Slashdot Mirror
Why Car Info Tech Is So Thoroughly At Risk
Cory Doctorow reflects in a post at Boing Boing on the many ways in which modern cars' security infrastructure is a white-hot mess. And as to the reasons why, this seems to be the heart of the matter, and it applies to much more than cars: [M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them, even if those bugs are exploited by bad guys, because the bad guys are going to do everything they can to keep the exploit secret so they can milk it for as long as possible, meaning that even if your car is crashed (or bank account is drained) by someone exploiting a bug that the manufacturer has been informed about, you may never know about it. There is a sociopathic economic rationality to silencing researchers who come forward with bugs.
Someone in the car industry needs to stand up and say "There will be no networked computers in my vehicles."
-- Thou hast strayed far from the path of the Avatar.
A significant problem is that computer-related security lessons seem to have to be learned from the ground up, industry by industry. Contrary to this, the smartphone industry (especially Apple) has relatively sophisticated security in both hardware and software, and I think it was because they could learn a lot of valuable lessons from their experience with the PC. As a result, iOS users enjoy a relatively malware-free system.
The automobile industry on the other hand, is probably somewhere in the early 2000's mindset, comparatively speaking. You see the same mistakes being made with many early Internet of Things manufacturers with brain-dead security mistakes, such as storing hard-coded encryption keys right on the devices themselves. Router manufacturers, just as little as a few years ago were still leaving shipping with services open to the internet by default. They're STILL shipping devices with known, default passwords, mysterious backdoors, and all sorts of other vulnerabilities. You can probably point to any other industry and see the same lack of basic security knowledge and practices. It's not going to change until these issues are dragged, kicking and screaming, into the light of day... either by lawsuits, legislation, or simply too much bad press.
Irony: Agile development has too much intertia to be abandoned now.
Disagree. Proprietary software is just as buggy and sometimes extremely buggy. There may even be NDA agreements that forbid revealing any bugs to third parties.
Narrator:
A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.
Business woman on plane:
Are there a lot of these kinds of accidents?
Narrator:
You wouldn't believe.
Business woman on plane:
Which car company do you work for?
Narrator:
A major one.
"If any question why we died, Tell them because our fathers lied."
There are arguments that can be made that state the stakes are higher now (due to the interconnectedness of systems), and it is plain that the attack surface of just about anything is larger, but those still are symptoms, not causes.
On the flip side of that, those with power and money have amassed more, and that interconnectedness plays to their advantage, resulting in the psuedo-regulated oligarchy we see across most industries and governments today.
The invisible hand of the free market is a hand that will push all to wrack and ruin if allowed to be completely free.
Silence is a state of mime.
The problem with vulnerabilities is when you are in an organization where simple patching is overmanaged to death so that the patches are never applied in a timely manner.
As I have discovered, it is a lot better in a legal sense to leave things unpatched. The patching requires downtime, it adds nothing to business, it introduces risks to the system of a failed change. If the patching screws up, then YOU take the blame.
It is just MUCH easier to leave the vulnerability unpatched and tolerate getting hacked. Reason? Because then somebody else takes the blame. It wasn't you, Mr. System Admin, who broke the system, but someone else. Therefore, it's not your fault. You can walk away with your paycheck as the system explodes in the background. If you noticed the vulnerability and made plans to patch it, and it doesn't get patched due to some bureaucratic ITIL wrangling, you can just walk away from the carcrash.
Patching vulnerabilities just isn't a priority for many IT environments.
READY.
PRINT ""+-0
> You should read the articles. Because CAN is a multi-master communications
> bus any device on the bus has write access at the hardware level - it's only
> software controls that limit whether a device can write to the bus or not. Which
> is why the government-mandated ODBC-II interface is such a bad idea,
> because anyone can plug in to the CAN bus with a standardized connector
> and get complete control of a vehicle.
Why is so much unnecessary, security-risky, stuff connected to that device? In a worst case, have separate buses...
* the "entertainment" bus for wifi for "teh interweb", streaming audio, etc.
* the "critical" bus that controls car operation. Have it only *PHYSICALLY* accessable, i.e. only via physically plugging a probe into a jack. And none of the devices connected to the "critical" bus are radio/wifi/bluetooth/whatever-else externally accessable.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Hey right wing dumbass.... Union people don't design the cars, nor do they decide to ignore problems with them.
As to insulation from competition: you mean like making sure that we didn't have a race to the bottom like we do now? Because 30 plus years of right wing economics have worked so well for everyone. Just look at how wages and productivity have gone up! Oh, wait. Productivity has gone through the roof and wages have gone nowhere.
Even the front runner in your own party gets that 'free trade' is a disaster you know. That the rest of the party establishment hates his guts is rather telling too.
Just because they're the only ones that have done it, doesn't mean that interested parties wouldn't want themselves to do it.
Which is more terrifying, the enemy that personally attacks you, that you can boast and brag about fighting him before he kills you, or the enemy that kills you that you never had a chance of defending against?
Now, imagine that the Toyota unintended vehicle acceleration problem manifested on all of the vulnerable cars at the same time . There are a LOT of Toyotas out there, and as a global car make it would not be hard for an organization, anywhere in the world that wanted to try this, to get vehicles to use to test discovered exploits on.
Do not look into laser with remaining eye.
NHTSA publishes a list of civil settlements here:
http://www.nhtsa.gov/Laws+&+Re...
Fiat Chrysler was recently fined for inadequate protections on Jeep gas tanks, but I did not see that on the page linked above - so the list isn't entirely current.
NHTSA may not be the fastest regulatory group out there, but they have shown a willingness to go after car companies that do not issue timely fixes for dangerous problems. Automotive software bugs will eventually kill people. Unfortunately, NHTSA probably won't care until then.
Because the tech is invariably based on open Source and written by some unpaid intern.
Though it's probably not in the way that you intended, you do have a valid point. Far too many companies seem to piece together open source software then slap on some proprietary code, without adequately testing it. Since they are doing so to save development and licensing costs, it frequently ends up as a disaster.
That being said, many companies do spend some time in integrating open source software and do thorough testing. So the success or failure of open source software in such circumstances is more a product of the company's motivation and culture than an indicator of the quality of open source software.
The US military is the only entity that has actually ever carried out attacks like this
I would say his concern is well founded.
And your claim is nonsense. Consider the case of Vasili Blokhin, for instance. General Vasili Blokhin pressed a "button" (trigger) and killed the Polish army officer corp. (Admittedly he pressed that "button" repeatedly.) This was around the time that the Soviet Union confiscated food from the Ukraine to artificially create a famine and kill 7,000,000 people by the slow death of starvation. (Death was quicker for the people that walked into the grain fields to pluck some grain to eat - they were shot on the spot.)
The Katyn Massacre
In March 1940, General Blokhin personally executed all 8,000 of the captured Polish officers on 28 consecutive nights in a basement execution chamber at the Soviet secret police headquarters in Kalinin. The soundproof room was specially constructed for the murders, with a sloping concrete floor and a hose to wash away the blood.
One at a time – 250 a day – each of the Polish officers was led into the room in handcuffs, where Blokhin awaited in a butcher’s apron, cap and shoulder-length leather gloves. Each prisoner was then turned around to face a log wall, and Blokhin would shoot him in the back of the head . . .
The other 14,000 Polish intellectuals captured during the Soviet invasion met a similar fate, although not directly at the hand of General Blokhin.
Admittedly this is only a drop in the bucket of the 100,000,000 people killed by Communist regimes, but it is revealing.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
...M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them...
If it costs nothing to ignore security bugs that can cause car crashes and human injury, then clearly the cost of ignoring such bugs is far too low.
.
The question becomes, how can security bugs be made expensive to ignore and cheap to fix?
NDAs in proprietary software is there for a reason - to protect the software vendor against revelations that they have done wrong, all the way from copyright infringement (like breaking an open source license condition in their solution), backdoors, security shortcuts etc. If it possibly can exist it will exist in the closed code.
As being involved in the car industry - I can agree upon the observation. Just look at the Autosar platform, it's a collection of bugs in tight formation that has been sold to the car industry as the greatest solution since the invention of the stone axe. But for everyone that have been working with internet solutions it's revealed to be a very clunky solution that doesn't really improve things, it just adds overhead.
Today the car industry starts to look at Ethernet as a replacement for CAN, but then there are complaints about it causing a higher power consumption and therefore there's a "need" to do quirky solutions like separating traffic on VLANs on the same physical bus, and that separation into VLANs is enough to offer sufficient security against intrusions and overload attacks (intentional through malware or unintentional through bugs).
In addition to this it's worth to realize that when you buy a car you only buy the hardware, you aren't permitted to know anything about the software. So essentially the manufacturer could say that you can keep the car but we have to erase the software in it - leaving you with a 2 ton shell of steel and plastics.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
It's all kind of baffling. We have decades of experience that tells us that writing secure software is very difficult and that patching insecure software is expensive, inefficient, and largely ineffective. So the response -- and not just in the auto industry -- is to constantly add more questionably necessary complex hardware and software (Why do I need digital air time pressure indicators that do not work properly to replace $2 mechanical pressure indicating Schraeder valve caps?) and then express surprise that the result is vulnerable to digital attack.
Folks. I don't know how to break this to you. The "solutions" that don't work on the internet, with financial stuff, with dating sites, etc probably aren't going to work in cars either..
What will work? Nothing most likely. But minimizing attack surfaces by air gapping systems that don't need to talk to one another, making ROMs read only with a physical programming switch, banishing anything that looks or works like javascript, abandoning the odd notion that over the air updates can't -- by accident or hijacking -- simultaneously brick millions of vehicles might help. The result would be clunky and sort of mid-20th centuryish. But it might be moderately secure.. And implementing it might free up resources to deal with the inevitable similar problems in the rest of the digital world.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey