I couldn't agree with you more, Duane. There is always that aspect: engineers are aware of potential vulnerabilities but there is that inevitable marketing force, asking engineers to get the products out sooner.
I am not here to blame anyone, but I would love to have open conversation on this topic within the industry (and consumers).
I agree that the EE/SWE needs to be aware of safety/security. But, when management/marketing push a feature/product despite the insight what the worker (Engineer) warns/suggests then the best that can happen is "meet the deadline and functionality" as they are told.
The need is for the general public to push Marketing to make safety/security part of the product spec so that the Engineer can be justified to do things right.
The average EE is aware of security issues and has been for a while, as is the average software engineer. Yet, we still keep seeing vulnerable products. It may be the management and marketing people pushing products out the door so fast that they can't be adequately secured. It may be engineers being complacent or not well versed in security concerns or resolutions. Hard to say, but now, before all of these devices are ubiquitous, is the time to be having this debate.
Now is the time to be alert and aware and addressing future threats. That's my opinion, anyway.
Good intentions do not insure good products. After a decade or two of development, car alarms are still causing false alarms everywhere, every day. Key fobs have hair triggers on the panic button. In cold country, if your engine konks out as you round the first corner, the steering column locks up tight, sending you off the road. Safety First? That little black box mandated in cars next year will be really great. Yeah, really great. I'll be hacking mine with a hatchet.
Thanks for the article. Yes, it's a bit futuristic but many aspects of the auto control are fly by wire these days. On my Civic hybrid, the accelorator is completely fly by wire and the braking is, well, a hybrid system with pressure sensors which engage the regen braking inaddition to the mechanical "base."
Even my 2000 T&C has a network that, among other things, controls the power to the individually powered speakers. So guess what, if you put in an aftermarket radio, you have to bypass this. (in this case, running an accessory power line to the fuse box). Everything from the cab lights to the doors to everything else is under the direction of a microcontroller. However, all power and driving related stuff are still under people control.
The dramatic increase in the number of sensors each year gives testamony to the direction we're going.
Let's hope they don't add self destruct capability!
The LED issue has been known by most of the people I know for almost the entire time that laptops started including integrated cameras (A post-it has been over the camera of every laptop I have ever owned with such a device). The Microphone as well. I am not hiding anything. I am just not broadcasting it either.
The real fun was when a friend forced an "update" to a well known computer that included new firmware for the USB driver chip. That "update" included capture of data if the device is a keyboard HID. The next level of challenge is getting a java script (or HTML5) app that reads this content and conveys it to the snoop server.
IF you want a lot of fun look at Kali Linux (Backtrack Linux) and see how easy it is to do some of that with a PC. If a vehicle has internet access and a known OS then the next step is inevitable.
The landing of large aircraft is done automatically these days by interaction between the runway beacon and the autopilot. The pilots just keep their hands off. We have just seen an example of what happens when something goes wrong.