Slashdot Mirror
FBI Warns That Car Hacking Is a Real Risk (wired.com)
An anonymous reader writes: The FBI and the U.S. National Highway Traffic Safety Administration are voicing their concerns about the potential risk of cars being hacked. In an advisory note, they urge the public to be aware of cyber-security threats revolving around connected vehicles. From the advisory, "Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience. Aftermarket devices are also providing consumers with new features to monitor the status of their vehicles. However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats." They are also advising drivers and manufacturers to ensure the vehicle software is up-to-date, and keeping an eye out for recalls.
The FBI is warning the public that it should take steps to protect itself from people breaking into computers? Isn't it in a legal battle with Apple because Apply is taking steps to protect consumers from people breaking into computers?
The FBI can't complain about security flaws while taking Apple to court to mandate broken security. It is disturbing that they can't see how broken their logic is.
From now on I'm only buying cars built in the 20th century.
The Moore-Murphy Law: The number of things that will go wrong will double every 2 years.
Yeah, it's pretty simple: don't get a car with OnStar (I think there's a competing service out there like this from one of the other makers), and don't pair your Bluetooth phone to the car. Viola! Your car is now immune to hacking.
If there's no way to actually communicate remotely with your car, then there's no way to hack it remotely.
It would be nice if the system architectures in cars were open and all their interfaces publicly documented, so we could see what attack vectors are possible. A well-architected system would have Bluetooth for internet connectivity to the infotainment/nav system (so you can do Android Auto, listen to Pandora, etc.), but would have extremely limited ability to write any data to any other modules on the vehicle data bus (just configuration settings really), and all those interfaces would be publicly documented and fully tested by independent security auditors.
Yes, here it is:
1.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Yeah, and next week the FBI will say they need to be able to remotely control/track our vehicles to be able to catch terrorists -> criminals -> tax evaders -> jaywalkers -> politically inconvenient people. It will be totally secure though, because only the FBI/Government will be able to do it, and it's completely legal because of 16th century English common law and they have secret court rulings we can't read to back them up.
All of my cars were made in the '90s. They all have electronic fuel injection, but none of them has a transceiver (other than the AM/FM radio). No need to go back to carburetors, unless you really want to for other reasons.
(And yes, I drive cars that old on purpose, because of this issue.)
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
I wouldn't be so sure about this... high line TPMS sensors can be commanded to report using a LF transmitter. This triggers the sensor to broadcast it's status, thereby allowing the capture of the sensor's serial number. Even low line sensors transmit every 5 to 10 minutes. With a little patience, one can copy and replay the TMPS sensor data... modify it to show low tire pressure and high temp, etc. and cause the console to show a tire flat condition. Admittedly a lame hack, but easy way to vex a particular driver. Now, admittedly I don't know if there is hack in the wild that lets you penetrate the TPMS, but since it has an antenna, and it has a connection to the car's CAN bus, it's possible, and it's likely that the gates are wide open somewhere, given the auto industry's aptitude for securing their products.
Which has more power: the hammer, or the anvil?
You say that like you're trying to make an Onion-style joke headline, but -- like the Onion often is -- it turns out to be more valid than you think.
However, I'd say the bigger threat in that case is copyright law and DRM, rather than the FBI.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Yeah, it's pretty simple: don't get a car with OnStar (I think there's a competing service out there like this from one of the other makers)
I'm afraid your information is out of date there. Maybe it's different where you are, but if you look through the web site of almost any mid-range or high-end brand here in the UK, connectivity features are all the rage and pretty much everyone now has them.
Audi has Audi Connect.
BMW has various features including Teleservices and Emergency Call.
Volvo has Sensus.
Ford has Ford SYNC.
And the list goes on. Some of these seem, at the moment, to be primarily about things like hooking in your phone, presumably so you can do exciting things like kill someone while distracted by your car awkwardly mispronouncing the e-mail you just received. A few, the Volvo Sensus for example, sound downright creepy to me in terms of auto-updating software in your vehicle without any user interaction.
And if you think every major car manufacturer and every major car insurer isn't eyeing up the possibilities of phoning home with driver performance data whether you like it or not, I know a prince in Nigeria who has a really great offer that might interest you.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
The FBI would like to have the keycodes to open every car in America. It stands to reason that terrorists are using cars to get around their bombing/gunfight missions. To screen for potential terrorists, the FBI will now use the All Writs Act to force all car manufacturers to give the FBI the key to every car sold.
Entia non sunt multiplicanda praeter necessitatem.
The only thing that can protect you from a bad guy with backdoor access to your secured system is a good guy with backdoor access.
No Mazdas do. That system is available for my car, but if you look closely at the site you'll find this nugget:
"MMS hardware must be purchased and installed in your vehicle."
The car, from the factory, does not have a cellular radio for this system to work. So to get MMS, you have to purchase the system and have it installed, which obviously includes a cellular radio. And of course, you have to pay a yearly fee for it to keep working.
Of course, there's no telling if it'll stay this way or if they'll forcibly include it on all new cars at some time in the future, but for now, you can safely buy a Mazda which doesn't have any kind of cellular radio pre-installed.
Dear FBI,
No shit.
Signed,
Everyone in the universe who's been paying attention
Just cruising through this digital world at 33 1/3 rpm...
Wasn't this in the news over a year ago. I though by now everyone knew this... I guess not the US Gov...much like the fact that you can do things... good and sometimes bad with computers.. this must be a recent and frighting revelation for them.
Do any of the three letter organizations really want secure systems? Or just ones that look secure but really have enough holes so that they can monitor the use?