08-24-2015, 03:03 PM
|
#22 (permalink)
|
Master EcoModder
Join Date: Aug 2012
Location: northwest of normal
Posts: 28,696
Thanks: 8,144
Thanked 8,924 Times in 7,367 Posts
|
Replying to myself to bump the thread.
Highway to hack: Why we’re just at the beginning of the auto-hacking era
Ars Technica on the institutional impediments to good security in moving vehicles. It highlights how Tesla's outsider status allows it to re-imagine how security works.
Quote:
These are just the attack approaches that are being tried now. Corman said he believes, as In-Q-Tel Chief Information Security Officer Dan Geer has suggested, that "bugs are dense"—meaning there are sure to be a given number of potentially exploitable defects in every thousand lines of code. "The total number of bugs will go up as the total number of lines of code goes up," he said. "The total number of access points to the exploitable codes go up as the number of devices on the network go up. And the total number of adversaries go up because now we've taken car hacks from theoretical to demonstrable." Car companies, Corman said, have to be prepared for software failures, because it's not a question of if they will happen, but when. The more important question becomes how car makers will respond.
|
Running the article through Mac OSX Summarize:
Quote:
This month at three separate security conferences, five sets of researchers presented proof-of-concept attacks on vehicles from multiple manufacturers plus an add-on device that spies on drivers for insurance companies, taking advantage of always-on cellular connectivity and other wireless vehicle communications to defeat security measures, gain access to vehicles, and—in three cases—gain access to the car’s internal network in a way that could take remote control of the vehicle in frightening ways.
...No one at Ford, GM, and Chrysler would talk with Ars about their strategy for uncovering potential security issues in software that could be used for "cyber-physical" attacks—hacks that could have an impact in the physical world by interfering with the operation of cars.
...The “attack surfaces” of cars that get the most attention are the ones designed to keep people from driving away with cars they don’t own—electronic keyless entry systems or locks and vehicle immobilizers that use low-power radio to detect the presence of a valid car key before allowing a car to start for example.
...But connected car services such as GM’s OnStar, Fiat Chrysler’s Uconnect, Ford’s Sync, and add-on services such as those based on Mobile Devices’ C4 OBD2 “dongle” greatly extend the range of a potential attack—especially if the attacker’s goal is to do damage by interfering with the driver’s ability to operate the vehicle.
|
|
|
|