Experts Have No Confidence That We Can Protect Cars and Streets From Hackers

Patrick O'Neill writes: Cars and streets are now connecting to the Internet for a long list of transportation and safety benefits but the new tech has drawbacks. Experts from government, industry, and academia say they have no confidence they'll develop a secure system that can protect users from tracking and privacy breaches. Their opinions were captured in a recent survey (PDF) from the Government Accountability Office. "The government is coordinating with the transportation industry on the Security Credential Management System (SCMS), a project to verify that basic road-safety messages come from authorized devices. ... At this point, it’s not clear who would even run such a system. Previous plans pointed toward car industry control, but the Transportation Department is now looking into playing 'a more active leadership role' for V2I as well as V2V (vehicle-to-vehicle) networks. That role would include setting security and privacy standards when V2I and V2V networks become operational."

RESTORE CONFIDENCE!

[TheRealHocusLocus]

Buy some new experts.

Really?

[koan]

So no matter what we are going to attach cars and the "street" to the Internet? That's a good idea?
And there is a serious question as to whether that control should be privatized?

Let me convey my feelings about that as one concerned citizen.

Never has it been more insulting, and dangerous, than to consider privatizing public utilities and assests, and thereby making people dependent on corporations to manage something we all use and need.
Privatization never turns out well for the end user, and no matter what you say about the government running things, it's a damn sight better than some corporation.

Re:Really?

[Penguinisto]

So no matter what we are going to attach cars and the "street" to the Internet? That's a good idea?

This is the crux of what I'm thinking. Then again, why is it such a good idea to hard-wire a car with network connectivity in the first place?

What I mean is, why not build something that you can plug a phone into and use the phone's connection (assuming you need 4G that damned badly in your car)? Rig the bluetooth in said car so that you have to specifically authorize a given phone, and you're done... Hell, my wife's 3-year-old Kia Soul does this.

This way you don't have the stupid planned obsolescence... in a friggin' *car*.

Re:Really?

[jellomizer]

Also if you are going to have internet access in your car, have it on a separate computer then what you are using for the core services, with the entertainment system.
You engine, steering, breaking, and lights should be on a separate computer without any form of wide area network. Just a plug for manual software updates.

Your other systems, that are not directly affecting your driving can be hooked up to the internet. Where hackers cannot harm the person.

Not everything needs to be hooked up to the internet.

Re:Really?

[RingDev]

This isn't about internet access.

Disclaimer: I work for a state DOT as a software development manager and I consult on systems that are impacted by these systems.

This is about V2V and V2I communications platforms. In the 2017 model year, all new vehicles will require V2V communication systems. And another ~5 years after that we'll likely see V2I requirements.

Currently, when you see those signs that say "X minutes to exit Y", they pull that data in one of a few ways:
1) Buy it from Google or other cell phone tracking companies
2) Use radar speed cameras to calculate the average speed and travel time
3) Use roadside Bluetooth detectors to identify specific vehicle travel times between two detectors
4) Magnetic loop vehicle counters and an algorithm to compare rate to volume and travel time.

V2V communication systems don't directly communicate with the infrastructure system. But similar to the Bluetooth detection system, we can identify that a specific car with a V2V system has passed a point, and then measure the travel time for it to reach the next meter point. Currently we capture ~2% of traffic using Bluetooth, with the new V2V system being mandated for 2017 and a ~5% annual fleet replacement rate, by 2018 we should over double our data collection.

There's nothing fancy there though. The detail data is only retained for the segment measurements, and since all we know is effectively a GUID, we can't identify specific people. But if you were to learn of a GUID associated with someone's vehicle or phone's Bluetooth, and you were to capture and store the meter data, you could, in theory, determine their travel habits across the specific place those meters are installed (pro-tip: there aren't many of them)

Where V2I starts getting really cool is when we can actually communicate with vehicles about the environment. For example, If you have a densely populated area with significant street parking (say like pretty much any down town metro in the country) as the street parking fills, you get more surface traffic of people looking for parking. At ~50% parking capacity roughly 80% of the traffic is searching for parking. V2I communication can cut that rate tremendously by informing vehicles of the closest available parking spots.

Another cool use that's already being done in Vegas is that the infrastructure can inform the car as to the optimum speed to travel at to hit all of the green lights.

Then you get into the really cool stuff, next gen and all that. Where a vehicle that has it's route information can report travel times for each road segment, and share this data between V2V and V2I, allowing the other vehicles and infrastructure perform vastly more efficient route planning, alleviating traffic jams, minimizing road surface damage, etc...

That data can also feed our construction plans giving us hard analytical data to determine where construction projects are needed. Where safety needs to be improved, where volume is changing rapidly. It can help plan lane closures and route plans for over sized-over weight vehicles. It can replace a ton of what is currently labor intensive and best-guess analysis with cold hard facts.

But it needs to be shepparded by people who are aware of the security impacts and unwilling to overstep bounds.

At one stakeholder meeting, a senior member of a policing branch of the state government asked if the system could be used to disable the vehicles of people who were driving recklessly. Or if they would be able to query the system to identify suspects in relation to a crime.

Some of the ops folks were really excited about the idea of identifying common traffic routes, to be able to see how individual drivers get from point A to point B.

But there were those of us in the group who were willing to say, no, killing someone's ignition at 90 mph is a bad idea. No, having a searchable database with PII is bad. No, showing full route information is a horrible intrusion in the drivers' privacy.

These are the battles that are being had, across the country, in your own Department of Transportation.

If you are concerned about it, contact your local DOT, that's where the magic is happening right now.

-Rick

Re:Really?

[kheldan]

So no matter what we are going to attach cars and the "street" to the Internet? That's a good idea?

Emphatically no, it's not, but that won't stop it from happening, any more than 'wireless charging' being a thing now couldn't be stopped from being marketed, despite the incredible inefficiency of it, or the 'internet of things' becoming a thing (and not being anything like secure, and why the hell, really, do you need your refrigerator connected to the gods-be-damned Internet anyway?), or 'The Cloud' being a thing, despite 'Cloud' providers deciding to go belly-up on you and leaving you high and dry and/or getting hacked for its' contents, etcetera, etcetera, etcetera.. people want the Internet in their cars, because cars, like cellphones have become, are now more of a lifestyle choice than they are what they used to be made to be (transportation!), so of course you have to have all the comforts of home in your gods-be-damned car; I'm just waiting for there to be a toilet built into the drivers' seat, and some sort of shower facilities and a way to store and cook food, so you never have to leave the car, ever, for any reason. Anyway, back in Less Sarcasm Land, people want their cars to have all this wireless connectivity, and since they're rushing to market with this stuff, of course it's going to be a major attack vector for the entire vehicle. To be fair though even what we assumed were the most secure systems connected to the Internet have been hacked, which just proves the obvious: Anything can be hacked into. It's just a matter of time. You want unimpeachable security? Don't connect it to the Internet, or have any sort of wireless connectivity in the first place. I drive a 2008 Toyota Tacoma pickup with a 5-speed stick shift, it doesn't have wireless anything, and so far as I know, short of someone having physical access to the CANBUS, it's not hackable, and I like it that way.

You want your vehicle to be unhackable? Then it needs a physical switch you can flip that kills power to any and all radio transceivers in the vehicle, and I don't mean a 'soft' switch that has to be acted upon by software, either. Short of that being available, find the antenna(s) for any radio transceivers, disconnect them, and connect the transceiver to a dummy load. That won't completely stop them, but at worst it'll reduce the range by which it can be accessed to a few feet.

Re:Really?

[edcheevy]

Thanks for the background info! I'm curious, do state DOTs do their own thing or are they like other agencies where the large states tend to force the standard? In other words, if we pressure California DOT to build these platforms responsibly, would that be felt elsewhere in the country as well?

Re:Really?

[RingDev]

To some extent. I'd have to dig through my notes to see who is further along than others. I know Vegas has some cool stuff in Nevada, Cali comes up in conversation thanks to silicon valley. So does Minnesota though, so it's not like it's locked up by the typical coastal players.

My state isn't on the cutting edge, but we are replacing some of our asset management software, which ties into traffic ops, so keeping an eye on which vendors are going to be able to leverage V2V and V2I communications is critical for us. Thanks to budget cuts from the Governor though, we don't have money to play around with future state stuff :(

-Rick

Car infotaiment systems are a trojan horse

[sinij]

Car infotainment systems are a Trojan horse by the car manufacturers in search of forced obsolescence.

Modern cars normally last 12-15 years, no connected IT system would survive this long without constant maintenance. Thing is, it is all but certain that there won't be security patches developed for that long.

With this in mind, buying a connected car is insane.

Re:Car infotaiment systems are a trojan horse

[sinij]

Lease payments will go up if resale value tanks due to obsolete security. For example, $30000 new car would cost $8000 as a 8 year old car. If it will only sell for scrap because of a remote steering and brakes hijack that 8 year old value is effectively $0. This will increase cost of ownership by average of $83/mo over these 8 years. This means that normal least payment of about $350/mo on a $30000 car is now almost $450/mo

That's OK ...

[gstoddart]

We don't have any confidence they can either. And if they're not confident they can secure it, and we're not confident they can secure it .. how about we simply don't deploy the damned thing?

If everybody is rushing to roll out the awesome new digital infrastructure, and nobody believes it will be secure .. maybe it's not so fucking awesome?

We don't want a system which doesn't protect us from privacy and security breaches. So don't make one. Why is everybody in such a rush to deploy shitty technology all the time?

Sorry, but I don't want a car or anything else with a badly designed level of security which everybody knows is a badly designed layer of security. At that point it's more about marketing than it is technology.

Just say no. The world will survive without one more incompetently implemented piece of digital integration nobody really cares about.

Now get off my damned lawn.

Re:Don't worry

[Mr+D+from+63]

The safest cars will be both driverless and riderless.

Go on...

[acoustix]

I don't have confidence in most things anymore: federal government, personal responsibility, etc.

Just add this to the list.

go retro

[swschrad]

you COULD dig some 60s Mopars out of the junkyard, and study them. they have excellent internal data security.

the other option... no wifi, no data connections from the sound system to the rest of the car, no wireless comms. the diagnostic connector must have rolling passwords, just like a garage door opener. no other entry points to the car network. and get rid of commercial OS and software, cars are a killing tool in all but a handful of modes, there should be a custom RTOS running the gizmos.