There are two talks coming up at DEFCon 21 and BlackHAT in the next couple weeks on car hacking. Both should really help to get people understanding the risks and possibilities in this area and why addressing security should be as important as it is for all other control systems.
I ran across this short YouTube video published recently by one of the speakers, he demos control of steering:
I am not so sure that I am comfortable with a trust element buried deep inside the car. Personally, I would prefer to have it accessible and removable or even remotely accessed. A paradigm where my authorizations were in my cell phone might even be attractive. Yes, it opens up other issues, but at least I can loan or sell my car without worrying about giving away my credit card numbers in the process.
At a minimum it needs two-factor authentication. Biometric identification built into the car could be useful along those lines, given that cars gain from personalization anyway. There also needs to be secure wipe and authorization lock in the system.
Thanks for this article, but I think it is a neat idea to start talking about auto security. Why do we have to always experienced any real-life disasters as a result of car hacking? Yes, we need to keep in mind the Edwards Deming Theory, try to get things right the first time.
The article is very nicely discussing about the security requirement, and the electronic component manufacturing companies are also trying hard ot implement better securities. But equally on the other side it is turning out that the customers will have to be dependent only on the OEMs. The entire business of spares will be getting centred around Original Manufacturers. This also leads to unavailability of the parts in the distant region globally.
Okay, I concede. Interesting paper. I don't think car thieves would have the ability to do the reverse engineering that you did and I don't think engineers would sell that information to the thieves, so we are relatively safe. I expect the automotive manufacturers to take notice and improve their security. Thank you for the education.