Breaking News
Comments
Newest First | Oldest First | Threaded View
<<   <   Page 4 / 8   >   >>
junko.yoshida
User Rank
Blogger
Re: Cyber security for cars?
junko.yoshida   7/18/2013 8:36:09 AM
NO RATINGS
I couldn't agree with you more, Duane. There is always that aspect: engineers are aware of potential vulnerabilities but there is that inevitable marketing force, asking engineers to get the products out sooner.  

I am not here to blame anyone, but I would love to have open conversation on this topic within the industry (and consumers).

fmotta
User Rank
Freelancer
Re: Cyber security for cars?
fmotta   7/16/2013 6:08:51 PM
NO RATINGS
I agree that the EE/SWE needs to be aware of safety/security.  But, when management/marketing push a feature/product despite the insight what the worker (Engineer) warns/suggests then the best that can happen is "meet the deadline and functionality" as they are told.

The need is for the general public to push Marketing to make safety/security part of the product spec so that the Engineer can be justified to do things right.

Duane Benson
User Rank
Blogger
Re: Cyber security for cars?
Duane Benson   7/16/2013 5:57:42 PM
NO RATINGS
The average EE is aware of security issues and has been for a while, as is the average software engineer. Yet, we still keep seeing vulnerable products. It may be the management and marketing people pushing products out the door so fast that they can't be adequately secured. It may be engineers being complacent or not well versed in security concerns or resolutions. Hard to say, but now, before all of these devices are ubiquitous, is the time to be having this debate.

Now is the time to be alert and aware and addressing future threats. That's my opinion, anyway.

junko.yoshida
User Rank
Blogger
Re: Cautionary
junko.yoshida   7/16/2013 4:05:47 PM
NO RATINGS
I understand your concern. But rest assured, EE Times hasn't gotten down to the level of supermarket tabloids, I hope!

I wrote this story based on the on-going interviews I've done with the automotive chip companies, as well as reading the technical paper published by a group of scientists back in 2011. 

You can read the full paper here:

http://www.autosec.org/pubs/cars-usenixsec2011.pdf  

One of the authors of that paper is Stefan Savage, now the professor at Univ. of Calif., San Diego.

Prof. Savage also joined the conversation at EE Times forum on a separate story I did. You can read his rebuttal comments here -- for those who are unconvinced:

http://www.eetimes.com/document.asp?doc_id=1318871&piddl_msgpage=2#msgs

 

junko.yoshida
User Rank
Blogger
Re: Is it time for emergency stop switches on cars?
junko.yoshida   7/16/2013 3:57:13 PM
NO RATINGS
That is an excellent point. Why wouldn't the auto industry agree on the standardized emergency stop switches? 

It drectly speaks to those who are concerned about the automotive safety!

Doofus
User Rank
Rookie
Even Car Alarms Don't Work Yet
Doofus   7/15/2013 12:04:59 PM
NO RATINGS
Good intentions do not insure good products. After a decade or two of development, car alarms are still causing false alarms everywhere, every day. Key fobs have hair triggers on the panic button. In cold country, if your engine konks out as you round the first corner, the steering column locks up tight, sending you off the road. Safety First? That little black box mandated in cars next year will be really great. Yeah, really great. I'll be hacking mine with a hatchet.

selinz
User Rank
CEO
Re: Cautionary
selinz   7/12/2013 12:34:07 PM
NO RATINGS
Junko,

Thanks for the article. Yes, it's a bit futuristic but many aspects of the auto control are fly by wire these days. On my Civic hybrid, the accelorator is completely fly by wire and the braking is, well, a hybrid system with pressure sensors which engage the regen braking inaddition to the mechanical "base."

Even my 2000 T&C has a network that, among other things, controls the power to the individually powered speakers. So guess what, if you put in an aftermarket radio, you have to bypass this. (in this case, running an accessory power line to the fuse box). Everything from the cab lights to the doors to everything else is under the direction of a microcontroller. However, all power and driving related stuff are still under people control.

The dramatic increase in the number of sensors each year gives testamony to the direction we're going.

Let's hope they don't add self destruct capability!

cdhmanning
User Rank
Rookie
Re: Cautionary
cdhmanning   7/11/2013 9:44:36 PM
NO RATINGS
If this was a supermarket tabloid I would expect them to print rubbish like this. I would not expect EE Times would stoop so low.

EETimes does the industry a great disservice by sensationalising an issue that the industry has known about for years and manages pretty well.

If you read the original paper, you will see that these are "possible" attacks that could theoretically be achieved. They were not achieved except by pypassing all the bridges in the car.

That is like saying that I could possibly steal all the gold in Fort Knox if they left all the doors open and provided me with truck to help carry it away.


Cars do not have attack vectors from the entertainment subsystem into the engine control. Where there is such a data path this is through a bridge which does many things:

1) It only passes legitimate packets. The engine RPM might be sent to the entertainment system to show RPM, but engine control messages are not sent to the engine bus.

2) It limits the message rate to prevent denial of service type attacks.

Cars have multiple buses to partition the system for multiple reasons:

1)  Testing/proving.

2) Limiting denial of service issues (eg. a micro in a door going nuts and flooding the bus with messages).

3) Limiting the impacts of electrical damage (eg. a bus short in the back door should not stop the engine from running).
4) Limiting the ttack surface.

Some of those buses are joined via bridges (think very strict network firewall) that allow some limitied data connectivity, but limiting others.

Having been involved in CAN for at least 15 years, I can say that there is nothing new in this.

 

CAN buses can be easily probed and attacked with a physical presence (ie. hooking up to the CAN bus), but so too can any physical system.

 

fmotta
User Rank
Freelancer
Re: Unconvinced
fmotta   7/10/2013 8:55:26 PM
NO RATINGS
Duane,

    The LED issue has been known by most of the people I know for almost the entire time that laptops started including integrated cameras (A post-it has been over the camera of every laptop I have ever owned with such a device).  The Microphone as well.  I am not hiding anything.  I am just not broadcasting it either.

   The real fun was when a friend forced an "update" to a well known computer that included new firmware for the USB driver chip.  That "update" included capture of data if the device is a keyboard HID.  The next level of challenge is getting a java script (or HTML5) app that reads this content and conveys it to the snoop server.


   IF you want a lot of fun look at Kali Linux (Backtrack Linux) and see how easy it is to do some of that with a PC.  If a vehicle has internet access and a known OS then the next step is inevitable.

 

Jerrysc
User Rank
Manager
Re: I am quite convinced and seen results
Jerrysc   7/10/2013 8:09:14 PM
NO RATINGS
The landing of large aircraft is done automatically these days by interaction between the runway beacon and the autopilot. The pilots just keep their hands off. We have just seen an example of what happens when something goes wrong.

<<   <   Page 4 / 8   >   >>


EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Max Maxfield

Aging Brass: Cow Poop vs. Horse Doo-Doo
Max Maxfield
9 comments
As you may recall, one of the things I want to do with the brass panels I'm using in my Inamorata Prognostication Engine is to make them look really old. Since everything is being mounted ...

EDN Staff

11 Summer Vacation Spots for Engineers
EDN Staff
11 comments
This collection of places from technology history, museums, and modern marvels is a roadmap for an engineering adventure that will take you around the world. Here are just a few spots ...

Glen Chenier

Engineers Solve Analog/Digital Problem, Invent Creative Expletives
Glen Chenier
11 comments
- An analog engineer and a digital engineer join forces, use their respective skills, and pull a few bunnies out of a hat to troubleshoot a system with which they are completely ...

Larry Desjardin

Engineers Should Study Finance: 5 Reasons Why
Larry Desjardin
45 comments
I'm a big proponent of engineers learning financial basics. Why? Because engineers are making decisions all the time, in multiple ways. Having a good financial understanding guides these ...

Flash Poll
Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)