Chris Roberts, who's claims to fame include taking over the thrust control of an airplane via the in flight entertainment system, spoke at length about the lack of security on less expensive vehicles. With the electronics of cars and trucks becoming more and more complex and interactive, new threats are appearing almost daily and almost nothing is being done about it. Car manufacturers will need to set up a method to update the software running on their vehicles, especially considering the fact that current laws make it illegal for owners to install patches on their own.
The terrifying part is that he told The Register that the automobile industry is far ahead of all other transportation industries; apart from Tesla, the last newsworthy software update involved fudged emissions, not security enhancements.
"I put a network sniffer on the big truck to see what it was sharing. Holy crap! The GPS, the telemetry, the tracking. There's a lot of data this thing is sharing."
Here is some more Tech News from around the web:
- Tattoo your 3D Prints with Velocity Painting @ Hackaday
- Uh-oh. Boffins say most Android apps can slurp your screen – and you wouldn't even know it @ The Register
- What I’ve learned from nearly three years of enterprise Wi-Fi at home @ Ars Technica
- Anda Seat Assassin King Gaming Chair Review @ Neoseeker
- Netflix is Testing a New 'Ultra' Tier of Service @ Slashdot
- The BeOS file system, an OS geek retrospective @ Ars Technica
- The Grand Challenge 2018 Hackathon Guide – Johor! @ TechARP
Are you part of the engine
Are you part of the engine management system? No? then GTFO the CAN bus and get your own network to play in!
I didn’t hear about that
I didn’t hear about that airplane thing. It sounds like pretty bad design if there is some sort of connection between airplane cabin entertainment and airplane critical system management.
That claim is controversial
That claim is controversial at best.
I think the guy is full of
I think the guy is full of it. I believe all he saw was an information data stream from the engines, but never actually controlled anything.
Non-story. Trucks have two
Non-story. Trucks have two buses; a general purpose information/data bus and an engine control bus. The connectors for the former are in the cab and the CAN/1939 protocol is well documented. These are used for diagnostics and for the on-board computers which the drivers use for messaging, maps and their driving logs.
Some trucks allow some control of the engine through this bus. High security load trucks may allow a shutdown if the onboard system doesn’t get expected information on a timely basis. Others may reduce maximum speed remotely. However, none of these “take over” the driving of the truck in any manner.
The engine control bus has much tighter timings and is limited to a set of known devices. I suspect most are designed to shut down if an unknown device is detected. Regardless, it has a similar vulnerability as an engine from 30 years ago–namely, if you have physical access to something, you can do nasty things to it.