Breaking News
Comments
Newest First | Oldest First | Threaded View
<<   <   Page 4 / 7   >   >>
Duane Benson
User Rank
Blogger
Re: Cyber security for cars?
Duane Benson   7/16/2013 5:57:42 PM
NO RATINGS
The average EE is aware of security issues and has been for a while, as is the average software engineer. Yet, we still keep seeing vulnerable products. It may be the management and marketing people pushing products out the door so fast that they can't be adequately secured. It may be engineers being complacent or not well versed in security concerns or resolutions. Hard to say, but now, before all of these devices are ubiquitous, is the time to be having this debate.

Now is the time to be alert and aware and addressing future threats. That's my opinion, anyway.

junko.yoshida
User Rank
Blogger
Re: Cautionary
junko.yoshida   7/16/2013 4:05:47 PM
NO RATINGS
I understand your concern. But rest assured, EE Times hasn't gotten down to the level of supermarket tabloids, I hope!

I wrote this story based on the on-going interviews I've done with the automotive chip companies, as well as reading the technical paper published by a group of scientists back in 2011. 

You can read the full paper here:

http://www.autosec.org/pubs/cars-usenixsec2011.pdf  

One of the authors of that paper is Stefan Savage, now the professor at Univ. of Calif., San Diego.

Prof. Savage also joined the conversation at EE Times forum on a separate story I did. You can read his rebuttal comments here -- for those who are unconvinced:

http://www.eetimes.com/document.asp?doc_id=1318871&piddl_msgpage=2#msgs

 

junko.yoshida
User Rank
Blogger
Re: Is it time for emergency stop switches on cars?
junko.yoshida   7/16/2013 3:57:13 PM
NO RATINGS
That is an excellent point. Why wouldn't the auto industry agree on the standardized emergency stop switches? 

It drectly speaks to those who are concerned about the automotive safety!

Doofus
User Rank
Rookie
Even Car Alarms Don't Work Yet
Doofus   7/15/2013 12:04:59 PM
NO RATINGS
Good intentions do not insure good products. After a decade or two of development, car alarms are still causing false alarms everywhere, every day. Key fobs have hair triggers on the panic button. In cold country, if your engine konks out as you round the first corner, the steering column locks up tight, sending you off the road. Safety First? That little black box mandated in cars next year will be really great. Yeah, really great. I'll be hacking mine with a hatchet.

selinz
User Rank
Manager
Re: Cautionary
selinz   7/12/2013 12:34:07 PM
NO RATINGS
Junko,

Thanks for the article. Yes, it's a bit futuristic but many aspects of the auto control are fly by wire these days. On my Civic hybrid, the accelorator is completely fly by wire and the braking is, well, a hybrid system with pressure sensors which engage the regen braking inaddition to the mechanical "base."

Even my 2000 T&C has a network that, among other things, controls the power to the individually powered speakers. So guess what, if you put in an aftermarket radio, you have to bypass this. (in this case, running an accessory power line to the fuse box). Everything from the cab lights to the doors to everything else is under the direction of a microcontroller. However, all power and driving related stuff are still under people control.

The dramatic increase in the number of sensors each year gives testamony to the direction we're going.

Let's hope they don't add self destruct capability!

cdhmanning
User Rank
Rookie
Re: Cautionary
cdhmanning   7/11/2013 9:44:36 PM
NO RATINGS
If this was a supermarket tabloid I would expect them to print rubbish like this. I would not expect EE Times would stoop so low.

EETimes does the industry a great disservice by sensationalising an issue that the industry has known about for years and manages pretty well.

If you read the original paper, you will see that these are "possible" attacks that could theoretically be achieved. They were not achieved except by pypassing all the bridges in the car.

That is like saying that I could possibly steal all the gold in Fort Knox if they left all the doors open and provided me with truck to help carry it away.


Cars do not have attack vectors from the entertainment subsystem into the engine control. Where there is such a data path this is through a bridge which does many things:

1) It only passes legitimate packets. The engine RPM might be sent to the entertainment system to show RPM, but engine control messages are not sent to the engine bus.

2) It limits the message rate to prevent denial of service type attacks.

Cars have multiple buses to partition the system for multiple reasons:

1)  Testing/proving.

2) Limiting denial of service issues (eg. a micro in a door going nuts and flooding the bus with messages).

3) Limiting the impacts of electrical damage (eg. a bus short in the back door should not stop the engine from running).
4) Limiting the ttack surface.

Some of those buses are joined via bridges (think very strict network firewall) that allow some limitied data connectivity, but limiting others.

Having been involved in CAN for at least 15 years, I can say that there is nothing new in this.

 

CAN buses can be easily probed and attacked with a physical presence (ie. hooking up to the CAN bus), but so too can any physical system.

 

fmotta
User Rank
Freelancer
Re: Unconvinced
fmotta   7/10/2013 8:55:26 PM
NO RATINGS
Duane,

    The LED issue has been known by most of the people I know for almost the entire time that laptops started including integrated cameras (A post-it has been over the camera of every laptop I have ever owned with such a device).  The Microphone as well.  I am not hiding anything.  I am just not broadcasting it either.

   The real fun was when a friend forced an "update" to a well known computer that included new firmware for the USB driver chip.  That "update" included capture of data if the device is a keyboard HID.  The next level of challenge is getting a java script (or HTML5) app that reads this content and conveys it to the snoop server.


   IF you want a lot of fun look at Kali Linux (Backtrack Linux) and see how easy it is to do some of that with a PC.  If a vehicle has internet access and a known OS then the next step is inevitable.

 

Jerrysc
User Rank
Manager
Re: I am quite convinced and seen results
Jerrysc   7/10/2013 8:09:14 PM
NO RATINGS
The landing of large aircraft is done automatically these days by interaction between the runway beacon and the autopilot. The pilots just keep their hands off. We have just seen an example of what happens when something goes wrong.

DrQuine
User Rank
CEO
Is it time for emergency stop switches on cars?
DrQuine   7/10/2013 5:27:03 PM
NO RATINGS
It seems an interesting coincidence that remote key fobs and autonomous cars are becoming a reality at the very time that we lose the ability to disable the vehicle ourselves. Every driver used to know that removing the key from the ignition would stop the engine of a misbehaving vehicle (unless the ignition was hotwired). Today experienced drivers riding in a new car may honestly not know how to stop the engine. That seems to be a dangerous turn of events. We have standardized emergency stop switches on escalators and elevators, is it time to implement them on cars as well?

fmotta
User Rank
Freelancer
Re: Cyber security for cars?
fmotta   7/10/2013 4:57:41 PM
NO RATINGS
Part of the problem I see is that the security issues are less interesting and more difficult to address.  And, they impede progress of a desired feature/marketing buzz.

 

So, we will end up with a 3rd party selling a crappy "solution" like norton virus (yes I intentionally omitted their 'anti' as my name is more correct than theirs).  These 3rd party things will attempt to do white-box, generalized, reusable solutions and then we will be installing applications on our cars and suddenly the car will fail to work (as have at least 5 PCs that I know have accepted the most recent norton updates).

 

<<   <   Page 4 / 7   >   >>


Flash Poll
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Engineer's Bookshelf
Caleb Kraft

The Martian: A Delightful Exploration of Math, Mars & Feces
Caleb Kraft
3 comments
To say that Andy Weir's The Martian is an exploration of math, Mars, and feces is a slight simplification. I doubt that the author would have any complaints, though.

The Engineering Life - Around the Web
Caleb Kraft

Surprise TOQ Teardown at EELive!
Caleb Kraft
Post a comment
This year, for EELive! I had a little surprise that I was quite eager to share. Qualcomm had given us a TOQ smart watch in order to award someone a prize. We were given complete freedom to ...

Design Contests & Competitions
Caleb Kraft

Join The Balancing Act With April's Caption Contest
Caleb Kraft
54 comments
Sometimes it can feel like you're really performing in the big tent when presenting your hardware. This month's caption contest exemplifies this wonderfully.

Engineering Investigations
Caleb Kraft

Frankenstein's Fix: The Winners Announced!
Caleb Kraft
8 comments
The Frankenstein's Fix contest for the Tektronix Scope has finally officially come to an end. We had an incredibly amusing live chat earlier today to announce the winners. However, we ...

Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)