Imagine someone hacks your car... or watch this video and see it for yourself.

https://www.yahoo.com/autos/jeep-cherokee-owners-get-upgrade-after-hackers-124667401327.html

Does anyone develop secure software anymore?

Does anyone develop secure software anymore?

No.

Why? Companies do not want a "secure software" because it will slow down the sales process.... Sales organizations are revenue generator and they pressure IT groups to disable as much security features as possible. They do not care about a hack that may happen next year, because what matters is the bottom line at the end of this month.

And I know a lot of people that want "driverless" cars. Yeah...that'll work out great.

http://market-ticker.org/akcs-www?post=230407

Oh Stop

Toyota has someone on CNBS right now talking (a bit) about security (and hacking) while trying to pump fuel-cell vehicles (which amuses me greatly for thermodynamic reasons.)

The problem is that he says "We're trying very hard to stay ahead of {security issues}."

The way you "stay ahead" of them is to physically airgap the bus that is responsible for life-safety-critical functions such as engine, transmission, brake and steering management (e.g. ABS, traction control, ECU, etc) and any externally-accessible or accessing components such as "infotainment" or "convenience" functions such as door locks.

That has not been done in any of the recent models I've seen. I have a handful of CanBus tools here that I use for both poking around and various diagnostic functions and on the same bus that handles engine management I can typically see signals from convenience functions such as door lock actuation -- and the radio.

This crap started with OnStar and the older AMPS systems in GM vehicles but it has now spread and gotten much worse. OnStar can open your doors and do "remote diagnostics"; the latter means it has access to the engine management CANBUS!

This is where the problem comes from and you can claim you've "security audited" the car but we've seen how well that works over time with your computer and smartphone, right?

The difference is that when your car gets hacked there's a decent chance that you die.

The car manufacturers took this design decision this for both "convenience" and economic reasons. Having a completely-separate bus for life-safety-critical devices costs a few more dollars. Remote diagnostics remains possible if there is a one-way gateway that allows reading data off the engine management bus but not sending commands to it. The problem is that it is not possible to retrofit vehicles in the field where the design decision was made to save a few dollars.

PS: While I really like the economic opportunity this event presents for BlackBerry's QNX -- I note that despite many attempts nobody has managed to break the bootloader and security model on BB10 thus far -- the fact remains that a mistake is always possible in code, and the only means to avoid it is to airgap life-safety-critical components from anything in the vehicle that can be accessed externally. Period.

What models of vehicles are susceptible to this so far? The only new cars I drive are company vehicles and I want to know if there could be an issue.

Now we know what happened to Princess Diana?

What models of vehicles are susceptible to this so far? The only new cars I drive are company vehicles and I want to know if there could be an issue.

As far as I can tell, any 2013+ vehicle with Uconnect feature for this specific hack.

http://market-ticker.org/akcs-www?post=230407

whomever wrote that article isn't very up to date... CANBUS isn't just engine management- it's connected to almost every system on newer cars... allows diagnostics and digital activation of accessories. Anti-lock braking modules, steering servos, engine & transmission management to radios, electric door locks and windows, HVAC, wipers, etc...

As far as I can tell, any 2013+ vehicle with Uconnect feature for this specific hack.

That's my understanding too, but they mention that with more and more cars getting similar features (only name I remember is OnStar), it's very possible others could be hacked as well, just this particular group's not tried it yet.

whomever wrote that article isn't very up to date... CANBUS isn't just engine management- it's connected to almost every system on newer cars... allows diagnostics and digital activation of accessories. Anti-lock braking modules, steering servos, engine & transmission management to radios, electric door locks and windows, HVAC, wipers, etc...

I believe that is his point.

Just that the brakes aren't mechanical is concerning by itself.

Just that the brakes aren't mechanical is concerning by itself.

They are... but if you activate the anti-lock module properly (Improperly?) it can render them essentially useless.

And I know a lot of people that want "driverless" cars. Yeah...that'll work out great.

Every time I hear about self driving cars, I think of this:


http://youtu.be/IjRXyWFLkEY

This will sound counter intuitive but this is a REAL good thing. If these types of issues were not coming out now they would be when cars are more autonomous (driverless). When control can be completely taken out of a drivers control is not the time to be figuring this out. Also.... +2 on a separate bus. This also applies to planes as we recently found out, again in the news, recently.

whomever wrote that article isn't very up to date... CANIBUS isn't just engine management- it's connected to almost every system on newer cars... allows diagnostics and digital activation of accessories. Anti-lock braking modules, steering servos, engine & transmission management to radios, electric door locks and windows, HVAC, wipers, etc...

They have weed in computers?

They have weed in computers?

Winning post! Lol

I just finished the update on our 2015 Jeep. Took about 10 minutes to update, about an hour to download on the web and copy to flash drive etc.