Firewalls Can't Protect Today's Connected Cars

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Focusing on stopping an attack after hackers are already in your system? That seems a bit risky. I just wonder why mission critical stuff like brakes, acceleration, steering etc. aren't on an isolated non-connected system in the first place.

The automobile industry needs to follow Sun Tzu's advice to secure increasingly connected vehicles from hackers, according to experts. Instead of building firewalls to keep cyber attacks out, which industry watchers say is ultimately a futile endeavor, build systems that recognize what a security breach looks like in order to stop it before any real damage is done.
 
So glad I drive an older car with none of this connected bullshit.

As a computer person, I know all too well the risk of putting these connected systems in cars.

A cars job is to get you from point A to point B. Not to provide access to Facebook or text messaging or any of the other thousand distractions that cause people who are supposed to be driving to wreck because they were more concerned about their stupid social networking than focusing on the fucking road. Having the entertainment system connected to the ECU/PCM is, at best, monumentally stupid and at worst, criminally negligent.
 
I can update my car just as easy as I update my phone or computer to patch it against threats. I really don't see the big deal and I do want my car connected. As a an IT professional that has to travel sometimes it is a welcomed feature for my vehicle to have access and wifi that's easily connected.

I think all the fear mongering about connected vehicles is really backwards thinking and cars will eventually all be connected as it's only a matter of time If you're looking for a new vehicle. Sure keep your unconnected vehicle and for some just getting from point a to point b is enough but for most others we want more from our vehicles and technology. I don't want a dumb car.

That being said I do think they need to up the security on vehicles with new technology and I would be all for isolating key components from said technology. I think it's great that awareness is being brought to this to be honest and I think it will get better.
 
I can update my car just as easy as I update my phone or computer to patch it against threats. I really don't see the big deal and I do want my car connected. As a an IT professional that has to travel sometimes it is a welcomed feature for my vehicle to have access and wifi that's easily connected.

I think all the fear mongering about connected vehicles is really backwards thinking and cars will eventually all be connected as it's only a matter of time If you're looking for a new vehicle. Sure keep your unconnected vehicle and for some just getting from point a to point b is enough but for most others we want more from our vehicles and technology. I don't want a dumb car.

That being said I do think they need to up the security on vehicles with new technology and I would be all for isolating key components from said technology. I think it's great that awareness is being brought to this to be honest and I think it will get better.

You should be focusing on the road, not threatening other people's lives with your distracted driving.
 
I can update my car just as easy as I update my phone or computer to patch it against threats. I really don't see the big deal and I do want my car connected. As a an IT professional that has to travel sometimes it is a welcomed feature for my vehicle to have access and wifi that's easily connected.

Fun fact...these car systems never get core OS updates or patches. Least I've never heard of it.

Here's a question-as an IT professional, how do you update your cars OS? Do you go to the dealer and do they know anything about it? Do you plug in a USB dongle with an .IMG file? Does it do it via WIFI? Do you even know? LOL, you don't do you?
 
So glad I drive an older car with none of this connected bullshit.

As a computer person, I know all too well the risk of putting these connected systems in cars.

A cars job is to get you from point A to point B. Not to provide access to Facebook or text messaging or any of the other thousand distractions that cause people who are supposed to be driving to wreck because they were more concerned about their stupid social networking than focusing on the fucking road. Having the entertainment system connected to the ECU/PCM is, at best, monumentally stupid and at worst, criminally negligent.

+1 with emphasis on the "CONNECTED BULLSHIT!"
 
You should be focusing on the road, not threatening other people's lives with your distracted driving.

Who said this was when I was driving? And also all the hands free technology actually makes it easier to focus on the road for simple tasks.

Fun fact...these car systems never get core OS updates or patches. Least I've never heard of it.

Here's a question-as an IT professional, how do you update your cars OS? Do you go to the dealer and do they know anything about it? Do you plug in a USB dongle with an .IMG file? Does it do it via WIFI? Do you even know? LOL, you don't do you?

That fact wasn't very fun... The systems do get patches and updates and it's really easy.

https://www.youtube.com/watch?v=7n2kavHJYz8
 
I press 1 button on my steering wheel and can send out an e-mail, text, make a call, check the weather, traffic conditions, set destinations for GPS, bring up maps, change the station, set reminders, and all hands free with just my mouth.
 
I press 1 button on my steering wheel and can send out an e-mail, text, make a call, check the weather, traffic conditions, set destinations for GPS, bring up maps, change the station, set reminders, and all hands free with just my mouth.

You are still distracted. It is not the act of using a handheld device, it is the fact that your mind is focused on something else other than driving.
 
I can update my car just as easy as I update my phone or computer to patch it against threats. I really don't see the big deal and I do want my car connected. As a an IT professional that has to travel sometimes it is a welcomed feature for my vehicle to have access and wifi that's easily connected.

I think all the fear mongering about connected vehicles is really backwards thinking and cars will eventually all be connected as it's only a matter of time If you're looking for a new vehicle. Sure keep your unconnected vehicle and for some just getting from point a to point b is enough but for most others we want more from our vehicles and technology. I don't want a dumb car.

That being said I do think they need to up the security on vehicles with new technology and I would be all for isolating key components from said technology. I think it's great that awareness is being brought to this to be honest and I think it will get better.


Yes you can patch exploits that are discovered and fixed. What about the zero days that have not been published and fixed? Connecting main car functionality to internet is by far the dumbest thing car manufacturers have done in the past decade... I'm not even a fan of hooking that shit up to the main ECU and giving that control. One more thing that can fail and cause a crash and/or death. No more new cars for me if this is the trend....

In my 2005, I just added a nexus 7 with LTE and have all the perks with none of the risks. If someone hacks that the worst that can happen is I don't get to listen to my music...
 
Yes you can patch exploits that are discovered and fixed. What about the zero days that have not been published and fixed? Connecting main car functionality to internet is by far the dumbest thing car manufacturers have done in the past decade... I'm not even a fan of hooking that shit up to the main ECU and giving that control. One more thing that can fail and cause a crash and/or death. No more new cars for me if this is the trend....

In my 2005, I just added a nexus 7 with LTE and have all the perks with none of the risks. If someone hacks that the worst that can happen is I don't get to listen to my music...

And of course, what happens when they decide to stop providing security updates and end of life your car. Now you are forced to replace a perfectly functional car because they don't provide security updates for it anymore. Good way to force obsolescence.
 
And of course, what happens when they decide to stop providing security updates and end of life your car. Now you are forced to replace a perfectly functional car because they don't provide security updates for it anymore. Good way to force obsolescence.

What happens when they stop? When did they ever start?

I've never seen or heard of even mapset updates for cars...OS updates? Forget about it. You're talking about something that has never existed.
 
You are still distracted. It is not the act of using a handheld device, it is the fact that your mind is focused on something else other than driving.

So, when are we going to ban presence of other people in the car?
 
I press 1 button on my steering wheel and can send out an e-mail, text, make a call, check the weather, traffic conditions, set destinations for GPS, bring up maps, change the station, set reminders, and all hands free with just my mouth.

I'd like to speak for the entire motorcycling community when I say "go to hell".

I don't care how easy your technology makes it for you to do your chores while you are driving. YOU ARE STILL DISTRACTED. Why do you need to do those things in the car? If the person on the other end of that email knew you were creating it in a 4000lb missile going 75mph, would they still think that email was vital? Yes? Then that person is a piece of shit and you shouldn't be emailing them anyway. Check the weather? Look out the goddamn window and adapt.
 
An Internet connected car is a STUPID idea.

Sure, with all the "infotainment" centers, and passengers (I'm giving drivers the benefit of the doubt, but we all know the truth here) wanting to have their phone, tablets, phablets, and any other mobile buzzword technology connected at all times, having a simple LTE receiver to rebroadcast a wi-fi network makes sense. But there is ABSOLUTELY no reason to have my engine, fuel delivery, braking, emissions, or ANYTHING that deals with the basic function of my car to be connected to a remote network.
 
So, when are we going to ban presence of other people in the car?

Other people in the car can moderate their conversation based on their observation of driving conditions. And if they don't, you can always kick them out.
 
An Internet connected car is a STUPID idea.

Sure, with all the "infotainment" centers, and passengers (I'm giving drivers the benefit of the doubt, but we all know the truth here) wanting to have their phone, tablets, phablets, and any other mobile buzzword technology connected at all times, having a simple LTE receiver to rebroadcast a wi-fi network makes sense. But there is ABSOLUTELY no reason to have my engine, fuel delivery, braking, emissions, or ANYTHING that deals with the basic function of my car to be connected to a remote network.

It's one of those "back doors" ;) You know, to stop the bank robbers when they're speeding away after a heist.
 
I'd like to speak for the entire motorcycling community when I say "go to hell".

I don't care how easy your technology makes it for you to do your chores while you are driving. YOU ARE STILL DISTRACTED. Why do you need to do those things in the car? If the person on the other end of that email knew you were creating it in a 4000lb missile going 75mph, would they still think that email was vital? Yes? Then that person is a piece of shit and you shouldn't be emailing them anyway. Check the weather? Look out the goddamn window and adapt.

Well if you're speaking for an entire community. I'd like to -1 that statement and state unequivocally that I use my smart car and drive courteously around motorcycles. Go slob on your own nob somewhere else ;)
 
An Internet connected car is a STUPID idea.

Sure, with all the "infotainment" centers, and passengers (I'm giving drivers the benefit of the doubt, but we all know the truth here) wanting to have their phone, tablets, phablets, and any other mobile buzzword technology connected at all times, having a simple LTE receiver to rebroadcast a wi-fi network makes sense. But there is ABSOLUTELY no reason to have my engine, fuel delivery, braking, emissions, or ANYTHING that deals with the basic function of my car to be connected to a remote network.

I completely agree with you, the functional driving elements should be totally separate from the media functions. I can't believe that this isn't legally mandated, the day the first remote vehicle hack was demonstrated this should have become law.

I currently drive a car that is not connected to anything, but I'm thinking of getting a newer car in the next year or two. Security is a big concern for me and would really influence my purchase. The car manufacturers need to realize this and get on it.
 
Several thoughts:

1. Pay attention to the road, this is all.

2. Why does my car need connectivity built in? I am connected (when i need to be) by using my cellular hot spot. If it breaks i can replace it easily. Car breaks?!? Could be days to get it fixed. I can have a new cell hotspot in minutes. Same with GPS systems, stop building that shit in.

3. There really isn't a need for the core functionality of the car to be connected to anything. At worst, it should be a one way (from ECU to external device). Updates to ECU firmware (if necessary) should require a physical connection to the ECU, no wireless anything.
 
I press 1 button on my steering wheel and can send out an e-mail, text, make a call, check the weather, traffic conditions, set destinations for GPS, bring up maps, change the station, set reminders, and all hands free with just my mouth.

I sure hope you are not driving anywhere near me.

Research has shown that you are almost as distracted while doing all that as someone who is holding their phone an sending out a text.
Several studies have shown that people using hands free phones are in just as many accidents as people holding and talking on cell phones. While a hands free call was slightly safer, the hands free calls where longer, resulting in basically the same risks.
 
A cars job is to get you from point A to point B. Not to provide access to Facebook or text messaging or any of the other thousand distractions that cause people who are supposed to be driving to wreck because they were more concerned about their stupid social networking than focusing on the fucking road. Having the entertainment system connected to the ECU/PCM is, at best, monumentally stupid and at worst, criminally negligent.

+1

However some tech is good, as it can actually lower the distractions.
All my music in on a thumb drive plugged into my stereo, and I can call up any song or playlist by voice after pressing a button on my steering wheel. Much less distracting than trying to select the correct CD or trying to swap a CD in the changer like my last car.

And no, I don't want WiFi in my car (and another cell bill to go along with it), or the ability to access my car from my cell phone.
 
I'd like to speak for the entire motorcycling community when I say "go to hell".

I don't care how easy your technology makes it for you to do your chores while you are driving. YOU ARE STILL DISTRACTED.

As someone who was rear-ended on my motorcycle by a "distracted driver" while I was sitting at a traffic light, I also say "go to hell" to those who THINK they can drive distracted.
 
What happens when they stop? When did they ever start?

I've never seen or heard of even mapset updates for cars...OS updates? Forget about it. You're talking about something that has never existed.

you have no idea what you're talking about , updates are performed all the time , provided you take your car to someone who can actually do it...IE not billy's corner garage
 
Fun fact...these car systems never get core OS updates or patches. Least I've never heard of it.

Here's a question-as an IT professional, how do you update your cars OS? Do you go to the dealer and do they know anything about it? Do you plug in a USB dongle with an .IMG file? Does it do it via WIFI? Do you even know? LOL, you don't do you?


If it's a BMW, the dealership does it. But it's a lot like cellphones, once it's been 9 months and they're prepping for the next model release, why care? We'll roll the security patch into the 2016 edition!
 
If it's a BMW, the dealership does it. But it's a lot like cellphones, once it's been 9 months and they're prepping for the next model release, why care? We'll roll the security patch into the 2016 edition!

Also, Tesla does OTA updates all the time. So I'd assume they're one of the few that can actually patch the security holes on the fly.
 
I press 1 button on my steering wheel and can send out an e-mail, text, make a call, check the weather, traffic conditions, set destinations for GPS, bring up maps, change the station, set reminders, and all hands free with just my mouth.

Yeah, that's insane. If you can't like just drive your car without messing with a bunch of unnecessary stuff, you prolly should just have someone else drive instead because you're like putting everyone else around you at risk to be killed over your addiction to electronic goo-gaws.

I'm glad that most people in this thread aren't just rationalizing it away like you. Driving is already scary enough with people pretending to be race car drivers because they watched those idiotic Paul Newman Fast and Furious movies or who are hormonally-enraged nutcases that are mad at everything. They don't need connected junk to make them worse.
 
I sure hope you are not driving anywhere near me.

Research has shown that you are almost as distracted while doing all that as someone who is holding their phone an sending out a text.
Several studies have shown that people using hands free phones are in just as many accidents as people holding and talking on cell phones. While a hands free call was slightly safer, the hands free calls where longer, resulting in basically the same risks.

There are plenty of narcissistic assholes out there that think they are the exception. Which is why accidents related to drivers distracted by tech is rising every year. They even found that using a HUD that only gives information related to driving is a distraction. If a HUD is a distraction just think of what your brain is actually doing while talking to yourself to create and send an email. The brain is horrible at multitasking and its been proven over and over again. I think the only real exceptions are extremely limited and those exceptions tend to be autistic. As many autistic have brains that do not focus well on one thing but actually pull in all information around them. Which as children is very hard to deal with the sensory overload but with the right help makes many of them exceptional at certain things. But for your average person, they are just like everyone else and are actually horrible at multitasking. Which is why you see many of the multitaskers driving in the fast lane speeding up to 90 and then slowing down to 55 and back and forth until they are done with what ever activity they are doing, whether that be texting or talking to themselves.
 
Legislation is far behind technology.

This is the problem. It should be absolutely illegal to connect the infotainment crap to the cars computer. It should be completely illegal to put any kind of wireless communication to the cars mechanical computer. But it will be this way until there is recalls and lawsuits because someone remotely hacked and caused an accident.
 
This thread derailed quickly.

1. Enjoy your crappy old cars. Please remove all passengers and radios. Leave all cell phones in trunk.
2. Hands-free is better that fumbling with phone.
3. Drivers can choose when to use internet-related features.
 
Well if you're speaking for an entire community. I'd like to -1 that statement and state unequivocally that I use my smart car and drive courteously around motorcycles. Go slob on your own nob somewhere else ;)

How is not wanting to get rear ended at a stoplight by someone not paying attention "slobbing my nob?" Do you really think that there is anyone who rides a motorcycle who disagrees with my statement? Is anything anyone has ever texted in the history of texting/tweeting/instagraming/email EVER been important enough to risk your life or the lives around you? Ask yourself that question before you try to sound magnanimous.

As someone who was rear-ended on my motorcycle by a "distracted driver" while I was sitting at a traffic light, I also say "go to hell" to those who THINK they can drive distracted.

Happens almost daily. Make it a habit to always keep your bike in gear and check the mirrors at lights.
 
This thread derailed quickly.

1. Enjoy your crappy old cars. Please remove all passengers and radios. Leave all cell phones in trunk.
2. Hands-free is better that fumbling with phone.
3. Drivers can choose when to use internet-related features.

Hey it's the mating call of the habitual texter-while-driving. Your justifications for your behavior (other people have radios so I should be able to text!) are pathetic. And no, drivers absolutely cannot be trusted on when to/when not to use internet related features.
 
An internet connected car is fine, but let it be read only type of stuff, read maps to find where you're going, read restaurants that are near by, read traffic alerts, amber alerts, etc... I really want to believe that these controlled cars are as a result of someone slapping some hardware into it that allows them to get control (an OBD type dohicky that gives them control) but I'm not convinced it is.

Want to change something remotely? require it to be physically plugged in, hardware lockout of sorts, that way it can be fixed at a mechanic, or your garage, etc, remote access wirelessly that can change things (i.e. speed, brakes, airbag deployment)? just asking for trouble.
 
And people ask me why I don't want that fancy BS in my truck :p
 
I'm not trying to be a dick by why on earth they have two way communications between the entertainment system and the ecu is beyond me. one way systems have been in existence since the 50s. if you want data from the ecu into the infotainment system literally set up a one way connection of what you want and call it a day.
 
I'm not trying to be a dick by why on earth they have two way communications between the entertainment system and the ecu is beyond me. one way systems have been in existence since the 50s. if you want data from the ecu into the infotainment system literally set up a one way connection of what you want and call it a day.

So that the government has both tracking and remote shutdown functionality.
 
Back
Top