> What do we know about computer security and physical access? If I can touch the machine, I can hack and own it.
It’s not the 2000s any more. Even national security agencies have trouble with phone decryption, and that suggests a path forward for cars using a tamper-resistant secure element since car thieves won’t spend more money attacking something than they can resell it for. Cars need service regularly you can have a way to replace a damaged SE which is more restricted so a legitimate owner can regain control of their stolen property - if you required, say, a government photo ID check for the owner on the title to reset the encryption keys, car thieves are highly unlikely to spend time getting high-quality fake ID since the odds of getting caught would go up dramatically, and you could deter shady auto shops by requiring them to submit proof of their ID verification for that service.
Yes, because the current design is lax. Now think about what happens if the engine computer won’t start with a bad signature or the entertainment system won’t work. How would that affect the overseas market?
Again, all of those lower the value to the thieves. If they need to create a custom engine controller, they’re going to need to pay a lot more than the $0 they currently spend. If they need to replace the entertainment system, the cost of doing so will cut into their margin.
Don’t make the mistake of thinking that a system needs to be perfect to be worthwhile.
I think you're in a desktop computer "whole product is one computer" moddel. A car is a set of computers, almost nothing in a car is central to itself.
There's probably a body controller ECU that ties into engine ECU and driver's key systems. So theives would just generate and flash a new key/cert, that'll be certainly possible.
Infotainment? That's almost literally an aftermarket parts. American reviewers tend to see it as integral part of a car or even a central computer, surely it's important in terms of product experience but architecturally it's more like a printer over Ethernet than a laptop integrated display.
> There's probably a body controller ECU that ties into engine ECU and driver's key systems. So theives would just generate and flash a new key/cert, that'll be certainly possible.
This sounds like the old desktop mentality you mentioned. You can’t just reflash things to bypass a secure boot process – the entire point is to prevent things like that! You’d design the driver’s key to pair with the various onboard systems and those systems to do a challenge-response cycle during the boot process so someone can’t easily drive away without the key or resell those parts, with both sides using a private key which never leaves that component. Yes, that kind of design can still be attacked but the goal here is to make it more expensive than it’s worth: needing a flatbed to take it somewhere for a rogue EE to work on it, for example, just isn’t going to make sense except for the most expensive luxury vehicles.
This brings me to:
> Infotainment? That's almost literally an aftermarket parts.
Yes, and those cost money. The entire point is that you don’t need to make it perfect, just expensive. If someone has to replace the display and speakers, that means they’re making less profit on the sale and making it more obvious that the vehicle was stolen which increases risk and reduces the number of buyers, especially for the most valuable vehicles.
> This sounds like the old desktop mentality you mentioned. You can’t just reflash things to bypass a secure boot process – the entire point is to prevent things like that!
The actual real problem I failed to explain is manufacturers don't want to deal with networked authentication, broken physical keys, or day-to-day repair shop operations, so they keep most of the processes offline and send out re-pairing tools that leaks. Very few cars require breaking chain of trust to swap out parts which makes "If they need to create a custom engine controller, ..." part unrealistic as of now. It takes few more years before Apple starts delivering cars.
I work in medical devices. It's no longer sufficient to throw up your hands and assume "well, they have their hands on the device, we can't stop them from doing anything." The new cybersecurity guidance anticipates an attacker having physical access to your Device and you are expected to understand and mitigate any impact that can have.
The FDA should be less strict with their cybersecurity stuff. The amount of lives lost to the increased cost of care is not worth the increase in cybersecurity.
If medical devices have just enough security to stop people who don't have physical access to the device, just enough to make attacks at scale unfeasible, then that should be good enough IMO.
> What do we know about computer security and physical access? If I can touch the machine, I can hack and own it.
Can you hack and own my fully patched Pixel phone? Or my GF's iPhone? Sure, sophisticated state-sponsored actors can sometimes do it by burning several million dollars worth of 0days in the process, but some two-digit IQ riff-raffs? Probably not so much.
EDIT: just to be clear - by "two-digit IQ riff-raff" I meant OP's neighborhood car thieves, not you :)
Phone thieves will watch over peoples shoulders for them to input a passcode, which isn't that dissimilar to a lot of the replay/signal extension attacks.
A lot of damage can be done and things successfully owned without needing to hack or exploit the device (car/phone).
> Phone thieves will watch over peoples shoulders for them to input a passcode, which isn't that dissimilar to a lot of the replay/signal extension attacks.
You have any reference regarding how prevalent that is? Everyone I know switched to biometrics a decade ago.
This is done by organized crime with engineers on staff. Sure it’s drug addicts stealing cars but the people shipping them are smart and have access to capital.
I agree, but that brings us back to my original question: why can't same smart organized crime people unlock my smartphone then? Because Apple/Google give a damn about security and car manufacturers do not.
Also: When your phone or computer is hacked, most people think "Wow, the device is flawed." But when your car gets stolen, most people think "Wow, we should stop those criminals." Apple/Google are incentivized to give a damn about security because incidents reflects poorly on their products. We need to start making thefts via security exploits reflect poorly on the car manufacturers and their products.
People will buy a $150,000 SUV for 50k and they can still make money. Phones have less incentive and Apple is going to be better at bricking the phones than carmakers will.
Apple and Google don't sell insecure cheap phones, but lots of other manufacturers do.
I suppose organized crime doesn't systematically take advantage of that because cheap phones are cheap, and the people who own them are poor. You don't get that much benefit from pwning them.
Alternatively, maybe organized crime does take advantage of them but we haven't heard about it. They could have a giant botnet of them for all we know.
a couple of years ago it wasn’t uncommon for victims of phone theft in the UK to end up flooded with iCloud phishing messages to try gain access to their iCloud account and unblock the device so it wasn’t totally worthless for resale.
I still see a lot of iCloud phishing messages, but also understand that Apple has made this vector harder.
Except for you know, the technology of a physical car keys and an immobilizer. There's a reason it's the keyless entry start/stop button cars that are being targeted by thieves, it's simply so much easier.
The frustrating thing is that new cars are being produced that _only_ offer keyless entry, and so eventually the choice is taken away or you have to drive a very old car.
What do we know about computer security and physical access? If I can touch the machine, I can hack and own it.
No level of technology will stop this.
But cutting off the profit motive by making it very hard to export cars will have a massive impact on these crimes, and for old and new cars.