Embedded Systems Conference
Breaking News
Newest First | Oldest First | Threaded View
<<   <   Page 4 / 8   >   >>
User Rank
Re: Cyber security for cars?
junko.yoshida   7/18/2013 8:36:09 AM
I couldn't agree with you more, Duane. There is always that aspect: engineers are aware of potential vulnerabilities but there is that inevitable marketing force, asking engineers to get the products out sooner.  

I am not here to blame anyone, but I would love to have open conversation on this topic within the industry (and consumers).

User Rank
Re: Cyber security for cars?
fmotta   7/16/2013 6:08:51 PM
I agree that the EE/SWE needs to be aware of safety/security.  But, when management/marketing push a feature/product despite the insight what the worker (Engineer) warns/suggests then the best that can happen is "meet the deadline and functionality" as they are told.

The need is for the general public to push Marketing to make safety/security part of the product spec so that the Engineer can be justified to do things right.

Duane Benson
User Rank
Re: Cyber security for cars?
Duane Benson   7/16/2013 5:57:42 PM
The average EE is aware of security issues and has been for a while, as is the average software engineer. Yet, we still keep seeing vulnerable products. It may be the management and marketing people pushing products out the door so fast that they can't be adequately secured. It may be engineers being complacent or not well versed in security concerns or resolutions. Hard to say, but now, before all of these devices are ubiquitous, is the time to be having this debate.

Now is the time to be alert and aware and addressing future threats. That's my opinion, anyway.

User Rank
Re: Cautionary
junko.yoshida   7/16/2013 4:05:47 PM
I understand your concern. But rest assured, EE Times hasn't gotten down to the level of supermarket tabloids, I hope!

I wrote this story based on the on-going interviews I've done with the automotive chip companies, as well as reading the technical paper published by a group of scientists back in 2011. 

You can read the full paper here:


One of the authors of that paper is Stefan Savage, now the professor at Univ. of Calif., San Diego.

Prof. Savage also joined the conversation at EE Times forum on a separate story I did. You can read his rebuttal comments here -- for those who are unconvinced:



User Rank
Re: Is it time for emergency stop switches on cars?
junko.yoshida   7/16/2013 3:57:13 PM
That is an excellent point. Why wouldn't the auto industry agree on the standardized emergency stop switches? 

It drectly speaks to those who are concerned about the automotive safety!

User Rank
Even Car Alarms Don't Work Yet
Doofus0   7/15/2013 12:04:59 PM
Good intentions do not insure good products. After a decade or two of development, car alarms are still causing false alarms everywhere, every day. Key fobs have hair triggers on the panic button. In cold country, if your engine konks out as you round the first corner, the steering column locks up tight, sending you off the road. Safety First? That little black box mandated in cars next year will be really great. Yeah, really great. I'll be hacking mine with a hatchet.

User Rank
Re: Cautionary
selinz   7/12/2013 12:34:07 PM

Thanks for the article. Yes, it's a bit futuristic but many aspects of the auto control are fly by wire these days. On my Civic hybrid, the accelorator is completely fly by wire and the braking is, well, a hybrid system with pressure sensors which engage the regen braking inaddition to the mechanical "base."

Even my 2000 T&C has a network that, among other things, controls the power to the individually powered speakers. So guess what, if you put in an aftermarket radio, you have to bypass this. (in this case, running an accessory power line to the fuse box). Everything from the cab lights to the doors to everything else is under the direction of a microcontroller. However, all power and driving related stuff are still under people control.

The dramatic increase in the number of sensors each year gives testamony to the direction we're going.

Let's hope they don't add self destruct capability!

User Rank
Re: Cautionary
cdhmanning   7/11/2013 9:44:36 PM
If this was a supermarket tabloid I would expect them to print rubbish like this. I would not expect EE Times would stoop so low.

EETimes does the industry a great disservice by sensationalising an issue that the industry has known about for years and manages pretty well.

If you read the original paper, you will see that these are "possible" attacks that could theoretically be achieved. They were not achieved except by pypassing all the bridges in the car.

That is like saying that I could possibly steal all the gold in Fort Knox if they left all the doors open and provided me with truck to help carry it away.

Cars do not have attack vectors from the entertainment subsystem into the engine control. Where there is such a data path this is through a bridge which does many things:

1) It only passes legitimate packets. The engine RPM might be sent to the entertainment system to show RPM, but engine control messages are not sent to the engine bus.

2) It limits the message rate to prevent denial of service type attacks.

Cars have multiple buses to partition the system for multiple reasons:

1)  Testing/proving.

2) Limiting denial of service issues (eg. a micro in a door going nuts and flooding the bus with messages).

3) Limiting the impacts of electrical damage (eg. a bus short in the back door should not stop the engine from running).
4) Limiting the ttack surface.

Some of those buses are joined via bridges (think very strict network firewall) that allow some limitied data connectivity, but limiting others.

Having been involved in CAN for at least 15 years, I can say that there is nothing new in this.


CAN buses can be easily probed and attacked with a physical presence (ie. hooking up to the CAN bus), but so too can any physical system.


User Rank
Re: Unconvinced
fmotta   7/10/2013 8:55:26 PM

    The LED issue has been known by most of the people I know for almost the entire time that laptops started including integrated cameras (A post-it has been over the camera of every laptop I have ever owned with such a device).  The Microphone as well.  I am not hiding anything.  I am just not broadcasting it either.

   The real fun was when a friend forced an "update" to a well known computer that included new firmware for the USB driver chip.  That "update" included capture of data if the device is a keyboard HID.  The next level of challenge is getting a java script (or HTML5) app that reads this content and conveys it to the snoop server.

   IF you want a lot of fun look at Kali Linux (Backtrack Linux) and see how easy it is to do some of that with a PC.  If a vehicle has internet access and a known OS then the next step is inevitable.


User Rank
Re: I am quite convinced and seen results
Jerrysc   7/10/2013 8:09:14 PM
The landing of large aircraft is done automatically these days by interaction between the runway beacon and the autopilot. The pilots just keep their hands off. We have just seen an example of what happens when something goes wrong.

<<   <   Page 4 / 8   >   >>

Most Recent Comments
David Ashton
Most Recent Messages
7:46:09 PM

Drones are, in essence, flying autonomous vehicles. Pros and cons surrounding drones today might well foreshadow the debate over the development of self-driving cars. In the context of a strongly regulated aviation industry, "self-flying" drones pose a fresh challenge. How safe is it to fly drones in different environments? Should drones be required for visual line of sight – as are piloted airplanes? Join EE Times' Junko Yoshida as she moderates a panel of drone experts.

Brought to you by

July 16, 1pm EDT Thursday
IoT Network Shoot Out
Top Comments of the Week
Flash Poll
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
Special Video Section
LED lighting is an important feature in today’s and future ...
Active balancing of series connected battery stacks exists ...
After a four-year absence, Infineon returns to Mobile World ...
A laptop’s 65-watt adapter can be made 6 times smaller and ...
An industry network should have device and data security at ...
The LTC2975 is a four-channel PMBus Power System Manager ...
In this video, a new high speed CMOS output comparator ...
The LT8640 is a 42V, 5A synchronous step-down regulator ...
The LTC2000 high-speed DAC has low noise and excellent ...
How do you protect the load and ensure output continues to ...
General-purpose DACs have applications in instrumentation, ...
Linear Technology demonstrates its latest measurement ...
Demos from Maxim Integrated at Electronica 2014 show ...
Bosch CEO Stefan Finkbeiner shows off latest combo and ...
STMicroelectronics demoed this simple gesture control ...
Keysight shows you what signals lurk in real-time at 510MHz ...
TE Connectivity's clear-plastic, full-size model car shows ...
Why culture makes Linear Tech a winner.
Recently formed Architects of Modern Power consortium ...
Specially modified Corvette C7 Stingray responds to ex Indy ...