Automobile security is a new fast developing market with all the mobility and infotainment. It is very refreshing that TI and co are not leaving that for firms like Bosch, TRW, and Conti to dominante as has been the case in many automotive areas. Now, they are moving fast.
I agree, goafrit. Even more interesting to me is that a lot of security issues chip companies have learned by working with other industries --computers, smartcards, mobiles -- are now becoming very relelvant and applicable to the automotive market.
Perhaps it's just me. I tend to get exasperated when this topic keeps piling on the various security holes as if they were all critical. Hacking via a physical connection to the OBD-II port, or hacking into the infotainment system to change the station, or hacking into the telematics system to see how fast you're going, are no more of a threat than someone listening in on your cell phone conversation. That can happen too, yet we're not making a huge deal about it.
On this topic, it is just this sort of sensationalism that turns me off. I wouldn't be surprised if others feel the same way.
On the other hand, the real threats are to the critical systems, as I've suggested in the past, i.e. brakes, steering, and lastly throttle, and in particular with a remote wireless link. Not physical connection to OBD-II, even though these articles keep insisting that should count too. As many have said, an inside the car physical sabotage can take such a gymongous variety of types that it strains credulity to give an electronic attack any emphasis. It just sounds like a desire to sensationlize. So let's focus.
It seems that at least one car model allows disabling of the brakes via a remote wireless link. To me, that's inexcusable. The steering vulnerability that was uncovered, on the other hand, appears to be manually overridable. That's good design, and why not mention that explicitly?
I'm not denying the importance of introducing more security protocols into automobile electronics as these become more interconnected and pervasive. Just asking to increase the signal to noise ratio, as it were.
There is currently a market for reprogramming performance aspects of engine controllers such as emission controls. This is mostly done in professional race circuits, but it is also an aspect of high-end street racing. It looks like this may eventually become a victim of increased emphasis on security as automotive networks get locked down. This is similar to Linux's problems with UEFI BIOS on PCs, where security concerns removes some degree of what a user can do with something that they own.
Will this extend to other third-party add-ons as well? Will a third-party stereo be able to get access to light levels or other information that a user might want it to? Will that be a big concern for car companies that have never liked third-party add-ons anyway?
Bert, it's unfortunate you see the story going after "sensationalism." As I talk to different automotive technology suppliers, though, this is high on their mind. I see my job is to "report" what their next steps are.
One TI official pointed out (see in the page 2 of this article), though, that someone remotely fiddling with your car audio shouldn't be entirely taken lightly. It could cause a havoc, confusion and chaos.
TI should find something more productive for its employees to do.
Who cares if you can physically wire some modification to control the car? Its all a bunch of overhyped sensationalism. I can also 'hack' into it by dropping a brick on the pedal and make it magically accelerate. I can also keep it from starting by disconnecting or "Hacking" the battery cable!
Show me how to control an off-the-shelf car remotely without making any physical modifications then I will be impressed.
I think remotely controlled cars are not the problem that I fear. I fear to buy me one day a car with a manipulated speedometer or that a hacker steals my car. I remember an article where thieves used the LIN bus interface of a car mirror to open the doors.
In my opinion the car security has to be taken more seriously than the mobile phone security. In case of the breach of security in a mobile phone there could be an identity theft resulting in financial loss and may be the loss of private information. But in case of car it is a matter of somebody's life putting in danger if a critical system in the car is compromised.