

Automakers Tackle the Massive Security Challenges of Connected Vehicles - graceofs
http://blogs.wsj.com/cio/2015/06/25/automakers-tackle-the-massive-security-challenges-of-connected-vehicles?utm_source=hackernews

======
therobot24
Automakers are notoriously bad at code [1][2][3], and consumers are bad at
getting their car fixed if there is a recall [4]. I cannot see how connected
vehicle security will go well.

[1]
[http://users.ece.cmu.edu/~koopman/pubs/koopman14_toyota_ua_s...](http://users.ece.cmu.edu/~koopman/pubs/koopman14_toyota_ua_slides.pdf)
(look at slide 36)

[2] [http://www.networkworld.com/article/2895535/microsoft-
subnet...](http://www.networkworld.com/article/2895535/microsoft-subnet/ford-
gm-and-toyota-are-being-sued-for-dangerous-defects-in-their-hackable-
cars.html)

[3]
[https://www.ece.cmu.edu/~ece649/lectures/20_sweng_crit_sys.p...](https://www.ece.cmu.edu/~ece649/lectures/20_sweng_crit_sys.pdf)

[4] [http://www.nytimes.com/2014/05/09/business/recalled-used-
car...](http://www.nytimes.com/2014/05/09/business/recalled-used-cars-roam-
the-roads-as-federal-legislation-stalls.html?_r=0)

------
tessierashpool
I think this is going to result in catastrophic disasters, and hopefully
catastrophic class-action lawsuits as well. I find it absolutely terrifying to
think that every time I go near a road, my life will depend on General Motors
churning out invasion-proof software.

Whenever they've been faced with computer security problems, big, 20th-century
organizations have consistently proved themselves incompetent beyond
imagining. Plus there's no way this kind of change wouldn't be managed by
government, and it's not the kind of thing they do well at all.

Several major categories of risk:

* terrorists will hack into cars (or related systems) to make them kill people and/or destroy property on purpose

* bored kids will hack into cars (or related systems) and make them kill people and/or destroy property for no good reason

* criminals will hack into cars (or related systems) to enable theft, kidnapping, and other crimes

* opportunities for privacy violation, tracking, stalking, etc

* certificate systems kind of suck

