Debate on speeding, with a side order of "For $60, you can hack a connected car (original topic)"
-
This is typical of networked systems deployed to market these days. Get it to work, get it shipped to beat your competitors, and then patch the security holes later. Maybe. If anyone besides professional hackers discover them and hold the selling company accountable.
Excerpt: Evenchick also told Forbes that he wants to make it for people to probe connected car systems for weaknesses, largely because car manufacturers tend to keep their systems closed to the outside security community. By designing a tool that can search for these vulnerabilities, Evenchick is enabling hackers to see what kinds of weaknesses made it to the market.
-
No surprise to see that attacks the CAN bus; they have more security holes than unpatched Windows XP…
-
-
-
Evenchick is enabling hackers to see what kinds of weaknesses made it to the market.
The performance aftermarket has reverse engineered the entire computer of many cars. CAN bus vulnerabilities don't reduce the already shoddy security in these systems.
Securing them is pretty much infeasible. It took the satellite TV industry many years to make their stuff good enough to keep hacking under control and they have over-the-air updates. There is much less incentive for car manufacturers to have good security and their update model is laughable.
-
Securing them is pretty much infeasible. It took the satellite TV industry many years to make their stuff good enough to keep hacking under control and they have over-the-air updates. There is much less incentive for car manufacturers to have good security and their update model is laughable.
I would argue that industry has already learned these lessons. Why are the car manufacturers reinventing the wheel?
There is much less incentive for car manufacturers to have good security and their update model is laughable.
Oh. Yeah. Right.
-
-
I don't really see a problem, unless I missed something you'd already have to have physical access to the car's electronics to do this, and anyone with nefarious intent would do a dozen other things before tapping into the car's electronics.
Avionics is pretty similar, for many of the standard protocols anyone1 can plug a bus monitor in and see what's happening.
1That is, anyone with specialized and very expensive hardware and software, physical access to the airplane, and the ninja skills required to sneak into military hangars and tamper with jets without getting shot by the MPs.
-
I don't really see a problem, unless I missed something you'd already have to have physical access to the car's electronics to do this, and anyone with nefarious intent would do a dozen other things before tapping into the car's electronics.
My concern is many cars connect via wireless these days...maybe I'm making a buttumption?
-
If the car's electronics are exposed via wireless, then yes there's definitely a problem. I made a buttumption that they aren't, because why would you need that?
-
I would argue that industry has already learned these lessons. Why are the car manufacturers reinventing the wheel?
I have a 2014 Mazda 3 which has an infotainment system built with OpenCar. In theory, this should be the most update friendly system since it's really just embedded Linux. If order to update the system myself, I have to find an unauthorized download of the firmware and use a bunch of hidden commands in the UI to start the update. If I want the dealership to do it for me, I have to either prove I have an issue that needs to be fixed or pay for the labor for them to watch the little blue bar go across the screen.
So, they not only don't make it easy for their systems to be updated, they go out of their way to make it hard. However, they do enable SSH by default and the root password is "jci".
-
So, they not only don't make it easy for their systems to be updated, they go out of their way to make it hard enough for the average driver so they can justify charging insane labour rates and make a buttload of cash.
<purple monkey dishwasher
-
In theory, this should be the most update friendly system since it's really just embedded Linux.
This is a theory which can only be held by a person who has literally never owned ANYTHING run on embedded Linux.
-
This post is deleted!
-
These days, it's generally extremely difficult - if not impossible - to rip that integrated infotainment shit out and put in whatever the fuck you want. And I Just! Can't! Wait! for nanny-state bullshit like Ford's Intelligent Speed Limiter to come into widespread use. You'll be doing the speed limit soon enough, no matter how ludicrously low it is, slave.
-
And I Just! Can't! Wait! for nanny-state bullshit like Ford's Intelligent Speed Limiter to come into widespread use. You'll be doing the speed limit soon enough, no matter how ludicrously low it is, slave.
You know, you can just turn the feature off if you don't like it.
-
You know, you can just turn the feature off if you don't like it.
Given how nannying some governments can be, there may be a law passed that makes that illegal…
-
This is a theory which can only be held by a person who has literally never owned ANYTHING run on embedded Linux.
mmm... false.
-
I've seen 5mph speed limit signs posted on roadways leading into parking lots, post offices...that'll be SO much fun...
-
5mph is a right pain in the arse to maintain in a manual car; at least with a 10mph limit, you can let the car idle in second, and it'll do about 8-9mph naturally.
-
You know, you can just turn the feature off if you don't like it.
Right, just like air bags. And OK, yes, initially, you can turn it off... until the gummint mandates it as a standard "safety" feature.
-
Given how nannying some governments can be, there may be a law passed that makes that illegal…
Case Study: DEF (diesel exhaust fluid).
Some doofus at the EPA decided squirting piss into your exhaust pipe is A Good Thing, and now it's mandatory on road diesels. It is absolutely NOT required for your vehicle to operate normally, however it's mandated that if and when the DEF tank goes empty your vehicle needs to go into limp mode which limits you to 15 mph or something and if you turn it off it won't start again until the DEF tank is re-filled.
-
TIL enforcing the laws of a country is considered "nannying".
Speed limits are almost always stupid, for sure, but this feels like the wrong complaint to be making
-
Ford's Intelligent Speed Limiter
Read about that in The Times yesterday.
When they tried it, it got confused between the road limit signs at the side of the road, and the 'maximum speed this truck will go at. In kmh' stickers on the backs of some lorries.
-
Case Study: DEF (diesel exhaust fluid).
*Googles*
Ah, so that's what AdBlue is then… I assume there's a reason diesels use that instead of a catalytic converter, like petrol cars do?
-
enforcing the laws of a country is considered "nannying"
If a given law proscribes something other than actual or extremely likely threats to life, liberty or property, then the law's shitty and quite possibly nannying.
@Yamikuronue said:this feels like the wrong complaint to be making
So, what's the right one?
https://www.youtube.com/watch?v=2BKdbxX1pDw
-
TIL enforcing the laws of a country is considered "nannying".
Enforcing laws is fine; it's how that can be nannying. I'd rather not be enslaved to an electronic overlord, thankyou very much
-
It catalyzes something or other. Knowing the mess the EPA has made of diesels, it probably catalyzes something that is produced as a by-product of one of their other emission schemes. Kinda like the sick guy who takes a drug for his condition and then needs 12 other drugs to manage all the side effects.
-
When they tried it, it got confused between the road limit signs at the side of the road, and the 'maximum speed this truck will go at. In kmh' stickers on the backs of some lorries
It could be fun to buy a UK spec one then take it to a country with speed limits in km/h
"Sorry Officer, I was relying on my automatic speed limiter. I don't see how I could go 100mph like that
-
It catalyzes something or other. Knowing the mess the EPA has made of diesels, it probably catalyzes something that is produced as a by-product of one of their other emission schemes. Kinda like the sick guy who takes a drug for his condition and then needs 12 other drugs to manage all the side effects.
<empty this
@Wikipedia said:DEF is used as a consumable in selective catalytic reduction (SCR) in order to lower NOx concentration in the diesel exhaust emissions from diesel engines.2
-
The thing is, a standard three-way cat does the same job, and doesn't need you to refill the car's piss-tank, because there won't be one.
-
Eh I can't attest to the good/badness of the system. I'm just saying what it does :)
-
So, what's the right one?
The law (in this case, the speed limit) is terrible, feel free to complain about that. But saying "We're going to enforce our existing laws in a new way due to technological advances making it possible" is hardly nannying.
"Waah, the big bad government is making me obey the laws!"
-
"Waah, the big bad government is making me obey the laws!"
In my opinion, laws are there to punish, not prevent, crime.
-
"Waah, the big bad government is making me obey the laws!"
It's not so much that, but more the fact that electronic governance cannot possibly take into account emergency situations; it's rare, but sometimes you have to go faster to avoid an accident.
-
@PJH, while that's true, it doesn't mean it won't be "improved." In just one minute of pondering this crap, I can easily picture the eventual use of a combination of GPS, mobile phone tower triangulation, highly-localized radio beacons, signs with special QR codes, and so on, to pinpoint your exact location. Then, a quick download of a "speed limit map" will tell the onboard computer that the limit is, say, 40mph. It's merely one in a series of baby steps, just like any other control mechanism. Oh, and if the country's maximum speed limit is 70mph, then guess what, 70mph is the fastest you'll ever go - no need for fancier tech.
-
Then bitch about that rather than "nanny states".
Apparently I'm in a Blakey mood today :/
-
laws are supposed to be there to punish, not prevent, crime, in a perfect world that doesn't have nannies and power-trippers
FTFY.
-
Then bitch about that rather than "nanny states".
The two often go together ;)
@Yamikuronue said:Apparently I'm in a Blakey mood today :/
You're not very good at it; you haven't called me an idiot yet
-
it's rare, but sometimes you have to go faster to avoid an accident.
ISTR this Ford one has a way to override the limit by doing a double click type movement on the accelerator.
-
ISTR this Ford one has a way to override the limit by doing a double click type movement on the accelerator.
Good luck remembering to do that in a moment of terrified panic ;)
-
This is a theory which can only be held by a person who has literally never owned ANYTHING run on embedded Linux.
Windows has pretty much no penetration into the vehicle market. We're comparing Linux to QNX here, so Linux actually comes out pretty good.
-
You know, you can just turn the feature off if you don't like it.
Like you can turn off the stupid fucking dialog that nags you every time you pair a Bluetooth phone to a Ford vehicle? Meaning, you have to turn it off every time you start the fucking car?
No thank you. I would rather my car just mind its own fucking business. This also seems like a damned good way for your car to testify against you in traffic court. This is a solution to a problem that no one has. I don't appreciate it when my electronics nag me.
-
...you'd already have to have physical access to the car's electronics to do this...
When I was in grad school, we had a faculty candidate talk by someone who did his dissertation on attacks against cars. He found several attack vectors, some which did not require physical access. For example, the telematics unit (like OnStar) connects via a cellular signal; on some cars, you can attack via that. They also had attacks via bluetooth and seemingly-harmless physical access like putting a CD into the CD player.
-
For example, the telematics unit (like OnStar) connects via a cellular signal; on some cars, you can attack via that
Exactly; they usually have a direct connection to the CANbus, and the security of a ruptured sieve.
-
No thank you. I would rather my car just mind its own fucking business. This also seems like a damned good way for your car to testify against you in traffic court. This is a solution to a problem that no one has. I don't appreciate it when my electronics nag me.
+1
Adaptive cruise control: Good idea. I can turn it on when I need it and is a useful feature
This: Bad Idea, feels like Dennis Nedry "nah nah nah, can't go that fast"
-
By designing a tool that can search for these vulnerabilities, Evenchick is enabling hackers to see what kinds of weaknesses made it to the market.
So it is with every tool that can be a weapon.
-
every tool
thatcan be a weapon
;)You can weaponise anything if you're creative enough…
-
-
I have half a mind to buy this and carry it on me.
I mean, how are they going to ban you from carrying shovels?