
Dude, where's my car? - lelf
http://www.coalfire.com/The-Coalfire-Blog/October-2014/Dude-where-is-my-car
======
hiccup
Google cache:
[http://webcache.googleusercontent.com/search?q=cache:cy5Rf1S...](http://webcache.googleusercontent.com/search?q=cache:cy5Rf1StGlQJ:www.coalfire.com/The-
Coalfire-Blog/October-2014/Dude-where-is-my-car&hl=en&gl=us&strip=1)

------
darklajid
It's a strange feeling if I step back for a minute, but reading about exploits
in car entertainment systems got me _excited_, not scared. I wanted this
article to share 'this is how you root your car' style material.

Maybe _that_ reflects badly on the car manufacturers [1], creating expensive
and often obsolete/bad environments, that make me long for a 'root hack'?

1: Audi driver here, but I haven't seen something that didn't feel like a
design from 5 years ago and sluggish like hell in any car so far.

------
lazaroclapp
I am less concerned that it's possible to exploit the entertainment system
from a phone, and far more worried that the it's possible to exploit the
security-critical subsystems from the entertainment system. I realize that the
screen is part of the entertainment system and it sometimes needs to display
information about the car functioning, so it needs to have read access to very
critical systems. But is there any reason for it to have write ability over
any other subsystem at all? Couldn't it just get one-way status updates from
the other subsystems and then simply chose how to display them?

I mean, sure, you can still write an evil car virus that gives the driver
false speed information or hides the fact that the gas is running out. But a)
that still seems less disturbing than an evil car virus that disables your
breaks or pops out an airbag, b) you could always have emergency notification
lights or beeping alarms not integrated with the infotainment system for
really critical conditions (which for the most part, cars already do have).

