
Hundreds of thousands of engine immobilisers hackable over the net - buserror
http://www.theregister.co.uk/2015/12/11/hundreds_of_thousands_of_engine_immobilers_hackable_over_the_net/
======
kbart
All this movement towards "online cars" really worries me as more often than
not, security and privacy lags behind. "Develop&sale fast, patch it later"
philosophy doesn't really work in car industry where human lives are at stake.

~~~
aaronem
Related:
[http://illmatics.com/Remote%20Car%20Hacking.pdf](http://illmatics.com/Remote%20Car%20Hacking.pdf)

I used to think that, however vulnerable this kind of installation might be,
at least it'd be limited in scope to the IFE and climate control stuff,
because no one would be stupid enough to make it possible for the IFE and
climate control stuff to talk to the actual driving controls, if for no other
reason than because there's no sensible excuse for doing so.

Boy, was I optimistic. Now I'm not, but I'm gladder than ever that my car was
made in 1997.

~~~
buserror
I work in 'automotive' software industry, and the trend at the moment is to
have /everything/ running on as few CPUs as they can... That mean the
infotainment and brakes might end up on the same physical die in the near
future...

And when you listen to the people who make that stuff up, and almost sounds
like a good idea ;-)

~~~
x1798DE
Why is this? The marginal cost of electronic components must be miniscule
compared to the production costs of the automobile as a whole...

~~~
buserror
Well it's the 'solution' principle, SoC manufacturers want to provide
something that can do as much as they can to cover the ECU, Infotainment,
dashboard, and every other little bits they can as one single 'package'. The
SoC gets a lot bigger too, since it now need to provide the all around cameras
for example, there's a push to use that power to do 'other stuff'.

A few years back I had a car that had a short when it was raining a lot -- the
(digital) speedo and stuff with reboot -- but the car continues working all
the same...

Soon I don't /know/ what'll happend if the SoC gets compromised (either
maliciously, or just accidentally). I guess we'll have to have a few accidents
for people to 're-discover' that redundancy and the egg+basket principle are a
good idea after all...

