Smart Car Attacks

5/24/2010 2:05 PM EDT

Nothing will happen until some kind of disaster occurs. Then, the reaction will be a huge 180 kneejerk reaction in the opposite direction.

Thus is the state of human nature

5/25/2010 7:46 AM EDT

Hey Jack, nice points here. In the present time, more and more care must be taken to avoid removing some key control points from the mechanical simplicity that always has been done efficiently: braking. The idea of a non functional brake caused by a "software bug" scares me a lot. As an example, ABS breaks should have a kind of independent, atomic, automatic "watch dog" that would let the breaks working pedal only in case of embedded system failure, and I think we are far, far away ( :-) ) from having a reliable control system that would fully replace the "old" mechanical solutions for braking. This is just one example where people want to complicate things "just for fun".

Lissandro, Computer engineer, embedded software and systems since 1994.

5/25/2010 9:40 AM EDT

I distrust electronically connected cars for a different reason.

I bought a used "gadgety" high end car that rhymes with hack. After a year, I spent $600 to be able to start the car because the anti theft electronics malfunctioned. (The car had to be towed!)
I can not set the preset for the automatic set adjustment, which is tied to the 1st and 2nd set of keys.
The dashboard does not light at night because a sensor failed, and there is no override. Thus I have to point a flashlight at the speedometer. The automatic headlights, a.k.a. twilight sentinel, no longer works either.
The automatic door lock/unlock also does not work.
The great computer randomly gives me false positives and false negatives on fluid levels. I also can not recharge the A/C because it shuts off the compressor, which you need running in order to refill it.

Not only do I have to incur expense and deal with the frustration of an inferior design; I also have to pay taxes to bail out the manufacturer.

Perhaps all these problems are a result of poor electro/mechanical design and not firmware, but in this case, the firmware has no manual override, and it gets in the way of an otherwise functional car.

5/26/2010 6:06 AM EDT

well in my opinion, the critical functions like brakes shud nvr be acceible over the com links anyway .. nor shud their functionality be trusted to a processing element which has other things to do .. these shud be catered to by a dedicated MCU which can have a very restricted communication link to a central MPU.
but frankly speakin if not complex things like regenerative braking or ABS is involved, i wud rather stick to a mechnical rod !!

5/27/2010 8:41 AM EDT

I think it's a little bit silly to presume someone will go around connecting a device to your vehicle in order to do harm via the "security weaknesses" in the various subsystems.

Not exactly a pressing issue!

5/27/2010 8:44 AM EDT

I should not I meant "unless someone should go around connecting to your vehicle..."

Also, sometimes a basic electromechanical system is FINE and RELIABLE vs. a more complex design. There are quite a few drawbacks to increasing the complexity of a vehicle's design.

6/2/2010 4:32 AM EDT

On railways the critical safety systems are doubled or tripled. Sometimes even the software run on the redundant functional blocks must be original (written by different person and using different algorithms) so that the possibility of software failure could be reduced. The price of this extra safety is increasing the probability of "fault", when you have three systems where the function could be done by one. The advantage is that you really know when something goes wrong.

Of course, nothing is quite safe in the case of deliberate attack, but having trippled the critical busses and critical systems would make the attack much harder. However, I think that the main failure of car producers and road operators now is not the passive embedded safety, but the lack of integrated active safety systems. For example, in a train you know the state of traffic lights few kilometers before you can physically see them ...

6/2/2010 12:58 PM EDT

For quite a few years, already, thieves have been able to copy the RKE signals and get into cars. Now with OBD2 they will be able to shut down a car in order to hijack it. WHO wants to be responsible for that? Once the door is opened to outsiders, by means of RF communications, or perhaps IR, security will no longer exist. It will be an era that makes the Toyota Unexplained Accelerations seem like "the good old days". The best choice is, and will continue to be, to have NO communications with the busses accessible from outside. Limit all of this inter-vehicle communication to verbal communication with drivers. Sort of like CB radio, only perhaps shorter range and some means to limit noise. It would need to include an identity signal, though, to avoid being abused by those who choose anonymous abuse as their entertainment.

6/11/2010 3:53 AM EDT

This electronic control unit has several advantages as well, but its price is quite expensive. Getting a loan still could be more affordable than attempting to preserve an auto older than 1970. As years have gone on, more and more automobiles are utilizing digital" target="_blank" style="">href="http://www.cardealexpert.com/news-information/the-expert-explains/electronic-control-units/">digital controls; initially started in the 70's. From the anti-lock brakes to the fuel injection systems ECU, digital control units, are the key factor in functioning ability. Besides comfort and efficiency, these controls can cause prices to sky rocket. These chips aren't cheap and a big amount of money might be required to cover the price of fixing one particular of these if they break.