Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tesla Fixes Security Bugs After Claims of Model S Hack (reuters.com)

Posted by BeauHD on from the remote-control dept.

An anonymous reader quotes a report from Reuters: Tesla Motors Inc has rolled out a security patch for its electric cars after Chinese security researchers uncovered vulnerabilities they said allowed them to remotely attack a Tesla Model S sedan. The automaker said that it had patched the bugs in a statement to Reuters on Tuesday, a day after cybersecurity researchers with China'a Tencent Holdings Ltd disclosed their findings on their blog. Tesla said it was able to remedy the bugs uncovered by Tencent using an over-the-air fix to its vehicles, which saved customers the trouble of visiting dealers to obtain the update. Tencent's Keen Security Lab said on its blog that its researchers were able to remotely control some systems on the Tesla S in both driving and parking modes by exploiting the security bugs that were fixed by the automaker. The blog said that Tencent believed its researchers were the first to gain remote control of a Tesla vehicle by hacking into an onboard computer system known as a CAN bus. In a demonstration video, Tencent researchers remotely engaged the brake on a moving Tesla Model S, turned on its windshield wipers and opened the trunk. Tesla said it pushed out an over-the-air update to automatically update software on its vehicles within 10 days of learning about the bugs. It said the attack could only be triggered when a Tesla web browser was in use and the vehicle was close enough to a malicious Wi-Fi hotspot to connect to it. Slashdot reader weedjams adds some commentary: Does no one else think cars + computers + network connectivity = bad?

76 comments

  1. Turn off the wireless by Anonymous Coward · · Score: 1

    I disable Wi-Fi, Bluetooth, and location services on my phone when I'm not actively using them. Hopefully you can do the same for your car.

    1. Re:Turn off the wireless by Anonymous Coward · · Score: 1

      Good luck with that. When shopping around at a Jeep dealership I asked how to remove the SIM card from the mobile data connection used by Uconnect (as opposed to Uconnect Via Mobile on the cheaper models which uses the Buletooth internet gateway on your smartphone) and nobody would own up to knowing anything about it. That's fine, plead ignorant. I bought a car from a different manufacturer.

    2. Re:Turn off the wireless by Coren22 · · Score: 1

      You expect that a sales person even knows what a SIM card is or where it is located?

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  2. Cars? by ledow · · Score: 2

    "Does no one else think cars + computers + network connectivity = bad?"

    Does no one else think that phone + computer + network connectivity + radio connectivity + location sensing + chargeable services + .... + ... = bad?

    Apparently only a few.

    1. Re:Cars? by Anonymous Coward · · Score: 1

      Connecting two different systems that have no place in intercommunicating doesn't make sense.
      Attaching the wifi to the CAN bus is an awful idea. It borders on stupid.

    2. Re:Cars? by bozzy · · Score: 2

      They aren't necessarily intrinsically bad, per se. It's just that people either make mistakes (introduce bugs) or are malicious (abuse it). It's why we can't have nice things.

      --
      playmoney.me - The free alternative to paper board game play money
    3. Re:Cars? by rudy_wayne · · Score: 3, Insightful

      "Does no one else think cars + computers + network connectivity = bad?"

      Whether it's your car, television or phone, it's not bad if done properly. The problem is, nobody gives two shits about doing it properly.

    4. Re:Cars? by Anonymous Coward · · Score: 0

      Not nearly as bad as a hacked car which could potentially kill people either by disabling safety systems or causing the driver to get into an accident.

    5. Re:Cars? by pr0fessor · · Score: 1

      I think if you engaged the brake at the wrong time without warning it might be able to cause and accident

    6. Re:Cars? by Anonymous Coward · · Score: 0

      Does no one else think that airplanes with radio/network connectivity = bad? Does no one else think satellites orbiting Earth at 17,000mph with radio network connectivity = bad? Apparently only a few.

    7. Re:Cars? by fluffernutter · · Score: 1

      I'm just throwing this out there with admittedly not knowing, but I've always assumed radio connectivity in airplanes is informational and not actually able to control the plane in any possibly disastrous way.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    8. Re:Cars? by parkinglot777 · · Score: 1

      Does no one else think that airplanes with radio/network connectivity = bad? Does no one else think satellites orbiting Earth at 17,000mph with radio network connectivity = bad? Apparently only a few.

      I would ask if the control of an air plane can be controlled remotely like the car? If so, then it is bad. And if Tesla can update/patch their firmware of their car via Internet, then I am waiting to see some other vulnerabilities of the update/patch system they have in the future...

    9. Re:Cars? by fluffernutter · · Score: 1

      Even worse, if someone does do it properly customers will complain that it is inconvenient and probably not buy it.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    10. Re:Cars? by kelemvor4 · · Score: 1

      I'm just throwing this out there with admittedly not knowing, but I've always assumed radio connectivity in airplanes is informational and not actually able to control the plane in any possibly disastrous way.

      Boeing has had remote control capabilities since 2006. Airlines don't use it for fear of hacks. Source: http://www.dailymail.co.uk/new...

    11. Re:Cars? by Opportunist · · Score: 1

      If that borders on stupid, I have to ask from which side.

      CAN was never supposed to be a user space bus. When it was created, security was simply a non-issue because back then to get access to it, you'd pretty much have had to dismantle the whole car. Stealing it was heaps easier. And it's also not like with TCP where you can simply stack TLS on top of it, it doesn't work that way.

      Leave the CAN bus alone! And don't even get the idea to mix user space electronics, where the idiot on the wheel can plug his insecure junk in, with mission critical controls for steering, brakes, fuel ignition or driver safety!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    12. Re:Cars? by Anonymous Coward · · Score: 0

      There's a bit if a difference between a phone, which at worst can not work, track you and/or spy on you (all things which should of course be hardware limited) and a car that at worst can drive you into a wall or a crowded store at a hundred miles per hour. Any primary utilities control systems (car, furnace, fridge, power plant, etc) should be physically separated from any public internet. At most some monitoring hardware may be warranted, but through a one way data cable that physically can't transmit anything back to the utilities controller. In the example of a car there is no problem having an internet connected infotainment system, as long as there are no data connections between it and the cars driving systems. I suppose with Teslas vehicles this gets a bit murky since they like doing updates on the cars remotely (personally I'm of the mindset that my car should be done before it leaves the factory), but if they really feel it is necessary then it should be done through some kind of separate VPN hardware that acts as a gatekeeper between the network connection/infotainment system and the car systems.

    13. Re:Cars? by mspohr · · Score: 1

      cars + computers + network connectivity + bad security = bad
      You can't isolate yourself from the entire world. That's why we have locks on doors. Some people have strong locks, others don't need strong locks.
      Cars need strong locks. These security researchers did the right thing. They found a vulnerability, notified Tesla, and Tesla was able to fix it quickly and roll out the fix to its cars. That's the way it's supposed to work.
      All cars have a CAN bus which can control many things in the car. It needs a strong lock.

      --
      I don't read your sig. Why are you reading mine?
    14. Re:Cars? by sigmabody · · Score: 1

      This is only really bad if the remote connectivity portion is physically connected to the CAN bus, so as to affect vehicle control through remote commands, and be effectively impossible to secure well enough to prevent exploitation.

      ... except this is what every manufacturer does with their telematics systems, on purpose.

      I guess it's only monumentally stupid if you write the software such that it can rewrite it's firmware and whole control system via remote update.

      ... which is what Tesla does, for "customer convenience".

      Gosh, yeah, I guess this whole "remote connected car" thing is pretty monumentally idiotic. I wonder if there is some ulterior motive for the government to push such an obviously stupid system, which allows someone with access to completely remote control a vehicle with no trace of evidence or accountability...

      ... oh, wait, never mind, nothing to see here.

  3. Over the air updates for infotainment only! by Anonymous Coward · · Score: 0

    All of the systems (control, indication, locks/windows, climate control, infotainment, etc.) on any car should be separate and independent of each other. Also no safety critical system should have an transceiver with an antenna attached to it. Restrict over the air updates to non-safety critical systems and you will give the car a level of security similar to older cars.

  4. bad? by Anonymous Coward · · Score: 0

    > Does no one else think cars + computers + network connectivity = bad?

    If modern society has taught us anything, it's that NOBODY CARES if it's "bad" or not. Certainly your psychopathic corporate overlords don't care.

    Closing the barn door after the horse ran away because the barn was fully engulfed and about to collapse is the main MO of humanity.

    1. Re:bad? by SirSlud · · Score: 1

      If you ask the "right" people, apparently the barn has been "fully engulfed and about to collapse" for thousands of years now. Shit happens, we fix the shit, and try to get it as right going forward as is reasonably possible. The way people talk, it's like some kind of massive collective failure that will bring about the end of days *any day now* that humans are not perfect.

      --
      "Old man yells at systemd"
  5. Better equation by gachunt · · Score: 1

    "Does no one else think cars + computers + network connectivity = bad?"

    Nope. Tesla was able to patch all their cars quickly, without asking drivers to come in to get serviced.

    That's a net gain of: thousands of kms saved + time saved + less cars on road = good

    A worse equation is that Tesla is working to eliminate:

    Cars + humans + driving + distraction( texting | eating | doing makeup ) = bad

    1. Re:Better equation by Anonymous Coward · · Score: 0

      However their technique for changing that equation is fairly self-defeating. Instead of getting the autopilot on a majority of vehicles before using it to kill off inattentive drivers, they started crashing into trucks when the adoption rate was globally insignificant.

      By showing their cards too early, people are less prone to blindly trust the autopilot, which results in more bad drivers still surviving.

    2. Re:Better equation by Fire_Wraith · · Score: 1

      A better comparison would be what the situation would be like if the cars didn't have easy network connectivity that allowed OTA patches. You'd have to bring them in to a service center to get patched. How many people would do it right away? How many would just be lazy and not bother at all?

      There's certainly something to be said for having an air gap, but even air gaps aren't foolproof, and they're becoming increasingly unrealistic in the world of interconnected systems we live in.

    3. Re:Better equation by fluffernutter · · Score: 1

      Tesla was able to patch all their cars quickly

      Have you ever heard of a zero-day exploit?

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    4. Re:Better equation by goose-incarnated · · Score: 1

      "Does no one else think cars + computers + network connectivity = bad?" Nope. Tesla was able to patch all their cars quickly, without asking drivers to come in to get serviced.

      ???

      The patch would not have been needed had the connectivity not existed.

      "Luckily, this problem that would not have existed without network connectivity was solved by using the network connectivity." Circular reasoning at its finest, folks. There would have been no patch if there was no network connectivity.

      --
      I'm a minority race. Save your vitriol for white people.
    5. Re:Better equation by FrankHaynes · · Score: 1

      If the automobiles didn't have easy network connectivity, they couldn't be compromised so readily be bad actors.

      I'm buying a new car soon and I have resolved not to buy one that doesn't allow me to disable any built-in radios immediately.

      --
      slashdot: A failed experiment.
    6. Re:Better equation by fluffernutter · · Score: 1

      If your car isn't connected to anything and it is working properly, why would you need patches?

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    7. Re:Better equation by cbiltcliffe · · Score: 1

      "Does no one else think cars + computers + network connectivity = bad?"

      Nope. Tesla was able to patch all their cars quickly, without asking drivers to come in to get serviced.

        That's a net gain of: thousands of kms saved + time saved + less cars on road = good

       

      You're making the assumption that only legitimate researchers who follow proper notification procedures are looking for this stuff. Hackers looking to take advantage of it are looking, too, but they won't tell Tesla (or whatever relevant manufacturer) if they find anything.
      What happens if some genius security researcher with a mental instability (we know they exist) gets recruited by Daesh, and figures out how to lock up the brakes on every Tesla that's travelling faster than 50 mph with a GPS location that puts it on a freeway? Do you really think "Well, Tesla would have been able to update the firmware over the air to prevent it, if only those miserable hackers had told them about it instead of causing thousands of car crashes around the world," is going to be comforting to anybody who's been run over by a transport truck as a result?

      I know, the chances of the incompetent twits that comprise Daesh actually accomplishing anything like this are slim to none, but there are smart hacker groups out there looking at this, and how much do you think Putin would pay to see a whole bunch of high end American cars cause huge amounts of chaos on American roads where thousands of cars (or more) get in pileups on the freeways across the country within a span of 5 minutes?

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    8. Re:Better equation by cbiltcliffe · · Score: 1

      Your tagline: "-- space for rent"

      Is it referring to space in the GPs head? Or are you simply selling advertising in your sig?

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    9. Re:Better equation by lhowaf · · Score: 1

      Why not do the updates through the charging cable/station? That way, at least you know the vehicle isn't in use. If the vehicle is in use, it won't be long before it is connected again.

  6. Re:Let me know by Maritz · · Score: 5, Funny

    I think they've been on lithium ion for a while now.

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  7. Connectng by fluffernutter · · Score: 3, Informative

    Connecting a car to anything is just stupid and reckless. It will be a constant battle with hackers. All AI should be on board.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    1. Re:Connectng by TFlan91 · · Score: 1

      I disagree with your first half, but agree with the latter.

      I would like my devices to be able to easily download patches, whether they be security or new features. I don't want to have to go to a dealer ship to get a critical patch and then be talked about 10 other things I could pay for to have done.

    2. Re:Connectng by fluffernutter · · Score: 1

      The problem with that is, if Tesla can send you patches so can hackers. I'm pretty sure you wouldn't want hackers sending you patches. Security is inconvenient by necessity.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    3. Re:Connectng by Anonymous Coward · · Score: 0

      Try using speech to text without an internet connection. It sucks. A lot of good machine learning techniques work best with large amounts of data. Sure, the AI needs to degrade smoothly with loss of connectivity, that's a given. But, no connectivity means inferior algorithms.

    4. Re:Connectng by fluffernutter · · Score: 1

      You're just adding fuel to my fire, considering I've long been arguing that automation isn't mature enough to use yet.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    5. Re:Connectng by Anonymous Coward · · Score: 0

      Ever heard of encryption and signing?

    6. Re:Connectng by fluffernutter · · Score: 1

      Yes, because encryption never breaks.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    7. Re:Connectng by SirSlud · · Score: 1

      Your front door can be broken into. Yet you still lock it, because doors are useful and the pragmatic likelihood that somebody will break down your door is a lot lower than somebody walking into it unlocked. The real question I have to wonder if what do hackers have to gain from hacking a car? If the barrier to entry is high enough, there are plenty of easier ways of causing people harm, stealing the car, or whatever other police-procedural fantasy crime you can think of.

      --
      "Old man yells at systemd"
    8. Re:Connectng by fluffernutter · · Score: 1

      What do people have to gain by dropping rocks off of overpasses? A lot of people just like the thrill of it. Also hackers like the challenge. If my house gets broken into, as much it would suck, my house insurance covers it and they are just things. If a car gets hacked and kills people, they aren't coming back so it is a bit more important for a car to be totally secure.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    9. Re:Connectng by Anonymous Coward · · Score: 0

      What do people have to gain by dropping rocks off of overpasses? A lot of people just like the thrill of it.

      And... this is why we should bring back whipping in the public square. Enjoy the thrill!

      If a car gets hacked and kills people, they aren't coming back so it is a bit more important for a car to be totally secure.

      Cars are not totally secure. They never have been. They never will be. You are applying an unreasonable standard.

    10. Re:Connectng by fluffernutter · · Score: 1

      Explain how a person hacks a car remotely if it is not network connected please. There is a world of difference between being present at the vehicle and not.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    11. Re:Connectng by Anonymous Coward · · Score: 0

      so because cars aren't perfectly secure, you think the answer is to make them dramatically less secure?

      WTF?

  8. Not even remotely as dangerous as the Jeep hack by Anonymous Coward · · Score: 0

    In real life this would not work on a moving car like hacks in the past for other vehicles, as you'd actually need to both be using the web browser and connecting to a malicious wifi. I mean, even if somebody is following you with a wifi hotspot, you'd still need to choose to connect to it and browse.
    It is disappointing that they could jump from the web browser to other systems, but at least the over the air updates make such vulnerabilities (which exist and will exist in all our future devices as the trend is to make them "smart") easy to address.

  9. Title wording by campuscodi · · Score: 1

    "Claims of Model S Hack"
    It's not a claim Reuters!!! The researchers reported the issues to Tesla, who fixed them. Tesla fixed them BECAUSE the hack worked. It's not a claim at all.

  10. Computers and networks in cars are fine by sjbe · · Score: 2

    Does no one else think cars + computers + network connectivity = bad?

    In principle no I do not. Cars have been loaded with computers for quite some time now for all sorts of good reasons. You just don't usually notice them - which is a good thing. As for network connectivity that is fine too. There are all sorts of useful things you can do with network access. Are there downsides? Sure, just like any technology. I haven't seen any showstoppers however. Just problems that will take some time to work through. I think the auto companies are going to struggle for a while to learn to deal with the security issues because they have no experience with them but they'll figure it out eventually. There also are some privacy issues but those too will eventually be sorted out to a reasonable degree.

    Actually I think cars without computers are a much worse idea in most cases. Worse performance, worse fuel economy, more dangerous, less features, more maintenance, etc. I'm old enough to remember when cars mostly didn't have computers in them. They're better with computers.

    1. Re:Computers and networks in cars are fine by HBI · · Score: 1

      The computer thing is a red herring. There have been computers in cars since at least the early 1990s.

      The question, put more precisely here is: why does a car need to be on a packet switched network?

      I can come up with lots of reasons for cars to send packets out. Telemetry data comes to mind here, though why the owner would want this is less clear. I'm sure the car company is interested.

      But why does a car need to respond to incoming packets? I can only think of reasons that the owner would find either benign - or inimical. The benign reasons are receiving map updates and system updates. Remote shutdown of the vehicle is amongst the inimical reasons.

      The conclusion I come to is that as a convenience factor for the company, it's easier to have it on a network. However, it opens up a huge attack surface. Overall, it appears not to be much of a benefit to the owner of the car, as the owner could accomplish the noted updating tasks using a USB drive, and any required vehicle telemetry could be cached on-vehicle and retrieved manually as required.

      --
      HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
    2. Re:Computers and networks in cars are fine by CastrTroy · · Score: 1

      The auto company doesn't have to do anything to make networked cars more secure except hire people already knowledgeable in the field computer systems design and security. And actually listen to what they are telling you to do. Putting a computer on a car is no different than putting a computer in any other situation that we've been doing for years. We already know how to make computers secure.

      It's fine to have a bluetooth radio. But the radio should not be in any way hooked up to the core systems of the car that control the engine and brakes. You can have remote door locks, but it should be much more robust, using some kind of challenge-response type encryption based technology instead of just sending the same signal over the air every time you want to unlock the car.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    3. Re:Computers and networks in cars are fine by fluffernutter · · Score: 1

      Here's the problem.. What if these experts tell Tesla what they should, that the only secure way of doing it is to connect physically? Tesla is just gong to send them away because they know customers will complain about that, and Autopilot probably doesn't work at all without it.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    4. Re:Computers and networks in cars are fine by Anonymous Coward · · Score: 1

      I routinely see cars from the 30s, 40s, 50s, and 60s on the road. Some of them never restored, but still running.

      When was the last time you saw a car from the 80s on the road? 80s cars, with computers especially, are unmaintainable, unreliable, and are just junk. Late 90s started getting reasonable, but I still think they are unmaintainable. When an eprom goes out what do you do with an antique car? Replace entire engine or transmission because a $2 part went bad that you can't possibly get a replacement for (unless you get lucky in a scrap yard). Tesla cars in 20 years will be FAR worse in this regard.

      Go ahead and say all the things that are better, but maintainability is not one of them. Long term reliability is not one of them.

    5. Re:Computers and networks in cars are fine by fluffernutter · · Score: 1

      This is a big reason why I think most people will not get their hands on automated vehicles. They will be expensive from the factory, and junk by the time they would be sold used. Every vehicle I have had in the last 20 years has had some sort of electrical glitch. Electronics and weather cycles just don't mix.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    6. Re:Computers and networks in cars are fine by krray · · Score: 1

      In principle I agree with you, but...

      Computers + cars, as you've said, is a wonderful thing.
      I personally chose my [used] car based on the LACK OF network connectivity (before it was a known issue).

      I liked the Chrysler 300 w/ uConnect. So I bought one -- specifically 2012. I wasn't considering any 2013 or later as it was mid-way through 2013 that they added Internet capabilities to uConnect. I wasn't going to muck around trying to figure out when the car I wanted was manufactured during the year -- I just decided to only look at and consider 2012 or before.

      We all see how well that played out (w/ Jeep). The exact same system / setup is in the Jeep...

    7. Re:Computers and networks in cars are fine by RivenAleem · · Score: 1

      For a long time you could simply perforate the brake-line and let the fluid drain. This could be used to cause a crash. Where were the articles about car security then? No matter what we put into cars, there will always be some way for a malicious actor to take advantage of some design flaw to put someone in danger. However, the risk is relatively small, while the reward is great.

  11. Coming from Detroit by Anonymous Coward · · Score: 0

    The blog said that Tencent believed its researchers were the first to gain remote control of a Tesla vehicle by hacking into an onboard computer system known as a CAN bus

    Ahahaha. That sounds like something from CSI. The computer is known as a "CAN bus?" Come on, guys. A college student in CS would catch that mistake. Obviously there are MANY computers connected by the CAN bus. There is no security on the CAN communications of any modern vehicles that I know of. Any person connected to the bus can masquerade as anyone else.

    1. Re:Coming from Detroit by Ungrounded+Lightning · · Score: 1

      There is no security on the CAN communications of any modern vehicles that I know of. Any person connected to the bus can masquerade as anyone else.

      That's why Tesla has several layers of bus, with firewalls between them, inside each car.

      Get on one of the buses, you get to tweak the stuff on THAT bus. But you have to convince a firewall you're cool (i.e. doing something the firewall recognizes as legitimate) before it forwards your transaction to anything on even an adjacent bus.

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  12. They aren't?! by Anonymous Coward · · Score: 0

    This is like saying scattering poison is not intrinsically bad because you only die if it gets in your food. The spread of combinations that only work if everyone is nice and no one is dangerously incompetent, and make things worse if anyone is, is intrinsically bad . Even in the absence of criminals wi-fi updated items that can kill if mishandled adds a certain power multiplier to any management stupidity in the company that makes them.

    1. Re:They aren't?! by fluffernutter · · Score: 2

      This goes directly against the whole Autopilot philosophy. In your example, people are expected to be capable of using poison properly and responsibly. If you spread it around and someone doesn't use it properly, well, it's not your fault. Didn't you read the small sign in the corner of the yard? What makes it more interesting is that automation is being pushed on the premise that humans aren't perfect, yet expect perfection from them in other ways? It's a strange way of thinking.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  13. Next Headline by Anonymous Coward · · Score: 0

    Hackers take control of Model S after claim of Security Bug fixes.

    1. Re:Next Headline by fluffernutter · · Score: 1

      There are probably hackers reading about this and thinking, "Challenge accepted!".

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    2. Re:Next Headline by krray · · Score: 1

      Correct. :*)

  14. it's not bad if done properly, but can it? by Anonymous Coward · · Score: 0

    Perfect security is not possible, what level of risk counts as "done properly"? This is critical for devises that could be transformed into killing machines, or used to destroy critical parts of the road network, just by a software update. is the level of cost needed to reach that level of security even within reach of the car companies, or governments for that matter?

  15. Why a network? Plenty of reasons by sjbe · · Score: 1

    The question, put more precisely here is: why does a car need to be on a packet switched network?

    Lots of reasons. Map updates, traffic updates, relaying location, weather updates, infotainment, concierge services, updates to car features, etc. The list is almost endless if one thinks about it.

    The conclusion I come to is that as a convenience factor for the company, it's easier to have it on a network.

    It's not just a convenience for the car company though that is a real factor. It's also a convenience for the car owner. If there is a recall on something software related (which happens a lot these days) it is MUCH more convenient for the car owner to not have to waste a substantial portion of the day scheduling time at a repair facility to have the problem fixed or the update applied. It's also much easier to receive a lot of useful updates (maps, traffic, weather, etc) via a network and in time I think there will be some interesting safety features relating to how cars talk to each other to avoid accidents and minimize traffic delays.

    However, it opens up a huge attack surface.

    Yes it does and I discussed this somewhat in the post you responded to. There are well understood ways to mitigate the attack surface problem. One thing that will be key is keeping certain operational features (access, ignition, etc) separate from non-safety and physical security features. I think there will be some hard lessons learned in regards to this...

    Overall, it appears not to be much of a benefit to the owner of the car, as the owner could accomplish the noted updating tasks using a USB drive, and any required vehicle telemetry could be cached on-vehicle and retrieved manually as required.

    Disagree. I see all kinds of utility in having a car that has two way communication. There are risks of course but they are reasonably well understood risks. In any case I see it as a moot discussion. Cars are going to get networks and it's something we should figure out how to do in the best way possible starting today.

  16. Re:Why a network? Plenty of reasons by fluffernutter · · Score: 1

    Lots of reasons. Map updates, traffic updates, relaying location, weather updates, infotainment, concierge services, updates to car features, etc. The list is almost endless if one thinks about it.

    So lets not put any of those things in a car. That's what tablets and phones are for.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  17. Networking not automation by Anonymous Coward · · Score: 0

    If you don't network you don't get security problems, autopilot and networked self-reprogramming autopilot are not the same thing.
    The point about poison was that complaints about whether something is or in this case is not intrinsically bad outside of context are meaningless, poison is intrinsically bad as food but not as a killing tool for vermin.

    Over the air updates are a danger, in the absence of criminals, as they encourage changes in a context where it makes seance to be very change adverse, due to the consequences of even a minor flaw, and that they make slow changes instantaneous. if you do not think it is possible for this to cause harm then imagine even the smallest repeat of the sort of flaws caused by windows 10 updates applied on a high speed road network, while bearing in mind the sort of miss-aimed management pressure that the resent emissions scandal revealed and its affects on responsible behaviour.

  18. or your car is old to get that update buy new car by Joe_Dragon · · Score: 1

    or your car is 1 year old to get that update to auto drive 1.5 buy A NEW CAR! or pay $2500 + labor to install an new CPU unit.

  19. Re:Let me know by Anonymous Coward · · Score: 1

    I think that AC may have stopped taking his lithium for too long

  20. Re:or your car is old to get that update buy new c by fluffernutter · · Score: 1

    If you didn't like the way the car worked, you shouldn't have bought it.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  21. WTF? by GrumpySteen · · Score: 1

    Slashdot reader weedjams adds some commentary

    Really? Linking tangentially related articles at the end of the summary wasn't retarded enough? Now we're just adding random comments?

  22. Related by ThatsNotPudding · · Score: 1

    Most folks are still in love with Tesla, but I have to wonder if they're going to be any different than John Deere and Case - New Holland:
    "You are only given the privilege to pay the massive price tag, but you are FORBIDDEN to work on it. Bring it to us, along with your nose to pay thru."

  23. Network by mjperson · · Score: 1

    >Does no one else think cars + computers + network connectivity = bad?

    Not half as bad a wireless pacemakers.

  24. Shocked by Anonymous Coward · · Score: 0

    How come people are shocked that it was possible to get from the internet to the control system of the car. How else have they been doing OTA firmware updates to implement new driverless features? I mean it's true. I mean they could have a separate computer inside the car that gets uploads of signed OTA firmware updates -- rejecting/alarming on any non signed files or out of bounds sFTP commands.

  25. CAN bus still around? Damn... by EndlessNameless · · Score: 1

    The CAN bus was developed decades ago when cars first got electronics.

    It has no appreciable security standards. The devices on the bus can implement their own security features, but that becomes a problem when you want to include components from various vendors. Most of them never even thought of security.

    The only security was physical security, and that vanished as soon as the wifi connected.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  26. p = m * v; Geeee's! by Anonymous Coward · · Score: 0

    > Does no one else think cars + computers + network connectivity = bad?

    Does no one else think humans + metal + high speed = bad?

    1. Re:p = m * v; Geeee's! by Anonymous Coward · · Score: 0

      that a fly?
      - Geeeeee's!