Slashdot Mirror
Experts Have No Confidence That We Can Protect Cars and Streets From Hackers (dailydot.com)
Patrick O'Neill writes: Cars and streets are now connecting to the Internet for a long list of transportation and safety benefits but the new tech has drawbacks. Experts from government, industry, and academia say they have no confidence they'll develop a secure system that can protect users from tracking and privacy breaches. Their opinions were captured in a recent survey (PDF) from the Government Accountability Office. "The government is coordinating with the transportation industry on the Security Credential Management System (SCMS), a project to verify that basic road-safety messages come from authorized devices. ... At this point, it’s not clear who would even run such a system. Previous plans pointed toward car industry control, but the Transportation Department is now looking into playing 'a more active leadership role' for V2I as well as V2V (vehicle-to-vehicle) networks. That role would include setting security and privacy standards when V2I and V2V networks become operational."
Buy some new experts.
<blink>down the rabbit hole</blink>
So no matter what we are going to attach cars and the "street" to the Internet? That's a good idea?
And there is a serious question as to whether that control should be privatized?
Let me convey my feelings about that as one concerned citizen.
Never has it been more insulting, and dangerous, than to consider privatizing public utilities and assests, and thereby making people dependent on corporations to manage something we all use and need.
Privatization never turns out well for the end user, and no matter what you say about the government running things, it's a damn sight better than some corporation.
"If any question why we died, Tell them because our fathers lied."
From TFA :
"Privacy will be a key component of the new road networks. Data generated by V2I networks may be given to academics, government agencies, and private companies for research purposes."
I guess privacy does not mean what I think it means
If they say there is no problem then experts are no longer valuable.
Car infotainment systems are a Trojan horse by the car manufacturers in search of forced obsolescence.
Modern cars normally last 12-15 years, no connected IT system would survive this long without constant maintenance. Thing is, it is all but certain that there won't be security patches developed for that long.
With this in mind, buying a connected car is insane.
It' seems these "experts" have zero clue at all on how to build cars or how to secure a local network that is isolated from the internet.
Do not look at laser with remaining good eye.
We don't have any confidence they can either. And if they're not confident they can secure it, and we're not confident they can secure it .. how about we simply don't deploy the damned thing?
If everybody is rushing to roll out the awesome new digital infrastructure, and nobody believes it will be secure .. maybe it's not so fucking awesome?
We don't want a system which doesn't protect us from privacy and security breaches. So don't make one. Why is everybody in such a rush to deploy shitty technology all the time?
Sorry, but I don't want a car or anything else with a badly designed level of security which everybody knows is a badly designed layer of security. At that point it's more about marketing than it is technology.
Just say no. The world will survive without one more incompetently implemented piece of digital integration nobody really cares about.
Now get off my damned lawn.
Lost at C:>. Found at C.
input or output from any part of the system should conform to narrow parameters, or the entire communication is disregarded, and the fail safe implemented. so falling back to the fail safe should be frequent, not rare and alarming. it could be a hack, it could also just be network or equipment issues, either way
for example, the data: distance to car in front of you
the data should be of rigorously correct format, received in the correct and expected small time frame, and the source must be locked to certain trust indicators (which would be another entire laundry list of overlapping qualifications)
if there is any failure, no matter how slight, the data should be considered tainted and incorrect, and back up redundant systems (lidar, whatever) or even fail over to manual control should be implemented
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Buy used, or build your own, without any computer controlled systems. For the less paranoid closed systems with no way to upgrade the software can be used.
They have to leave back doors in, else how will the police track and potentially automatically stop your car?
Protecting cars from privacy breaches is, frankly, a secondary issue. There have been hacks demonstrating that an attacker can wirelessly take control of the car and interrupt the driver's control. This sort of hack certainly can be prevented-- by yanking any wireless connectivity, if nothing else.
If a car maker has cars that are not fully protected against that kind of attack, it should be illegal to drive those cars on public roads.
Slashdot experts are confident that driverless cars will never have crash. So it's all good.
The reason automakers can't build a secure system is that it costs money. And putting an expensive secure system on cars will raise prices. Of course, raising prices in a commodity market means you lose sales.
But here's the thing. If they keep making their systems hackable where people can get in from the internet to the car and actually take over control (instead of isolating the infotainment network from the critical command/control network, you're going to get into a situation where one or more cars are hacked and one or more passenger is injured or killed. That's when the lawsuits hit and that's when car companies will start addressing security. When it hits them in the profit margins.
I don't have confidence in most things anymore: federal government, personal responsibility, etc.
Just add this to the list.
"A plan fiendishly clever in its intricacies"- Homer Simpson
There is NO need whatsoever for anyone to be able to control the brakes, gas, etc. of a car that from outside the car.
The idea that they should is a poorly thought out concept.
excitingthingstodo.blogspot.com
There's nothing wrong or dangerous about cars and streets being networked.
The wrongness is that somebody wants cars to be doing stupid things in response to things it sees on the network. If "I want to do stupid things," is the whole reason you're considering networking the cars and streets, then of course the outlook is grim!
You can tell that stupid shit at least was (and probably still is) the primary goal, because of this:
That's in spite of the fact that all our experience with car manufacturers (seriously, is there even a singlecounter-example), is that their systems up to now have been made for the purpose of locking people into subscriptions. YOU KNOW that when you buy a new car, its computers are there to try to drain money from you, in exchange for pretty-damn-easy applications that ought to be commoditized-to-the-point-of-gratis by now.
This is garbage industry trying to get worse. It shouldn't be helped, and especially our own fucking government shouldn't be helping them in trying to defeat us.
Exactly no one wants to think of the negative use case scenarios and what the scale of those use case scenarios might mean to society.
The whole stampede towards IoT and internet on everything is driven purely by 1) multi-millionaire investors looking to be the next multi-billionaire and 2) people who are high on the curiosity / inventiveness scale but disastrously low on the harder-to-do societal implication / moral reasoning / counterfactual hypothesizing scales.
Q What if people don't use the technology in the way you intended? Answers:
A It's not my fault.
Q What ways might someone deploy this technology which could plausibly lead to a large-scale, high human tragedy disaster?
A. I don't think about that shit man, besides, people kill each other with shovels- do you want to control shovels too?
Q. With this technology, does the level of possible disaster scale linearly with the level of adoption by society ?
A. Fuck you man. If it was left to people like you, we'd still be sitting in the dark. "Oh, electricity, it looks so dangerous, just think what bad people could do with this. Better ban it! Someone get me a candle!
There is no specific gene for forward-thinking, defensive strategizing in the absence of a very well defined and concrete threat to the herd. Basically, it seems like a low-interest, highly speculative, low-value activity.
There IS a gene for taking parts which have different capabilities and creating cool composite new things with them that bring me abilities and extend my power over the world in some way !
There's also a lot of money to be made engaging with the second and, well, you'd have to pay people to engage in the first.
I think we can see where this is going.
but please, let my low score and follow on comments speak for themselves.
If your website is hacked we lose the website, if your car is hacked we could lose you or an innocent bystander or maybe just the car, It should be obvious which is a bigger cost by many orders of magnitude. If we lose the internet we have to go back to either paper distribution or one way broadcast of, information news and entertainment, and this will slow the whole economy down by a very significant amount break apart families stop high speed distribution of the result of medical diagnostics, again death and poverty. If we lose (or do not create) the networking capacity for cars (not the entertainment systems which are separate under any non stupid set-up) then we lose the ability to update the car software without opening the boot, and a few fractions of a percent more driving efficiency when on autopilot, which itself will get more expensive (or not get cheaper) I would be surprised if even the most ham-fisted ban had any noticable affect assuming there was a transition period.
TLDR: The costs and benefits are so different that even an idiot can see that your analogy fails
Expert: Combination of Ex (a has-been) and spurt (a drip under pressure).
That would be common sense, and I agree 100%. Under no circumstances should the critical systems of a motor vehicle be connected to the internet. Unfortunately, the verdict will be decided by money, not common sense. If there is more money to be made by exposing you to danger (probably by spying on you and selling your tracking history), then they will gladly expose you to danger.
// Hack this.
4e2b 171d 5734 67e3
f2b2 170b 7d26 aa6a
6a4e e665 0b9c ebf1
6953 dede 64e1 d3ee
c88d 59a0 43df 333b
a0cf 43e3 78eb 2658
b66d 5f81 baff 71f3
a3c8 eb9d 669b 52a5
Experts have no confidence that our possessions are accessible to thieves and vandals.
Let's go shopping!
If you think the govt is all up in your shit online because you might download some Disney movie illegally, just wait until you can crash cars via internet access.
Then you'll need a license to even USE the internet. Think that's far fetched? It's not. If we let the internet become a common vector of attack against just everything, then kiss even your pseudo-anonymity goodbye. They will pull your license to surf just like they can pull your driver's license.
We don't NEED IoT so let's not rush and build an insecure one. Security in IoT should be more or less impossible to break or tamper with and if we can't think of a way to achieve that yet, then let's wait until we can.
"Experts Have No Confidence That We Can Protect Cars and Streets From Hackers"
Neither.....Do....I...
That role would include setting security and privacy standards when V2I and V2V networks become operational.",
There's only one standard: "No security breaches."
We can follow that up with, "For each security breach, you pay a fine of X dollars, and a bounty to the discoverer."
That won't work perfectly, but it will work much much better than creating a list of coding standards. Create the incentive and people will find better ways to write good code than by following any silly 'standard.'
"First they came for the slanderers and i said nothing."
... already has a back door that the government, or crackers, can exploit :-(
Yes,well, let's all hope we understand where that leads us by now.
“He’s not deformed, he’s just drunk!”
Blu-Ray was hacked years ago. Decrypting them is trivial at best these days. WGA and secure boot can also easily be bypassed, as secure boot can be turned off on most devices. Forcing secure boot would end up a legal nightmare for MS as other OS's would also be excluded. That's why it's up to the manufacturer, and they too don't want the headache. The experts may be on crack, but you have no idea what your talking about. Anything can be hacked, it's just a matter of how long it takes. Sometimes it just isn't worth the hassle, so people don't bother, but that doesn't mean it can't be done.
you COULD dig some 60s Mopars out of the junkyard, and study them. they have excellent internal data security.
the other option... no wifi, no data connections from the sound system to the rest of the car, no wireless comms. the diagnostic connector must have rolling passwords, just like a garage door opener. no other entry points to the car network. and get rid of commercial OS and software, cars are a killing tool in all but a handful of modes, there should be a custom RTOS running the gizmos.
if this is supposed to be a new economy, how come they still want my old fashioned money?
The point of V2V is to force people to pay money to install and maintain useless systems for the purpose of assisting bulk electronic surveillance.
V2V has no compelling safety based use case anyone has ever been able to coherently explain.
Just look at their website they show a vehicle with a display showing the words "COLLISION ALERT".
Then we have classic V2V use case.. the pile up accident caused by an unbroken chain of idiots failing to maintain proper following distance. If the car in front of the car in front of you brakes then V2V will warn you to stop... really? I have a better idea... a sensor on the front of your own damn vehicle that warns YOU when you are being that tailgating idiot who spectacularly fails to maintain proper following distance or warns when you are not paying attention and are therefore about to crash. No V2V or RF transmissions required. Nothing to hack or secure.
In fact the supposed benefits (forward collision/emergency break,lane change/blindspot) don't require any vehicle to vehicle communications protocols of any kind. These features are already in production models currently on the road implemented with a few dollars worth of sensors. Cars will even panic brake for you now.
You forget, it's all pink on the inside.
We are all interested in the future, for that is where you and I are going to spend the rest of our lives.
We know that about 30,000 people are killed each year in the U.S. due to ordinary traffic accidents. Computer controlled vehicles will drastically decrease this in the coming years. We can't not afford to implement computer controlled vehicles. Why not have the NSA secure automated vehicle software. They would likely be ahead of the game on security vulnerabilities and are best positioned out of everyone to secure automated vehicles. Yes there is an issue with having the NSA track everyone's movements all the time. That is unfortunately happening to a lesser extent now with police license plate scanners.
Not enough of the masses have given a shit about the future which is why the JEW owns it now. Unless idiots get off their ass and stop the jew, the jew fraud 'government', their mass of 'tech' weapons, their scum chemtrails they are spraying us with, there will be NO future except for the millions of scum jews in the tribe and their chinese slaves. See 'jew weapon systems' post above, mass fact on jew fraud 'government', weapons systems, their mass murder history, links information -
The fact that the recent car software "algorithm" was not discovered, demonstrates that the auto industry do not thoroughly verify even the function of software via source code review. This indicates that in no way can I have confidence that security aspect is audited competently (if at all).
If the auto industry want to incorporate new technology, then they have to use it competently. I write automation systems in the oil and gas industry and the idea of combining the brake control system with the outside world makes my jaw drop. One day an accident will happen and regulation will catch up. Tis the way of the world...