Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Unveil Rule Requiring Cars To 'Talk' To Each Other (thehill.com)

Posted by BeauHD on from the smile-and-wave dept.

An anonymous reader quotes a report from The Hill: The Obama administration released a long-awaited rule on Tuesday requiring all new vehicles to have communication technology that allows them to "talk" to each another, which officials say could prevent tens of thousands of crashes each year. The proposal calls for all new light-duty cars and trucks to eventually be equipped with vehicle-to-vehicle (V2V) technology, a safety system that enables cars to send wireless signals to each other, anticipate each other's moves and thus avoid crashes. The rule would require 100 percent of new vehicle fleets to have V2V technology within four years of the final rule's enactment. The proposal will be open for public comment for 90 days. The connected vehicle rule builds on previous work by the outgoing administration to accelerate the deployment of innovative safety technology. The Department of Transportation released the first-ever federal guidelines for driverless cars in September. "We are carrying the ball as far as we can to realize the potential of transportation technology to save lives," said Transportation Secretary Anthony Foxx. "This long-promised V2V rule is the next step in that progression. Once deployed, V2V will provide 360-degree situational awareness on the road and will help us enhance vehicle safety." Officials say V2V has the potential to mitigate 80 percent of non-impaired crashes and can interact with other crash avoidance systems, like automatic braking. V2V uses dedicated short-range radio communications to exchange messages about a car's speed, direction and location. The system uses that information from other vehicles to identify potentials risks and warn its driver. A pair of Democratic senators called on the agency to ensure that vehicles have "robust" cybersecurity and privacy protections in place before automakers deploy V2V.

27 of 292 comments (clear)

  1. Alterterior Motives... by pellik · · Score: 5, Informative

    Let's attach a unique ID transmitter to every car in America!

    1. Re:Alterterior Motives... by Lab+Rat+Jason · · Score: 3, Insightful

      Exactly... this is the part that worries me... they talk about 128 bit encryption and all that jazz, but this isn't a negotiated connection people... it's transmitting your telemetry in the blind, hoping that others will act on it. As such, everyone will be using the same encryption key, which will make it trivial for someone to transmit false information. There are literally dozens of ways I can think to abuse this capability for fun and profit.

      The other issue is this: The expected range these operate at is defined by the size and quality of the antennas they intend to use, but with improved listening capability the range is much further. They claim to not transmit any specific identifying information, but if it broadcasts 10x/second, then it's pretty trivial to follow if you can receive real time. Imagine how easily you can tail a car now that you can stay out of visual range and still know exactly where they are? Tell me the police won't want that capability.

      --
      Which has more power: the hammer, or the anvil?
    2. Re:Alterterior Motives... by Ungrounded+Lightning · · Score: 2

      Bluetooth does that already

      WiFi does.

      Bluetooth (at least "Bluetooth smart" / Bluetooth Low Energy (BLE)) recognized that problem and lets a device use either the IEEE MAC unique-per-device address or one of three others. In bluetooth-ese:
        - "public": MAC address
        - "private static": 46 bit random number (stable between chip reboots but may change on reboot) Much like a MAC but you don't have to buy it from IEEE and can expect a collision in a random group of more than forty million devices or so.
        - "private non-resolvable": 46-bit random number that changes every few minutes or so (when the device isn't participating in a connection). You have to connect to it and handshake with it to figure out if it's the one you want.
        - "private resolvable": 22-bit random number that changes every few minutes or so, plus a 24-bit cryptographic hash of it using a key that is the device's identity. If the partner knows the key it can check if the device it hears is the one it's looking for by hashing the random number with the key and checking it against the hash. False negatives not possible but false-positives are, so repeat after a change or two to be sure.

      The non-static private addressing modes make it hard to keep track of a particular tag for more than a couple minutes, unless you're connected (thus exposing yourself) or otherwise in-the-know about its keying secrets.

      = = = =

      But I'll bet $5, sight-unseen, that the government's spec (like the one for tire-pressure monitors) involves a unique identifier that can be tracked by roadside radio devices.

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    3. Re:Alterterior Motives... by vtcodger · · Score: 5, Insightful

      It IS a good thing. Not the unique ID part which is a bit scary. But cars communicating their intentions to each other. It should make roads considerably safer. HOWEVER, I suspect that implementing it is not as easy as it sounds.

      It's the corner of 1st and Main in most any big US city. Or its foreign equivalent. And there are maybe 200 cars, buses, trucks, carts, mopeds, bicycles, horsecarts, etc, etc,etc in the area. And they are all squawking endlessly something like "Hi, I'm a mostly blue 2031 VW Hedgehog at latitude xx.xxxx,longitude yyy.yyyy proceeding NorthEast toward an intersection where I plan to turn left. If you need to talk to me, my friends call me $%34XQC1" And the vehicles are all using the same RF frequency band. And there are three other blue 2031 Hedgehogs in the area. And two 2032s which are visually identical except for the shape of the passenger side mirror. And, thanks to multipath GPS reception, most of the vehicles are a bit uncertain about the last three digits of their coordinates. And half those who aren't uncertain should be. And maybe it's raining. Or snowing. And there's an ambulance or fire engine that's trying to get vehicles out of its way.

      Just exactly how does this nifty vehicle communication scheme sort all that out?

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
    4. Re:Alterterior Motives... by rtb61 · · Score: 3, Insightful

      Two words is no where near enough in this case. The whole idea is icredibly dangerously insane stupid, it's like what the fuck, Which shit head lobbyist managed to get this idea pushed through so their pet caimpagn contributor could believe they would make billions upon billions of dollars, fucking morons. This system is one hundred percent hackable right from the get go, seriously, it's design function is inherently hackable, it is designed to be hacked, at it's core. How, so fucking easy, just put those communications devices in all sorts of places with set transmissions, indicate of false current state for imaginary vehicle to induce dangerous evasive action in other vehicle which will trigger a real accident based up avoided the greater imaginary risk and there is nothing what so ever you can do to stop it. Absolutely fucking nuts.

      --
      Chaos - everything, everywhere, everywhen
    5. Re:Alterterior Motives... by Pseudonym · · Score: 4, Funny

      "Hi, I'm a mostly blue 2031 VW Hedgehog at latitude xx.xxxx,longitude yyy.yyyy proceeding NorthEast toward an intersection where I plan to turn left. If you need to talk to me, my friends call me $%34XQC1"

      It's an older code, sir, but it checks out.

      --
      sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
    6. Re:Alterterior Motives... by Sarten-X · · Score: 4, Insightful

      Your colorfully-worded argument has convinced me that you have absolutely no idea what you're talking about.

      Essentially, you argument is that the system can be used to tell vehicles false information. However, that's entirely possible today with the existing information systems. You can turn your blinker on without turning. You can randomly apply the brakes and slow down. You can weave through traffic, and disobey lane markings.

      No, V2V is not going to replace common sense, or the algorithms in self-driving vehicles. If a car announces a planned path, it's not going to be trusted outright. Rather, it will be corroborated with reports from the receiving vehicle's sensor suite, other vehicles, and even fixed landmarks.

      To illustrate, let's consider some example scenarios, where I will play the bad guy, with a significant technical ability, no morality whatsoever, and a strong desire to keep noisy traffic off of my quiet little street. For ease, we'll assume no functioning cryptography, focusing only on algorithmic security.

      It would be pretty easy for me to make a little beacon to announce that my road's under construction. However, with no construction cones nearby, no proper roadsigns, and no road crew, vehicles would have little reason to trust my beacon. They might put a little more weight into their road sensors looking for potholes, but that's about the extent of my influence. Of course, I could post some fake construction signs, but that's illegal under current law, and the only difference is that I would be adding a radio announcing to the police that I've put up fake signs.

      Let's get a little more malicious. I could spoof two vehicle transmitters, announcing an accident. Surely, traffic will route around it for a while, but eventually something will come down my road anyway, and notice that my transmitters' announced locations don't actually correspond to vehicles. In fact, it sees the road is clear, and announces that observation on the network. That causes another vehicle (which would really prefer my road anyway) to try driving past, and it corroborates the report, announcing that my transmitters are liars. Their spoofed vehicle IDs, then get flagged as fraudulent, and I have police coming to my door.

      If I'm going to end up with a visit from the police eventually, I can at least make it interesting, and get the FCC involved. I can just jam all V2V traffic in my area, making my road an unknown compared to the safer routes around me. That may work for a while, but it doesn't deter any traffic that would have normally gone down my road. Without V2V communication, the vehicles fall back to their normal radar and vision sensors.

      Now let's suppose I get really angry, and head out on the highway to wreak havoc. I can announce that I'm moving perfectly fine, going straight ahead. I can announce that my brakes are in great condition, that I have a full sensor suite, and all my data is trustworthy. I can announce a few spoofed vehicles just out of sight that trust my data. Everything says it's safe to come close to me, and nothing will go wrong... until I slam on my brakes. Then, the car behind me slams on his brakes automatically, because it rightly knows not to absolutely trust anything coming from V2V, and it's still watching my car with forward sensors. It also announces to the network that we're stopping, so all the cars for a mile behind me brake, too, and the ones that can shift lanes will escape. Even if there is a collision, the damage will be minimized by the slower speed and rapid self-preserving coordination. The flood of messages about the delays will be weighed more heavily than my fake announcement of clear conditions, so the affected lane will be avoided, and vehicles will move away as they're able. I've disrupted a few folks' smooth sailing, but it's not catastrophic.

      No, the system isn't perfect, and it's not designed to require perfection. The people actually doing V2V work are well aware of the limitations of network communications, and are designing systems to work around malicious actors. In the worst cases, it's still better than human drivers or isolated automatons, so it's still a net benefit.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    7. Re:Alterterior Motives... by Sarten-X · · Score: 2

      Exactly... this is the part that worries me... they talk about 128 bit encryption and all that jazz, but this isn't a negotiated connection people...

      Eh, sort of... There are parts that are broadcasts, and parts that are connections. It gets complicated.

      it's transmitting your telemetry in the blind, hoping that others will act on it.

      Wait, no, stop. Let's clear this up right now: The transmitter doesn't care what you do with the information. It has absolutely no benefit solely from transmitting, which is why the government is stepping in to say "transmit, dammit!" Unfortunately, that invisible hand of the free market works against us here.

      Rather, the V2V transmission is advisory, providing other vehicles the option to act on the provided information. That is one more option than we have now with non-transmitting vehicles, but like any other option, it will be validated and weighed against the other navigation options.

      As such, everyone will be using the same encryption key, which will make it trivial for someone to transmit false information.

      Not really. I'm not terribly familiar with the crypto for V2V, but it's pretty trivial to make a suitable encryption system. We need nonrepudiation (showing that a particular transmitter said a particular thing), authentication (showing that a particular message comes from a trusted source), and integrity checking (showing that a message was not altered). As noted by another commenter, PKI can provide all of those things. Essentially, each vehicle broadcasts beacons with its own decryption key, which is different from the encryption key it uses (and keeps secret). Telemetry messages are then sent with a plaintext vehicle identifier and an encrypted payload, and receivers just need to remember which decryption key belongs to which vehicle.

      There are literally dozens of ways I can think to abuse this capability for fun and profit.

      ...and there are dozens of ways to counter them. It's easy to play armchair engineer and think of ways to abuse the system, but it's equally easy to find effective mitigations. In the decade or so that I've been following V2V technology, here are the most common ways to deal with attacks:

      Firstly, since V2V is advisory, anything that doesn't make sense can be ignored. No, nefarious hackers won't be able to coerce your car into running through a crowd of schoolchildren. You'll have to do that yourself.

      Second, as noted elsewhere, the system doesn't have to be perfect - only an improvement. At this very moment, there are literally dozens of folks driving slowly in the wrong lane with their blinkers on. That's bad information right there, and our current driving systems cope with it by recognizing the problem and working around it.

      As a third foil against the most common complaints, the keys and identifiers don't have to remain attached to your vehicle forever. There have been test implementations that regenerate identifiers at every trip, or randomly while traveling easily (like down a straight highway). With few other cars around, it's even possible for your vehicle to turn off transmissions, and reappear later as an apparently-different vehicle. Effectively, the only way to track someone reliably is the old-fashioned way... physically staying in radio range.

      The other issue is this: The expected range these operate at is defined by the size and quality of the antennas they intend to use, but with improved listening capability the range is much further.

      Eh, sort of... but radio doesn't quite work that way. As you get further away and get a bigger antenna, the amount of noise (and other transmitters) also rises. Roughly speaking, the amount of noise rises linearly, and the strength of the signal drops off quadratically, according to the inverse-square law.

      Even with a huge antenna, you won't be able to follow a single car very

      --
      You do not have a moral or legal right to do absolutely anything you want.
  2. I'm not saying this is going to be abused, but... by barc0001 · · Score: 5, Insightful

    This is going to be abused. People will have so much fun with this, it'll be unreal. Imagine a little box you can buy/build that spoofs a vehicle system and tricks all the cars in a 100 meter radius into executing an emergency stop...

  3. Finally the WW3 on roads by Max_W · · Score: 2, Insightful

    will be over. More than 20 million were killed in car accidents in the 21st century alone.

    1. Re:Finally the WW3 on roads by geekmux · · Score: 2

      will be over. More than 20 million were killed in car accidents in the 21st century alone.

      Let's not even pretend this will suddenly end death related to car accidents. Sadly in today's landscape, this only opens up the door to even more nefarious hacking, with truly deadly results.

  4. This seems really premature by psmoot · · Score: 2

    I don't know anyone has any concrete proposals for how this would work, what each car would transmit, what it would receive, or what it's expected to do with the data.

    The problem, as I think about it, is we've got a chicken and the egg problem. I'd love to say that the manufacturers should experiment, try some stuff out, and converge on some recommendations. Problem is, it's kind of useless to have all that expensive gear in my car if no one else does. There'd be no one listening and no one talking to me. So how to get the ball rolling?

    Maybe this is the way. Mandate that by 2020 (or whatever) every car must transmit some minimal data. Ignore the tinfoil hat theories about your every move being tracked (it probably is already anyway, thanks to toll bridge transponders and license plate scanners). That will make it much more reasonable to add receivers to cars a few years later, now that a substantial portion of cars are transmitting.

    Oh, all this presumes that V2V communication is actually a good thing and worth the cost. Maybe it is, maybe it isn't. It could be a solution looking for a problem. Do we have any reason to believe this is a better way to spend our money instead of making stronger bumpers?

  5. Scary **** by markdavis · · Score: 4, Insightful

    I am extremely worried about this.

    1) It will be abused. Period. You know it will contain the VIN or other unique ID. So readers on the side of the road will be monitoring everyone everywhere- where you go, how fast you were going, etc. Endless tickets in the mail.

    2) It will be hacked. Period. And once it is, it could cause chaos and devastation on the roads- causing other vehicles to panic and brake, others to swerve, etc. It would be one thing if this data were read-only, but we all know it will be linked into active controls. Road rage weapon. Stupid teenager prank. Whatever.

    3) It will be hijacked. With active controls tieins, police cars could use spoofed info as one way to kinda remotely-control other cars. And, of course, if they can do it, so can criminals. It will give a new meaning to the word "carjacking"....

    4) It will often be non-upgradable. Car manufacturers have a proven dismal track record on keeping ANYTHING updated on their cars. Once it is sold, they couldn't care less about the vehicle, unless they can somehow turn it into an endless stream of revenue.

    Like any technology, there are good things and bad things with each "improvement".

    1. Re:Scary **** by Chalnoth · · Score: 2

      In the abstract, I think it could be done in a way that would be helpful but with minimal danger, but it wouldn't be easy.

      The key would be to construct the system so that information coming from another vehicle is never trusted. The information might still be useful, but only in terms of refining estimates gathered from the car's own sensors.

    2. Re:Scary **** by markdavis · · Score: 2

      Of course you can. But those are higher risk of being discovered than doing it electronically. And they all require a physical presence to do such stuff. Hacking into systems can be done remotely and can affect far more people at once.

    3. Re:Scary **** by markdavis · · Score: 2

      >"The key would be to construct the system so that information coming from another vehicle is never trusted. The information might still be useful, but only in terms of refining estimates gathered from the car's own sensors."

      Bingo, +1 to you

      Ultimately, such outside information should always be untrusted AND able to be overridden by the driver in ALL cases. But will systems be designed that way? And even if so, hacking into them and presenting false information can still be dangerous, distracting, and very annoying.

    4. Re:Scary **** by WaffleMonster · · Score: 2

      Did you know that *right now* you can go get into a vehicle, drive it any direction at high rate of speed and cause as much damage as you want? No technology needed.

      You can drive the wrong way on the highway. You can light a car on fire and roll it down a hill. You can put a brick on the accelerator and set it loose into a crowd of people. You can throw nails on the road to stop any vehicle you fancy. You can string up wire across the road for motorcycles.

      No technology required.

      Sick and tired of these lame arguments.

      You can already do X therefore concern Y is invalid.

      Or the classic "BUT UR CELL PHONE!!" battle cry whenever someone has any privacy concern about anything.

      Two wrongs don't make a right. Existence of one vulnerability does not excuse responsibility for piling on of new ones.

      Convenience and stealth matter. If you can broadcast a signal that causes LOLz or havoc or renders wholesale cyber stalking trivial with minimal effort or risk to yourself this is to quote our outgoing VP a "big fucking deal".

      For reference Bluetooth was supposed to be a near field technology good for up to a few dozen feet max. People have demonstrated communication with unmodified devices at a range of well over a mile. What you can do with V2V while standing off out of sight out of mind with the proper equipment is bound to get quite interesting.

      The worse part of V2V is no public information detailing the benefits of V2V alone without factoring in the very significant overlap with existing sensor/CV approaches for AEB/CTA is completely nonexistent by intentional design. People don't even have coherent data with which to make any rational decisions about V2V specifically. All we get is propaganda that says stone age or V2V are the ONLY options. This is a false choice. It is indefensible BS.

  6. Re:I'm not saying this is going to be abused, but. by denis-The-menace · · Score: 2

    The cops will have this "Car stop now!" box FIRST!

    --
    Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
  7. Re:I'm not saying this is going to be abused, but. by Miamicanes · · Score: 2

    Unless it transmits a cryptographically-signed VIN as part of the broadcast, and receivers log that VIN to some kind of persistent storage if they rely on its data. It wouldn't necessarily prove that a specific INDIVIDUAL is guilty, but it could ABSOLUTELY pin financial liability on the owner of the vehicle associated with that VIN for negligently allowing a car he owns to spoof bad data.

    I know that in Florida, you can't get license plates without registering the VIN, and I'd be shocked if any state DIDN'T require VIN-registration as a condition of getting license plates.

    Since realtime certificate lookups are obviously out of the question, they'd probably issue certs good for a year at a time simultaneously with license plate renewal, and cars would be programmed to either ignore, or at least seriously question the validity of, expired certs.

  8. Re:I'm keeping my truck by cayenne8 · · Score: 2

    Every year, older cars get more an more attractive. Seriously considering a restored 80s BMW with an LS1 swap to make it more reliable.

    Same here, I've been wanting to for years and it looks like might be my year to do it....

    I want to get a '75-'76 Trans Am, 455 4-speed, last year of the big block, and of the round headlights.

    You can get almost frame off restore for the low to mid $20's.

    They were getting horribly air restricted at the end of the muscle car era, but with a few bucks, can do a resto-mod on it, slightly more aggressive cam, and turn the shaker hood functional again and your already close to 500+ HP.

    A little work on the suspension, and you've got modern handling.

    Between that and my current car, I could last without a super "modern" car with all this crap on it easily.

    And I make enough money to support a habit like I describe above that gets 10 gallons to the mile on a good day.

    ;)

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  9. tracking by Anonymous Coward · · Score: 2, Informative

    Let's attach a unique ID transmitter to every car in America!

    Does it matter? Most people have cell phones on them, so are tracked anyway. When was the last time your phone was more than a metre from you?

    Besides, if your car has tire pressure monitors then they emit a radio signal with a unique ID already:

    * https://www.schneier.com/blog/archives/2008/04/tracking_vehicl.html
    * https://en.wikipedia.org/wiki/Tire-pressure_monitoring_system#Privacy_concerns_with_direct_TPMS
    * http://www.rtl-sdr.com/receiving-decoding-tire-pressure-monitor-systems-using-rtl-sdr/

  10. Oh God why... by XSportSeeker · · Score: 2

    Man, lately I've been having a hard time imagining the thought process of feds, government administrators, and people in charge of proposing policies like that.

    How can they extol the supposed advantages of a system like that so much without giving a single thought - or thinking that people won't - of all the horrible potential dangers of it?

    Like, dang dude, I could have a very nice adrenaline surge in my system which would feel nice and be potentially benefitial to my health if I jumped out of my balcony right now from the 20th floor or something... *silence*

    I mean, let's all ignore how regular non connected car systems were already hacked, how dangerous it'd be to make it obligatory for car companies to have a system in place, the track record of car systems' security and then overall IoT, the history of unwarranted fed tracking and spying... let's save lives by forcing everyone to wear short choke chains to be controled remotely by proprietary closed software no one has access to and hackers would eventually find a way of taking control. It's not like we have weekly reminders on how badly companies handle security.

  11. Pedestrians, Pets, Bikes, Wildlife? by mindparasite · · Score: 2

    Why are pedestrians, pets, bikes, and wildlife being left out?

  12. Old School FTW by subk · · Score: 2

    This is why I keep buying older cars and refurbishing them instead of buying new. You can build a truly awesome retro (or late model) vehicle for half the price of anything new with comparable specs. There is no "new car" feature you cannot add to an older vehicle with aftermarket equipment, and as regulations like this start coming out, all the more reason to drive an older sled. No state has succeeded (and few have even tried) to legislate older cars off the road because it disenfranchises the poor, so this tactic should work right up to the point when the Feds finally mandate next-generation vehicles (which do not exist yet, frankly).

    --
    Now, if you'll excuse me, I have backups to corrupt.
  13. Re:GPG signatures by 0100010001010011 · · Score: 3, Funny

    How dare you bring technical discussion to fearmongering.

  14. Great by frovingslosh · · Score: 2

    Oh boy. I can't wait to start hacking other vehicles to order them to get out of my way. A nice side benefit to this is that eventually (and likely sooner rather than later) there will be a lot less vehicles on the roads.

    --
    I'm an American. I love this country and the freedoms that we used to have.
  15. Not my car by trailerparkcassanova · · Score: 2

    it hates other cars.