
Automakers Trying to Prevent Hackers from Commandeering Cars - shahryc
http://www.nytimes.com/aponline/2015/08/05/us/ap-us-autos-hacking.html?_r=0
======
dkx
"But two Democratic senators, Edward Markey of Massachusetts and Richard
Blumenthal of Connecticut, have introduced a bill that would force the
industry to seal off critical computers and add technology to stop hackers in
real time."

Why do governments feel the need to dictate the little details? Instead of
forcing all car manufacturers to secure cars in the exact same way how about
just holding them liable for the consequences if a car is hacked? Car makers
can then decide how best to secure the car which would lead to a more diverse
and hopefully innovative security measures.

~~~
nfriedly
Aren't the car manufacturers already liable?

~~~
spathi_fwiffo
There is at least one lawsuit over the hackability; so, I guess we will see.

------
jacquesm
That shouldn't be too hard. Disconnect all radios from management computers
with an airgap. And if that goes at the cost of some functionality then so be
it but the downsides of interconnected systems are heavier than the upsides.

At a minimum stick an 'airgap' switch in the dash somewhere and default it to
'on', or label it 'insecure' when off so the users know the risks.

~~~
itsmillertime4u
The problem is that doing so removes the ability to do the self parking, or
doing something like the remote kill switch that they can invoke in case the
vehicle is ever stolen.

Me personally, I know how to park and particularly care if my car is
stolen..that's my insurance companies problem. So I could live without both of
these features, but you can see how some would argue the opposite. I'm sure
there are other tie ins, I'm just can't think of any other that as obvious.

~~~
kazinator
The insurance company could make it your problem, by charging you a higher
premium for theft coverage than the next customer if your vehicle doesn't have
the feature.

------
jdc0589
This is the easiest problem in the world to fix going forward... The
entertainment system (usually the entry point for this kind of stuff) has no
business being connected to any core systems (steering, throttle, brakes,
ignition). Just keep the core systems separate, without any connectivity to
ANYTHING that can be accessed remotely.

Boom. problem solved.

~~~
comrh
I had this same thought but someone in another hn thread had a good point
about how a lot of features still use the core systems. Remote starting your
car (a common aftermarket feature for the last 20 years) from an app now
obviously needs access to the engine. Even if you disconnect the "core
systems" they're still probably going to be connected to the internet.

------
kazinator
My ideal car has no power-anything: no power windows, door locks, brakes or
steering. Accessory-wise, just an AM/FM radio with a 1/8" AUX jack, a 12V
outlet and some cup holders. 5 or 6 speed manual transmission, unless it's
electric.

~~~
toufka
Seriously, when can this happen? Is there a cad file on TPB yet? I'd download
it.

~~~
spathi_fwiffo
Build yourself a kit car. I'm sure you could get this setup.

------
nsns
But if these cars can be "commandeered", they (i.e. my movements) could also
easily be tracked by the companies themselves (with the information then sold
to "trusted partners"). For some reason, that frightens me more.

~~~
Lorento
If you live in the US or UK, your movements are already being tracked by
license plate reading cameras.

~~~
pdkl95
While this is true, it only works where cameras are present, and adding a
significant number of cameras costs time and money.

COTRAVELER[1] is much easier and costs almost nothing. Just having a cellphone
in a car (either in the driver's pocket or "OnStar") - which only needs to be
on and giving presence notifications to the local tower - is enough to get
_very_ accurate near-realtime tracking information. The only costs are read-
only access to the tower logs and a few SQL JOINs.

[1] [https://www.washingtonpost.com/apps/g/page/world/how-the-
nsa...](https://www.washingtonpost.com/apps/g/page/world/how-the-nsa-is-
tracking-people-right-now/634/)

------
outworlder
Can't we just stop using the (admittedly convenient) CAN bus for this sort of
communication? It was never designed for what people are using it for these
days.

~~~
S_A_P
Part of the reason cars have gotten more reliable in recent decades is due to
this sort of standardization and refinement. What would you replace it with?
If you replaced CAN, you still would need an in car network of some sort. It
would have its own layer of security issues to worry about. Mechanics/Service
centers would need an entirely new suite of diagnostic tools, this isn't just
something you can quit using.

~~~
datenwolf
> What would you replace it with?

Individual wires transmitting analogue signals; differential voltage or
current loop, depending on application. Add a bunch of RC filter networks on
either side to limit the bandwidth to the kind of signals going over the wire
and you got a pretty tight, hardwired system.

------
ohitsdom
This title should only be "news" early on in the design stage. Were they not
trying to prevent hackers from commandeering cars before they released them?

Also as others have said, airgap the systems.

