topic means you are a moron. not right wing, not left wing. just fucking retarded
there's nothing else to be said. keep trying to derail the topic with your low brain wattage partisan mental diarrhea. you're too dumb to talk to
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
NDAs in proprietary software is there for a reason - to protect the software vendor against revelations that they have done wrong, all the way from copyright infringement (like breaking an open source license condition in their solution), backdoors, security shortcuts etc. If it possibly can exist it will exist in the closed code.
As being involved in the car industry - I can agree upon the observation. Just look at the Autosar platform, it's a collection of bugs in tight formation that has been sold to the car industry as the greatest solution since the invention of the stone axe. But for everyone that have been working with internet solutions it's revealed to be a very clunky solution that doesn't really improve things, it just adds overhead.
Today the car industry starts to look at Ethernet as a replacement for CAN, but then there are complaints about it causing a higher power consumption and therefore there's a "need" to do quirky solutions like separating traffic on VLANs on the same physical bus, and that separation into VLANs is enough to offer sufficient security against intrusions and overload attacks (intentional through malware or unintentional through bugs).
In addition to this it's worth to realize that when you buy a car you only buy the hardware, you aren't permitted to know anything about the software. So essentially the manufacturer could say that you can keep the car but we have to erase the software in it - leaving you with a 2 ton shell of steel and plastics.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
From what I can gather, Apple and Google most certainly have an expertise which is a few orders of magnitude higher than the auto industry. Short of firing all the automotive CEOs and replacing them with geeks, I don't know how anyone can operate a significant shift in focus in less than 50 years.
I've worked for insurance, finance and distribution(I assume car companies to be as bad) and the state of the art is that none of those people have the first clue as to what computer science is, can bring to them or can take from them. They see a few wins (by looking around and copying ideas) and they don't want to pay for it.
So yeah, they end up with a badly glued patch of libraries (some open source, some not) and the end result is a collection of crap that has more bugs than features.
Write boring code, not shiny code!
It's all kind of baffling. We have decades of experience that tells us that writing secure software is very difficult and that patching insecure software is expensive, inefficient, and largely ineffective. So the response -- and not just in the auto industry -- is to constantly add more questionably necessary complex hardware and software (Why do I need digital air time pressure indicators that do not work properly to replace $2 mechanical pressure indicating Schraeder valve caps?) and then express surprise that the result is vulnerable to digital attack.
Folks. I don't know how to break this to you. The "solutions" that don't work on the internet, with financial stuff, with dating sites, etc probably aren't going to work in cars either..
What will work? Nothing most likely. But minimizing attack surfaces by air gapping systems that don't need to talk to one another, making ROMs read only with a physical programming switch, banishing anything that looks or works like javascript, abandoning the odd notion that over the air updates can't -- by accident or hijacking -- simultaneously brick millions of vehicles might help. The result would be clunky and sort of mid-20th centuryish. But it might be moderately secure.. And implementing it might free up resources to deal with the inevitable similar problems in the rest of the digital world.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
open source is not a problem - unpaid intern that had to incorporate it into something else may be however.
Someone in the car industry needs to stand up and say "There will be no networked computers in my vehicles."
That is unrealistic and defeatist. Many customers (including myself) very much want some of the capabilities that come with network access and there is no reason it cannot be done utilizing good security practices and appropriate separation of function. I want a built in GPS with weather and traffic data overlays. I want to be able to monitor my car's performance with something more sophisticated than a check engine light. I want my car to be able to fix problems or add features without visiting a dealer. Maybe you don't and that's fine but pretending that this will go away and that networks will not be used on cars is foolish.
HOWEVER, I work in the auto industry and have for much of my career. The biggest problem the auto makers are going to have is that they almost completely new to this sort of security and they have little to no security culture built around software development. This is not surprising but it is a problem. Unlike the PC industry which has had 30+ years of people attacking networks to learn from and culture built around dealing with them. Most of the security issues in the auto industry have revolved around physical security of the ignition system and doors. Network security is an entirely different animal and the auto makers are going to have to transform themselves to some degree into software companies.
Based on my experience I think they are going to get a lot of painful and very expensive lessons. They tend not to acknowledge problems until they become public and embarrassing and expensive. That will have to change. They very much should be looking carefully at what Tesla is doing because something like that is probably the model for the future. Not saying they need to copy Tesla but they should be taking notes and seeing what works and what doesn't. Unfortunately the auto makers are run by guys (and girls) who are relatively old and most of whom have NO concept of computer network security so I think they are going to move too slowly for a while.
I disagree, to me it's pretty clear what is going on here. The folks who make budgeting and resource planning decisions haven't the vaguest clue what is involved in writing software, let alone best security practices. All they see is developers that cost money.
The lead/principal/architect (whoever the head geek is) requests enough time to develop software that he/she considers reasonably secure. The suits freak out. The head geek is asked to quantify the expense. The suits see all this time spent making the software more secure. They ask the head geek to quantify the risk in terms of what is likely to happen if that time is not spent.
So here's the problem: Spending the time to make more secure software is DEFINITELY going to increase costs right now. Quantifying costs due to security problems once the product is in the wild is difficult at best and impossible at worst. So it's a matter of what is DEFINITELY going to cost money now and what MIGHT cost money in the future. The suits tell the head geek that if there are problems after it ships they'll release a patch. The head geek reminds the suits that security problems are much cheaper to fix before release than after. The suits ignore him and get a bonus for keeping expenses low, by skimping on development time.
The fact that you can't predict security problems with any reasonable degree of accuracy is the issue. The suits don't like spending money on something that MIGHT happen. Remember, this is an industry that at one time determined it was cheaper to let people die than fix a problem.
Never underestimate the power of stupid people in large groups.