REGISTER | LOGIN
Breaking News
Teardown

Topic Teardown: Connected Cars' Pros & Cons

4/28/2015 03:44 PM EDT
11 comments
Page 1 / 10 Next >
More Related Links
View Comments: Newest First | Oldest First | Threaded View
Page 1 / 2   >   >>
Bert22306
User Rank
Author
Re: Let's break down the issues
Bert22306   4/30/2015 8:16:38 PM
NO RATINGS
It's true that as long as the systems are isolated from each other, e.g. ABS or stability control, there should be no issue with remote hacking. Assuming the design is correct, of course. Same goes with those new proximity auto-braking schemes. They too should be isolated, internal loops, using only on-board sensors.

If the first implementions of V2V comms are only to provide driver assistant alerts, which is supposed to be the case, then the V2V link has no business having any path to the steering or braking systems, or throttle. I think of steering and braking as being the principle safety-related systems, though, which have to be kept super secure.

The potential problems will begin when autonomous driving starts to use these V2V or even V2I links. That's when a hacker could create false scenarios, to make a car swerve, or brake suddenly, or accelerate, for no valid reason. Such as, send messages from a fictitious car directly in front of you, and cause your car to slam on the brakes.

I think that proper defense against that sort of thing is what a lot of new network security systems are addressing. Including intrusion detection systems which use heuristics to determine if there are bogus messages flowing around in the system. And of course, authentication and encryption.

The best thing to do, at this point, is "baby steps." One thing at a time, please, automakers. And the other point is, let's not forget just how vulnerable we already are today, subject to the vagueries of the most unpredictable controls ever. Human, distractable drivers, totally capable of ruining your day. For all the times I hear people going on about how "there's no way a machine can do this as well as a human," I beg to differ.

elizabethsimon
User Rank
Author
Re: Let's break down the issues
elizabethsimon   4/30/2015 1:00:56 PM
I recently read an article about thieves breaikng into cars using the keyless entry system.

http://www.networkworld.com/article/2909589/microsoft-subnet/thieves-can-use-17-power-amplifier-to-break-into-cars-with-remote-keyless-systems.html

If automakers are so lax on security that thieves can break into a car using a simple and inexpensive device, I'm NOT going to trust them to do a good job on hardening their communications between cars.

 

 

 

 

Phluph
User Rank
Author
Customers want it?
Phluph   4/30/2015 9:19:32 AM
NO RATINGS
Um, in my book the 25% figure mentioned is more like *some* customers want the connectivity meaning nearly 75% DO NOT.

TimW!
User Rank
Rookie
Re: Let's break down the issues
TimW!   4/29/2015 2:22:05 PM
NO RATINGS
The brake assistant (to slam the brakes) can only be electronically activated when the driver is braking.

This statement is not correct.  My new car has Intellegent Cruise Control and Automatic Break Assist.  With either of these systems on, my car will 'Slam' on the breaks if the car in front of me stops suddenly.  I know this from actual experience.

junko.yoshida
User Rank
Author
Re: Let's break down the issues
junko.yoshida   4/29/2015 9:02:50 AM
NO RATINGS
@boblespam, thanks for responding to the story and sharing your perspectives. Much appreciate it.

However, I do have a few disagreements and a few clarifications to make, but let's take on the biggest issue first.

We often see the similar argument that attackers must have physical access to do "remote" hacking (therefore, it isn't really "remote" hacking). Obviously it is a prevailing notion, but I think it is also debunked. Pls refer to the 2011 technical paper written by a joint team of researchers from Univ. of Calif., San Diego and researchers from Univ. of Washington.

http://www.autosec.org/publications.html

The paper is entitled:

Comprehensive Experimental Analyses of Automotive Attack Surfaces

Stefan Savage, one of the authors of this paper, and now professor in the Systems and Networking Group at the Univ. of California, San Diego, chimed into EE Times' msg forum previously, and wrote this:

When we first did our research in 2010, we got the same reaction "hey, you had physical access, that's not a real threat... if you have physical access you can do anything".  We then published a second paper in 2011 in which we demonstrated remote control (e.g., turning on/off the brakes on demand) at arbitrary distance with no prior physical access (i.e., unaltered vehicle).  In spite of this work (see autosec.org) there is still substantial confusion around a number of points:
1) that there is an "air gap" between critical and non-critical systems in vehicles.
This is generally not true and thus, if you can subvert a bridging ECU (which we demonstrated) you can in fact go from a radio compromise to taking over the brakes.


2) that wireless vulnerabilities don't exist.  We demonstrated multiple remote wireless compromises in a very popular vehicle platform.

While I agree that the risk of an individual being a victim of car hacking is very low, I think its a mistake to minimize the reality -- which is that these systems have not traditionally been well harrdened against security threats and they suffer from an expanding attack surface.  This is something that is getting attention precisely because it deserves it.

You can read a long thread of back and forth among our readers on this topic at the end of the story posted here:

http://www.eetimes.com/author.asp?section_id=36&doc_id=1319165

                           

Blog Voyage
User Rank
Freelancer
Connected cars ?
Blog Voyage   4/29/2015 5:14:56 AM
NO RATINGS
"Connected Cars" could mean many things to many people. It's really hard to define excatly.

boblespam
User Rank
Author
Re: Let's break down the issues
boblespam   4/29/2015 4:21:38 AM
NO RATINGS
I work in the field of car automation, security and safety and when I read in details the technical reports you're talking about, Junko, I can not help but wonder who benefits from these alerts.

"Since white hats began demonstrating that they can take over cars' digital systems to slam on the brakes or hijack the steering": not true: the attacks done in the report you mention in your article are not remote, you have to tweak quite deep in the car wiring (not only on the OBD port) to be able to electronically brake to ONLY slow down gradually the car. Not 'slam' on the brakes.

The brake assistant (to slam the brakes) can only be electronically activated when the driver is braking.

A hacker can hijack the steering on cars, but not remotely and only at speed < 5MPH and most of the time only in reverse or with small angles (mimicking the Lane Keep Assist feature or the Auto-Park feature for the cars which have it). In any case the driver can overcome the electric steering.

"Alas, cars today are "un-patchable," said Williams." Not true, today cars are software patched at the dealer's shop.

"Today, there is no intrusion detection system available for cars.": not true, in all french cars I know, real-time CAN-bus monitoring is implemented and fail-safe processes are used in case of CAN-bus attack or total failure.

"Drivers have come to rely on these new technologies, but unfortunately the automakers haven't done their part to protect us from cyber-attacks or privacy invasions. ": automaker didn't protect the cars from cyber attack on previous generation of cars because it wasn't necessary: steering, braking and transmission wasn't connected at all (even the ABS ECU wasn't connected). Now that they are connected, protections are being implemented.

The funny thing is that you don't need to call yourself a hacker to do all of this when you have physical access to the car: just take a pair of cutting plier and cut the brake hoses: it more efficient, faster and costs less... but ther's no hype in doing it and no money to make in conferences or surveys about that.

 

JThermond
User Rank
Rookie
Re: Let's break down the issues
JThermond   4/28/2015 9:53:31 PM
NO RATINGS
Excellent piece. We have appetite for more.

JThermond
User Rank
Rookie
Re: Let's break down the issues
JThermond   4/28/2015 9:52:26 PM
NO RATINGS
Agreed. Big mismatch between sophistication of the threat vectors versus the strength and breadth of the defense. Concerning. Very.

zeeglen
User Rank
Author
Re: Let's break down the issues
zeeglen   4/28/2015 7:47:14 PM
NO RATINGS
@Junko "Connected Cars" could mean many things to many people.

I believe "connected cars" was a fantastic idea - starting from back in the early 1800's when they were called "railroads".  A locomotive and a long train of cars physically connected together.

The future concept of virtually connected cars? BAD idea.  No machine can outperform a human when it comes to anticipating and compensating for the multiple unexpected events that can take place on the roadways - as long as the human has the damn killphone turned off.

Even now my computers at work and at home sometimes go bonkers and need reboot - I do not need to deal with that or hackers at 100KPH.  There is no way software can ever be bug free or completely secure.

Page 1 / 2   >   >>

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed