The average EE is aware of security issues and has been for a while, as is the average software engineer. Yet, we still keep seeing vulnerable products. It may be the management and marketing people pushing products out the door so fast that they can't be adequately secured. It may be engineers being complacent or not well versed in security concerns or resolutions. Hard to say, but now, before all of these devices are ubiquitous, is the time to be having this debate.
Now is the time to be alert and aware and addressing future threats. That's my opinion, anyway.
Good intentions do not insure good products. After a decade or two of development, car alarms are still causing false alarms everywhere, every day. Key fobs have hair triggers on the panic button. In cold country, if your engine konks out as you round the first corner, the steering column locks up tight, sending you off the road. Safety First? That little black box mandated in cars next year will be really great. Yeah, really great. I'll be hacking mine with a hatchet.
Thanks for the article. Yes, it's a bit futuristic but many aspects of the auto control are fly by wire these days. On my Civic hybrid, the accelorator is completely fly by wire and the braking is, well, a hybrid system with pressure sensors which engage the regen braking inaddition to the mechanical "base."
Even my 2000 T&C has a network that, among other things, controls the power to the individually powered speakers. So guess what, if you put in an aftermarket radio, you have to bypass this. (in this case, running an accessory power line to the fuse box). Everything from the cab lights to the doors to everything else is under the direction of a microcontroller. However, all power and driving related stuff are still under people control.
The dramatic increase in the number of sensors each year gives testamony to the direction we're going.
Let's hope they don't add self destruct capability!
The LED issue has been known by most of the people I know for almost the entire time that laptops started including integrated cameras (A post-it has been over the camera of every laptop I have ever owned with such a device). The Microphone as well. I am not hiding anything. I am just not broadcasting it either.
The real fun was when a friend forced an "update" to a well known computer that included new firmware for the USB driver chip. That "update" included capture of data if the device is a keyboard HID. The next level of challenge is getting a java script (or HTML5) app that reads this content and conveys it to the snoop server.
IF you want a lot of fun look at Kali Linux (Backtrack Linux) and see how easy it is to do some of that with a PC. If a vehicle has internet access and a known OS then the next step is inevitable.
The landing of large aircraft is done automatically these days by interaction between the runway beacon and the autopilot. The pilots just keep their hands off. We have just seen an example of what happens when something goes wrong.
It seems an interesting coincidence that remote key fobs and autonomous cars are becoming a reality at the very time that we lose the ability to disable the vehicle ourselves. Every driver used to know that removing the key from the ignition would stop the engine of a misbehaving vehicle (unless the ignition was hotwired). Today experienced drivers riding in a new car may honestly not know how to stop the engine. That seems to be a dangerous turn of events. We have standardized emergency stop switches on escalators and elevators, is it time to implement them on cars as well?
Part of the problem I see is that the security issues are less interesting and more difficult to address. And, they impede progress of a desired feature/marketing buzz.
So, we will end up with a 3rd party selling a crappy "solution" like norton virus (yes I intentionally omitted their 'anti' as my name is more correct than theirs). These 3rd party things will attempt to do white-box, generalized, reusable solutions and then we will be installing applications on our cars and suddenly the car will fail to work (as have at least 5 PCs that I know have accepted the most recent norton updates).