You're sorely mistaken if you think Jeep is the only car manufacturer with this setup. I'd bet that most cars produced within the last few years don't have airgapped CANBus systems. By definition, any car with 'drive' settings you can adjust by the headunit console (suspension, sport modes, charging status, etc) is not airgapped. I mean, in a Tesla you have the option to change suspension settings based on location from a Google Maps -based GPS system. It also can drive itself from your garage to your front door based on meetings scheduled in your calendar.
We literally have the same information for any auto manufacturer that we have from Jeep - empty assurances that 'we design our cars with the utmost cyber-security protections, trust us'.
Car nut here: Your assumption is correct. The system is not air gapped. Even racing control systems suffer from this (except some really expensive ones, although they use commonly sourced sensors with various form of shielding).
Absolutely. For example, I'd imagine that teams that participate in major events/series lock down their systems to avoid another team from sabotaging them. The competition is fierce and everybody is looking for an advantage. I've heard of teams stealing or hiding tools/parts during endurance races that I've attended. Messing with another teams engine control setup does not involve anything but a computer. A simple change to the timing or fuel mixture could destroy an engine and take out a competitor. Without putting the driver in much risk.
I'm in the industry. The setup described in the article (multimedia CPU plus connected vehicle controller (V850) which supports the CAN connection) is pretty much the standard headunit architecture. What is different from OEM to OEM is to which kind of CAN bus the system is attached and therefore which signals you can change.
For other OEMs it e.g. might not be possible to directly send brake signals from there, as a gateway connects and filters the different CAN networks.
But of course, once you figure out how to remote update individual ECUs then you might also be able to modifiy the gateways and do all kind of bad stuff.
> ...in a Tesla you have the option to change suspension settings based on location from a Google Maps -based GPS system.
Given Musk's technical background, one would expect Tesla to understand that they're building a network-connected computer-controlled two-ton missile and to have both the desire and know how to properly secure such a thing.
But yeah, AFAIK, all we have from any manufacturer is assurances of security. :(
Tesla takes their security pretty seriously. There were at DEF CON, both in the contest area and the front row of the talk where someone dumped their firmware. The presenter was overall pleased with their design. Expect to see something on 60 Minutes in the coming months.
If they allow over the air updates, even encrypted, there's a big potential risk. Exactly how are the crypto keys generated and protected? An attack on the download signing server, rather than the car, offers an entry point.
Nitpick on the Tesla: the "drive itself from your garage to your front door" thing is a hypothetical future scenario with no proposed implementation timeframe, and not something you can do right now.
But it's just a nitpick, because the basic controls are certainly all there. The feature doesn't exist yet just because it's hard to do it safely and legally.
As that tweet pretty clearly says, what they're rolling out soon is highway autosteer (a.k.a. automatic lane keeping) and automatic parallel parking. "Summon" mode (having the car drive to you by itself) is not coming any time soon.
We literally have the same information for any auto manufacturer that we have from Jeep - empty assurances that 'we design our cars with the utmost cyber-security protections, trust us'.