There's the fundamental problem right there. Over the air software updates means malware can always be installed.
One day, security engineers may remember (or reinvent) critical technology from the 1970s. This was when, to write to the ROMs, there was a physical electrical switch called "write enable".
Now, if the car's embedded systems have a physical write-enable switch, then malware won't survive a reboot.
Next, have the system reboot every time the car is started.
The reason you hear about security flaws in newer cars with OTA updates is because research on unpatchable cars is regularly silenced. Multiple friends of mine who thought it would be fun to look into bluetooth security in cars have had their work shut down by law enforcement and teams of lawyers, and told to back off.
I'd estimate that at least 90% of cars on the road without OTA updates are vulnerable to some sort of Bluetooth based attack that will never get fixed. Your "write enable" trick does more harm than good in these scenarios.
Aren't vehicles and their safety capabilities regulated? Just because new cars are fly-by-wire shouldn't mean the control mechanisms are suddenly exempt.
Steering wheels made of cardboard would be easier to manufacture, yet they'd fail safety inspection.
An FM/AM antenna is a wireless receiver. Not a transceiver (though CB is and is still common in long-haul trucking), but still, it's always been possible for someone to hijack the channel and send an unwanted signal into your speakers. That's how pirate radio worked for a century. If all an attacker can do is send sound into your cabin, that isn't a meaningful vulnerability. They could do that with a megaphone.
If car makers are actually hooking the bluetooth chip up to anything except the sound system, that's the problem. Although, assuming a class 2 device, it only has a 10 meter range. If an attacker is that close and wants to shut down your car, they can use a nail strip.
The real problem here is hooking up WWAN to control software.
The trouble is, the sound system is inevitably connected to the rest of the car. For example, in most cars the volume automatically increases with vehicle speed to compensate for increased road noise.
These connections could be physically 'one-way' but in practice most modules are simply wired in parallel on a CAN bus and something like the radio would be set up to
send data to the car's CAN bus (for diagnostic purposes at least).
More than just speed sensitive volume now. Replacing the stereo in my van requires a conversion box (Maestro) that deals with the various car settings that are done through the stereo, such as dome lights out duration, dash clock setting, auto door locking, etc.
The stereo is way too tightly coupled with the rest of the vehicle.
Well, maybe cars shouldn't have Bluetooth in the first place? Also, it's not like these updates are ever going to fix the situation. They'll just be slightly less vulnerable.
Not to mention that updates can obviously brick things. Imagine waking up one day and finding out that your car is bricked due to some update.
I don't really think that's the moral of the story, Bluetooth in car stereos brings value to people, many use it. You could fix this pretty easily with more separation between the stereo and the "important" components.
Why software updates, especially remote ones, are even necessary for the safety-critical bits of a car is a problem too. Entertainment systems and such might be "acceptable" to follow the current trends in declining software quality and "fix it later" mentality, but core functionality like engine controls, steering, and brakes should definitely not be developed that way.
The conspiracy theorists might say "so they can slowly degrade the performance, in the name of environmental protection"...
A more recent example was GM limited charging capacity on the Bolt when they identified a production issue that could result in a fire.
I bought a Honda once that was never brought in for a service recall and thus had an issue I had to pay the dealer to fix because it was outside of the recall window.
Tesla was able to push an OTA update to the Model 3 to improve performance after a CR article criticizing it's braking distance.
I think OTA or remote updates should be possible, and I think it should be something the owner of the vehicle has control over.
That still doesn't need to happen over the air. It can work the way a BIOS update does. If you want to update over a network, have at it, but it should be possible for them to just send you a file and you can flash that directly by plugging into a USB port. No need to go to a dealer for a flaw that can be handled by a software patch, but also no need to expose your vehicle control systems over a WWAN.
Recalls work just fine, because in e.g. replacing a defective airbag, they don't also decide to swap your engine with a smaller one or repaint the interior and rearrange all the controls. It's mainly the forcing of unwanted extra changes that has caused people to refuse updates, and that is IMHO a problem that the software industry has entirely self-inflicted.
Hardware switches are coming again. We have lots of Energy Meters from Siemens (PAC3200) with Ethernet. The new model PAC3220 I got a few weeks ago, does have a hardware switch for write access from network, just like the old S7 PLCs had RUN and RUN-P (write access) 20 years ago. We have a VLAN just for the energy meters, each Meter a separate switch/firewall port, just open ports for Modbus-TCP and no client-client connection allowed. Same for PLCs.
Security engineers, unfortunately, have a weaker voice at the table than do the marketers and bean-counters.
The more secure means would be to require the car be taken to a dealership -- but that's costly to the auto maker (they have to pay the dealers for updates they apply), and is deemed an inconvenience to the customer. They worry about the friction on the customer, and the cost.
With OTA updates, much of the security relies on using signed images. The SoCs in IVI systems are fused with the auto maker's key.
Unfortunately, it's somewhat unfair to always blame the non-engineering folks. Many times is other engineering domains that run counter to good security. In my experience, cost or schedule are the leading factors but sometimes engineers want to push for certain features that are not compatible with good safety or security practices.
Well Tesla does it and their customers love waiting hours for software updates (I'm not being sarcastic, this is literally what we found through benchmarking)
I kept pleading that we don't have the marketing that Tesla has, our customers don't want to think about updates. Not to mention OTA costs money. Tesla can do it because they are sinking money and only have a few hundred thousand cars. My company sells millions of cars per year, OTA is significantly more expensive.
I'm not saying my company does OTA often, but the word Tesla cones up more often than it should.
> Well Tesla does it and their customers love waiting hours for software updates (I'm not being sarcastic, this is literally what we found through benchmarking)
I've done several OTAs on a Tesla. Most were about 1 month apart, and my longest update took 28 minutes. The average is closer to 15.
> Tesla can do it because they are sinking money and only have a few hundred thousand cars.
I won't get into whether they are sinking money, but they have about 1.6 million cars.
How does it work? Is it automatic during the night when the car is parked and you're asleep (that would be ideal) or does it updates when you start the car and would be ready to go (that would be a nightmare)? Maybe something in between.
You get an update prompt on screen (and on your phone). The car asks you to schedule a time to install (normally 1 AM) or allows you to update immediately.
When an update is triggered (manually or on a timer) you get a 2-minute countdown to restart and then it will install.
How do you validate that a thumbdrive sent to you is actually from the vendor? Is that really more secure than a properly encrypted OAT update? Security has lots of blind corners.
All OEMs tried not do it. But as Tesla did it, all other OEMs got blamed, because they don't do. "Look how lame their tech is, they even can't do OTA, which even every iPhone can."
That is the problem and that is the reason why every OEM will support OTA in the near future.
Please don't shit on Tesla for being the first car company to actually fix bugs. I've worked in automotive infosec, and it SUUCKS. Before Tesla, security issues were dealt with by layers threatening to sue the shit out of anyone who publishes anything. What Tesla did moved the industry forward by decades. I never worked at Tesla, but were I was at, we were all super grateful that they finally set the precedent to take security seriously.
Instead of relying on a company to properly secure their ridiculously over-electronic, over-networked, software-based vehicles, I'd rather just keep driving an older vehicle which just doesn't have any of that in the first place. I have no need for any of that, it doesn't add any value for me.
I honestly don't know what I'm going to do in the future, there's no chance I'm ever going to buy a modern "car", it's going to get tougher and tougher to keep a real vehicle running after enough decades have passed. Of course a non-modern car is infinitely easier for the average individual person to maintain and keep running so I'll be able to keep going for a long time.
How is this paranoia? The ratcheting up of software sophistication does not necessarily add value to the average buyer. What it does do is add cost to repairs for both complex systems/parts and labor. This added complexity and cost make it prohibitive for the average owner to fix or even diagnose problems as the auto industry evolves. This isn't about being paranoid its about being economically conscious of the cost imposed by sophistication.
Well, that and going into the dealer for a simple software recall is really bad for the consumer. I've had it happen with other cars and its just not a good experience. Add that the dealer always has an upsell ready and its even worse.
Exactly this. If they would mail me a USB stick with the update so I could do it myself I'd happily do that, but driving 20-30 minutes to the dealer, waiting for the update, and then driving back home is an enormous waste of time.
Dodge/Chrysler/Ram did that a few years ago when some researchers showed how they could take over a Jeep Grand Cherokee via the 4G connection in the entertainment center, and apply brakes and gas. I got a USB stick in the mail, with instructions on how to use it.
Though how sure were you that it was Chrysler that sent you that USB stick? Not that I don’t think it was legit but is that really more secure than an encrypted OTA update?
How much of this is due to the nature of software being changed so often? We do this very thing with hardware recalls on our vehicles, but my hunch is we tolerate it because it happens so rarely and people more easily and intuitively understand how hardware can cause a bad day.
I'd be curious on the HN perspective. Are we less willing to accept this from software because it's taken as a given that when "it's just software" changes are easy? Does it imply that the software process (particularly requirements and testing) are not as robust as with hardware processes, leading to more frequent updates? Does it imply we are overly reliant on software to mitigate hardware issues because "it's easier"? (I'm thinking, in part, of the 737-Max issue for the last one).
I expect them to make the case to the relevant people instead that it's a bad idea, and resist, so when the lawsuits get filed they can pat themselves on the back that they aren't part of it, because their cars weren't updateable over the air and thus aren't part of it.
Unfortunately, "the lawsuits get filed" is comfortably beyond the planning horizon of any entity out there right now, even though we're talking about lawsuits with the reasonable chance of driving the affected companies right out of business.
You think Tesla, of all companies, would build that car?
Tesla "we remote SSH'd into as many vehicles as we still could to patch up a crash/bootloop that existed because our on-board JSON handler couldn't handle a certain json blob coming from our backend" Tesla?
Tesla "we'll call you as soon as you connect anything to the onboard ethernet port to tell you to stop doing that" Tesla?
Tesla "it was demonstrably possible to 0-day your way to the Autopilot ECU" Tesla?
I'm sorry, my comment might come off as more hostile than I mean it to, but it seems you and I have radically different impressions of Tesla. Knowing their quality control process and build quality, I wouldn't even want to stick with the first version as released.
Although I do definitely agree with you on one thing. I think OTA is a very scary prospect for cars. And let me be clear: for any car manufacturer. From the type of software I've seen car manufacturers produce I'm not sure any of them should be capable of instantly updating their whole fleet.
Then again I also don't want touch screens in my car, so what do I know?
I'm told that it is an unpublicized configurable option, otherwise many types of people would be disqualified from being a Tesla customer (think diplomatic, military, et c).
In any case, if it can't be built without GSM tracking, I won't be getting one.
My belief is that Tesla is aiming the for the military and police market who like to have proto-military hardware to jerk off to. So, yeah, seems like they'll have this option.
Or maybe only the military version will have it.
I guess the military/police version will cost multiples of the civilian version too, if I were Musk I'd know I'd want to suck on that "virtually unlimited government budget" tit.
I want it without a radio transceiver of any kind: permanent "off".
It's possible I could compromise on wi-fi or bluetooth, because those need to be paired to communicate. Hard no to cellular of any kind, if for no other reason than it means that the car's location is being continuously tracked and logged for all time by the carriers and national military.
> For the EU that ship has sailed as there is a mandatory automatic emergency call capability for every new car.
I'm willing to bet there are militaries and state intel agencies in the EU that have obtained brand new passenger cars that don't have transceivers in them. The module is also probably fairly easy to physically rip out, too, without disabling the whole vehicle, if creative methods with more finesse don't pan out.
Does nobody at all in governments see what an existential danger it is to a free society for anyone in that society to have access to a database containing the complete transportation logs of every single member of the society? I can't be the only person who sees this is an existential threat to a small-l liberal democracy; there are people alive in the EU today who suffered under the USSR and DDR.
I'd be worried even if it were a benevolent person with these logs; I'm positively terrified knowing it is the phone company and their pals in military intelligence.
> Does nobody at all in governments see what an existential danger it is to a free society
Maybe. But does anybody in the governments think that the free society withering away is the danger to the government? Perhaps during the Cold War they thought so, but nowadays...
> The module is also probably fairly easy to physically rip out, too, without disabling the whole vehicle, if creative methods with more finesse don't pan out.
It's a legal requirement to have it. Sure, I can rip out the head-lights too, but then I am not allowed to use the car any longer on public roads. If emergency call is part of the cars registration I am probably not allowed to disable it without voiding the registration.
As well, no one does this. If you do it, you stand out like a sore thumb.
As a guess, I would bet that the legal requirement is that it be manufactured in such a way, not that the car's operator keep it connected to the telephone network after purchase. I shall research and find out!
It's internal to the vehicle, so I doubt it would stand out visually. The ALPR stuff and mobile towers aren't (yet) integrated.
I'm pretty sure most (all) people carry cell phones anyway so this seems rather moot. In all honesty, turning it off would probably make you stand out more than just leaving it on and/or swapping the sim card out.
It's the EU. When it comes to tech they're either woefully incompetent or malicious (I'm not sure which). They talk the talk about privacy and a free society, but their moves are constantly moving things in the opposite direction.
Sure, it eventually got struck down by the courts, but EU politicians still thought this was a terrific idea. And it's not like things have changed much since then.
I had a hard time finding information on dummy loads for wireless antennas. Can you please give me (and others) a short primer and/or the right keywords to search for? Thank you.
(I was looking for my "smart" TV, I ended up disconnecting the wireless card from the TV. Thankfully the error message isn't as annoying as other models.)
You basically need a resistor with the value of the impedance of the antenna, and a wattage and airflow sufficient to dissipate whatever power is being dumped into it (or several resistors in parallel whose heat dissipation adds up to the value you need).
There's no real standard for cellular antennas as there is for many other types of radios (as far as I know, not that I would / can find in some brief looking). Most stuff I'm familiar is 50ohm or 75ohm. E.g., wifi antennas are generally 50ohm. If you made me pick a resistor to put on there without being able to test anything first, I'd pick a 50ohm/5W. But you might burn your electronics up.
So your two main unknowns are the impedance and wattage.
Solving for wattage is probably best just done with Google. The power output should be fairly standardized. Assume the transmitter's going to go into its highest power mode when it realizes it can't find anyone to talk to and then leave yourself some headroom on top of that. On a very brief look, most sources put LTE at about a half a watt, but other techs at up to 3-4W. For the price of resistors and assuming these will end up mounted somewhere without great airflow, I'd probably just throw two 5W resistors at it.
Solving for impedance is going to be a bit more challenging. If you're lucky, an off-the-shelf antenna _may_ be marked with the frequency ranges and impedance. Otherwise, measuring impedance generally requires some more specialized tools. You could pick up something like the NanoVNA2 to do the measurements yourself (they're not the best, but likely close enough for what you're doing and cheap relative to the other options), or try getting in touch with your local ham radio group and ask if anyone has an antenna analyzer to analyze a cellular antenna (impedance is at a given frequency, so they need an analyzer that covers up to at least around the 1GHz range, which are less common than one for HF which is only covering up to a few dozen MHz) and could analyze an antenna for you.
Then just hop on Digikey/Mouser/etc, grab some resistors and a SMA or whatever other connector would plug in in place of the antenna and get to soldering.
Disclaimer: Amateur radio guy, not RF engineer. It's been years since I actually used any of this information in any significant way. This could all be entirely wrong.
I have an older car that missed Carplay by one year. I want to replace the rather crappy dashboard screen with poor touch sensitivity with a nice new carPlay dashboard so i can navigate and listen to my podcasts.
Last time I asked it was 1500 quid plus install from the dealer. I could probably get under a grand now.
If there existed a car with no entertainment system at all, and I just stuck a specially adjusted tablet in there, with industry standard connectors, everyone would be happy, and if anyone hacked my entertainment system they would not be close to the important stuff
Cars should be the mobile equivalent of a dumb TV screen. But no-one wants to make them.
Hey, almost no one really wants smart TVs that phone home every minute, yet nobody makes modern dumb TVs anymore (or at least privacy respecting smart TVs).
It's cartel behavior. Producers just silently agree to not do stuff that would disadvantage them on the long term.
Everybody keeps going on about "yeah, but someone will undercut them, free market, bla bla", but it never happens in practice.
It came up in the last thread about dumb tv's - they exist. Wal-mart sells Sceptre tv's. 4K resolution, dumb tv's. And they're super cheap; they're actually cheaper than smart tv's. I have no idea why people say they don't exist. They're just not popular.
Outside of HN, people do want smart features, from what I can tell, and don't even consider that their TV is a privacy concern.
Availability of “dumb TVs” seems to be extremely location specific. I tried finding one in Denmark and it’s pretty much impossible. Romania has a nice selection, as some one on HN showed me a while back.
I don’t know anyone who uses the smart features in their TV, except my wifes parents who use the Netflix app in their Sony TV. Everyone else just use an AppleTV, ChromeCast or a box from their cabel/internet provider.
> I don’t know anyone who uses the smart features in their TV
Because the current generation of TV buyers are used to the concept of purchasing separate hardware to deliver content. That is changing now.
I had a similar realization about streaming v piracy. 15 years ago everybody my age was pirating music and TV. It led to a lot of viruses and malware for some, but everybody more or less knew where to go to for that stuff, even as P2P networks were being shut down left and right.
Today, young people don't really do that. Spotify, YT and Netflix apparently fixed enough UX and content gap issues that torrents and stuff aren't considered necessary anymore.
Most of the non-technical people I know buy an Apple TV or Roku and get confused when they sit on the tv remote and accidentally bring up the smart tv netflix instead of the Roku netflix. Ignoring the privacy concern, the dumb TV is a better option for those who are going to buy an Apple TV, chromecast, or roku anyway.
From the wal-mart website, it looks like the 55" Sceptre is dumb but the 65" is smart. When I bought my 65" tv earlier this year, I couldn't find a dumb tv that fit all of the specs I wanted so I compromised and got a vizio (simple, chromecast based smart tv) and just never connected it to wifi. It doesn't seem to nag me about the smart features or connecting it to the internet at all
> Everybody keeps going on about "yeah, but someone will undercut them, free market, bla bla", but it never happens in practice.
I asked about this a while back on HN. I’ve heard enough people complain about smart TV’s even outside of the sort of tech privacy bubble that I wondered why no one tried to take a dumb-TV angle or how difficult it might be to do so.
Was basically told, that consumer hardware is mostly a commodity business and that margins are super thin so it’s not really a profitable idea. So the companies turn to smart TVs where they can make up the cost by things like advertising.
FWIW in a later discussion elsewhere, I was pointed to a handful of Dumb-TVs being sold at Walmart, etc. I don’t recall whether you have options for high resolution or large sizes though. Commercial displays also get brought up in this discussion, but if my experience with other commercial hardware is any indication, general consumers may have a hard time getting their hands in those.
The Walmart TVs brand is spectre. They have cheap large 4K displays but the quality is not considered good - works for me, but I slightly prefer a 1080p projector.
Seems like a good opportunity for some enterprising young individuals in China to being producing dumb TVs, or at least dumb TV screens that can take a variety of inputs...
And too few people will buy them because users don't really care and this business will just die off. That's what happen in practice. How many security and privacy focused smartphones, laptops, etc. do you know? All the ones I know are Kickststarter types which generally have been in more or less the same stage for years and years and from the get go their hardware was at least 1 generation (if not more) behind the latest ones.
An increasing amount of people I know don't have a TV screen and show no interest in getting one. They just use computer screens to watch instead. Not that that's better for privacy since they've at the same time been switching from physical discs to online data-harvesting services like Netflix. So they're really just building DIY smart TV's.
This sounds like something I would've written before I had enough money for a living room, a couch, and a screen large enough to share
How old are your peers? My house in college was full of "DIY TVs" but once I got my own place I was tired of squinting at a 24" display
My TV is 65". That's not a monitor, and a monitor isn't a replacement for that size, and the closest monitor is the 40-something inch HP Omen which costs over four times what my TV cost.
Many (like me) don't care. TV prices are abusive (where I live at least) and smartTV never interested me as an offering. I have a 10yo that I didn't turn on for more than 1y and if it brakes I'm sure the second hand market will have a lot of them still if I want one.
I think I didn't express myself correctly. I don't own a Smart TV not do I intend to. I have and old normal TV for a long time, and if I decide to replace it there's a lot on offer from second hand market. What I own is a good quality 19' monitor and that's what I use for movies. Not rich at all.
Most consumers don't care/know about security or privacy. They just want new features. If the reality shows the opposite then for sure someone is going to build those privacy respecting devices.
Almost any car that doesn’t have CarPlay/etc can have the standard entertainment stuff stripped out and a CarPlay head unit put in using a double-din dash conversion. Costs about $4-500 for the head unit and $1-200 for the dash conversion depending on your car.
I’ve done it on both my and my wife’s cars. They now have standalone CarPlay units for music and maps and calls, yet zero integration into the car itself and it’s perfect.
Definitely. I’ve got 2 different Pioneer units (DMH-W4660NEX and another I forget atm) and I’d basically recommend any of theirs. Just get the best one you can afford from their series. Even the cheaper ones are decent but obviously get even better the more you spend.
I wasn’t a fan of the JVC one we had previously though. Not very responsive and the lag made it annoying to use. The Pioneers are fast and pretty much perfect in comparison.
For most common cars you can also use the steering controls adapter kit which lets all your factory steering wheel controls for volume and answering/making calls.
All the cars I've looked at this year that have CarPlay / Android auto only available on the mid/upper trim levels, on the lower trim levels, the entertainment system also contained the climate controls and couldn't be removed.
> If there existed a car with no entertainment system at all, and I just stuck a specially adjusted tablet in there, with industry standard connectors, everyone would be happy, and if anyone hacked my entertainment system they would not be close to the important stuff
I got my hands on a VW Up! in part because they decided to not bother with an entertainment system: you have a better one with your phone. So you get a USB port, a phone holder and an app if you really want useless crap.
As others have pointed out, you likely can install an after market stereo in there. (Not affiliated, but a happy customer!) For self installs, I purchase everything from https://www.crutchfield.com/ , as I know if they say it fits in your car, it will fit, and they make sure you have all the instructions you need to install it.
I did that to my older car so it could have wireless car play for my spouses phone (but mainly because the native entertainment system was awful).
There are still some cars that have a regular 2 DIN slot. I think at least the Toyota GT86 and Dacia Duster are like that with the latter not even coming equipped with a radio as standard.
>If there existed a car with no entertainment system at all, and I just stuck a specially adjusted tablet in there, with industry standard connectors, everyone would be happy, and if anyone hacked my entertainment system they would not be close to the important stuff
The "extra super base" trim models that they make half a dozen of so they can advertise a low "starting at" MSRP are often devoid of radio/infotainment.
Airgapping critical functions needs to be a thing. Infotainment that's online should be no where near driving, safety or engine management functions. If those fictions require an OTA update, then it could be done by enabing a physical switch temporarily so firmware can be downloaded.
It's like we need a Ralph Nader book to inspire automobile regulation around putting stupid electronics in them. Some better design could come of it. Unfortunately connected cars aren't going away. There's future automatic driving and the surveillance state both demanding real time location tracking.
I guess they could add an annoying beep every 5 minutes to make sure the switch is switched off if it doesn't need to be on.
Or have a function that the engine can't start if the switch is on (because during an update the engine should be off, although obviously the onboard computers need to be on).
It would still be an improvement. In situation like you speak of people's cars would be as insecure as they were without the switch but at least the capability is there for those who want it or learn to be security conscious.
Put the switch under the hood and have it deactivate the ignition when active. That has zero inconvenience for the mechanic servicing the car and ensures that there's no way to forget to re-enable the write lock.
Problem is, current trend is integration. Infotainment touchscreen now controls increasingly more of the important functions, so airgapping is no longer an option.
> The automotive industry started taking cybersecurity seriously about six years ago and started investing in designing and deploying cybersecurity solutions.
Your security is a risk greedy companies are willing to take !
Which of the features which are a cause for concern aren't:
a) used inflate prices
b) used to gather/sell data to make more profit
c) to save costs ?
(I know some things like rear cameras are legally mandated in some places)
Some of the cost savings are directly impacting safety and it needs to stop. For example, hiding often-used things behind menus. It needs to be called out as the greed it is.
> the multiple potential in-car and remote access points such as OBDII, USB and SD ports, keyless entry, Bluetooth and Wi-Fi, embedded modem, sensors, infotainment or smartphone apps and the multiple connections via telematics and other cloud systems that access car systems.
I want a car without all these. I don't mind OBDII but all the rest has no real reason to be there let alone be integrated with the car itself.
Is there a good list of things that I as a customer can do to mitigate the risks? E.g. pulling various SIM cards, not ordering feature X, avoiding producer Y?
Of course one could always drive a historic car... ;)
So, I would argue that "feature cars" are amazing value right now. Even early 2000s or early 2010s are exceptionally reliable (unless you buy a 7-series E65 BMW or some nonsense) and cost almost nothing to run. Much more sensible than paying $80k for a new Tesla, even though it's clearly better and a shiny new toy.
I sort of agree - yes, there's a big middle ground in terms of luxury, but in terms of the main reason for having a car, they do exactly the same. They take you from A to B in relative comfort.
Absolutely. When my next car is due, I'll try to find the "last good year" of low-enough tech cars (kinda similar to the last-good year for Macbooks that used to be ~2015) that do the job without half-baked cognitive load increasing features. After that the mess is hopefully sorted out and we'll have rented electric cars - the operating company will should sufficient incentives to provide a robust and safe experience for their customers.
I don’t know where is a good article with a comprehensive list of all the things you can avoid, also cause if you don’t use all of the features of a new car, I suggest you to buy a mid ’90 car. Some services rely on the internal e-sim of the car, so you can’t disable at all it. I think the most secure thing to do is don’t use an old keyless entry key fob, or don’t leave your car near the key or leave the key inside something that can shield the key signal: https://www.edmunds.com/car-news/technology/how-to-protect-y...
the Land Rover Defender (or old V8 Toyota) might be an option. Been driving Defender this since 2006, and I will never sell it. The car literally hasn't changed its optics since the 80ies and a few dents only give it more "character". I got sick of being ripped off in the garage (and that car is known to never be free of flaws but never is fully broken either - classic British engineering:)) ... I downloaded all explosion charts from RU websites and the parts catalog can be found in popular LR forums for OEM or the much cheaper wholesale parts (10-20x less the price in some cases).
It's a learning curve but instead of spending money on in garage (and get ripped off) over the years I invested it in tools and try to repair anything myself. Sometimes I'm back on the road within 24 hours sometimes it takes me a month. Meanwhile I made friends driving similar cars who can help out. Not an option for everybody (space & patience), but I know my car now better than most mechanics. It turned me into a massive engine nerd too and I also got all the diagnostic tools to look at and clear error codes over the OBD-II.
If a large 4x4 isn't your cup of tee then a Lotus Elise can result in similar fun. My latest project is a Caterham which I'm building from scratch and hope to have it on the road later this summer (https://www.caterhamcars.com/it)
Anything battery powered or electric for me would never be an option. People say it's "not so green" but my opinion differs. I think getting the latest model of X every 2-3 years is far more toxic to the environment.
I'm passionate about Defenders (I've commanded a squadron of them) but even I'm not massively thrilled about driving one these days - they didn't even have air bags or any kind of collapsable steering column until 2020.
yes true. I think that the Defender's low number of driver casualties might be due to the type of people who drive them (conservatively). Unlikely that somebody wants to race in that car. My previous cars were BMW's and these things turned me into a reckless douche the minute I sat behind the steering. The saying is Defenders "don't go fast but they can go everywhere". I changed my driving habit and attitude on the road considerably (I started taking the scenic routes and learned to enjoy the ride, with an unusually high sitting position, wave at other defender drivers if I see them, and could fit all friends of my kids inside).
AFAIK the pedestrian safety rating for them is why older models (after the Ford/Puma engine) was abysmal and they discontinued. If you hit a pedestrian or cyclist that's probably it. That has always been my main worry. But I think the safety for the driver/passenger is pretty good when using common sense and when not driving them like the stig. I hit a wild pig once in a forest in France and it was splattered across the front but not so much as a dent in the car.
They also come with roll-over cages on the US market which tells something about what can go wrong if you lose control. Never got one since I don't drive rallys. Still their handling (directness of the steering) is much better than a Wrangler (where the steering is horribly "spongy").
I've got a 2009 Toyota and when I upgraded the stereo to add Bluetooth, I just didn't connect the wire from the head unit to the CAN bus. (The installation kit from Crutchfield included the pinout.)
On a newer car, I'd probably install a toggle switch for that wire. (I'd love to hear from anyone who's actually tried that.)
Edit: Also, I always open the door with the physical key, and I don't even carry the button.
I purchased a VW e-up! and one of the main criteria was the absence of any fancy touch panel and related gimmicks. The lack of distraction is a God send.
Car updates should always go through some independent third party. This ensures that the software can be tested for a sufficient amount of miles before the update is released to the public. The independent party should (at a minimum) check that the software has not been changed in the last X months before it is deployed, which is easy to enforce if the independent party is doing the deployment.
Allowing car companies to update the cars themselves is going to be a recipe for disaster.
I'd guess frequent and devastating. There is potential for both. For frequency, more cars with more problems means more attack surface, and the longer on the market and more widespread they are the more exposure wannabe attackers get to them. For devastation, in-car firewalls between different systems and buses have been proven ineffective, so remote steering is possible. And some cars even provide remote steering as a feature, like automatic parking. So for an attacker, it is possible to create a lot of property damage and even kill people, so there is the huge potential of ransom and general havoc. For a harmless and maybe easy example, just imagine all cars by a popular manufacturer suddenly deciding to engage the automatic unparking, the stopping and locking down and blocking all the parking lots in the process. For a less harmless and hopefully more difficult one, imagine all those cars suddenly steering hard left when over 80km/h.
Almost every major change is made by convincing others to act because there is only so much one person can do. The probability that ano88888 is positioned in such a way as to start a car company is pretty close to zip.
Meh. The pen is only mightier than the sword when there are few writers among many doers. In this age of social media and microblogging, the pendulum has swung the other way and those who act stand out from the sea of voices passively demanding "change".
The mighty weapon is still the pen, it might is just dependent on how you apply it.
Tesla doesn't exist because Elon et al. went into his backyard and made a car, it exists because Elon et al. convinced a bunch of other people to cooperate on making a car.
Same with Jeff Bezos et al., and Amazon. Steve Jobs et al. and Apple. Bill Gates et al. and Microsoft.
Just posting on social media doesn't make your pen mighty, reaching out to people and convincing them to work on something does. On the other hand, social media is not a terrible place to "test" ideas to try and get an idea whether or not you'll be able to rally people to the task at hand.
No, I primarily meant Elon but used et al to include them as more minor "authors" (pen users). Elon appears to have been the primary "author" that actually convinced enough people to work for Tesla that it has succeeded to the extent it has.
I hope the automotive vendors will embrace the security maintendance experience of the likes of suse, redhat, canonicalfor their Linux based performance ECUs. I sense however the yocto style patch everything and tweak it to my likings embedded chaos will reign for a while. the reluctance of the arm ecosystem to mainline their BSPs doesn't help.
but how do you explain the value add of a built once used and validated everywhere binary? and a standardized security architecture and frozen version maintenance? to yocto embedded folks?
Package management systems are available in Yocto as well. Nobody uses those because running package based updates on headless, operator-inaccessible, embedded devices is corporate suicide.
Full image update is a better engineering practice, that's why it is done this way.
yocto only has half baked support for a binary layers, let alone binary sdk layers, where you add more packages, for the target or the build host, and more layers come further down.
this is for you to use the binary packages to build your images. which you then deploy, as you suggest.
key thing: you use suse/ubuntu/redhat binary packages to build and create your add-ons which you then deploy, as image-on-the-fly (created on target during traditional Linux install/update), or as precooked image (qemu, container or, new: embedded flash image)
Please forgive me I am not a car ECM engineer, but the approach to this I would take would be to have dual controllers and a staging sandbox on its own board. I assume perhaps incorrectly that the updates are already signed. The update process must validate against multiple consensus servers hosted in multiple regions and those servers must be validated constantly by Tesla and their operations team. I would have the car give the owner options for update frequency and options require things like "wait until car is being charged". I would also give the car owner options to manually apply available updates after validating a code against the manufactures website. The website should list all the firmware updates, fixes, checksums, etc... The owner should have the ability to roll back an update at least one revision. If the update fails the secondary controller should become active similar to how some computer motherboards have the option to store an active and rollback BIOS. It should be designed impossible to put the controller into update mode unless the car is powered down and on the charging system and the batteries are at some charge percentage and meet other safety requirements. These options should allow updates to occur when the person is not planning on using the vehicle, such as going to bed. Is this already the case?
This is just my preference personally, I would require a physical switch that powers down all transceivers. This will be a requirement for me on all modern cars for ODB3 regardless. I also want the ability to review all data that will be uploaded in JSON. If I can not review this data, I will violate terms/AUP/laws and upload my own image. Even non EV's have remote updates and telemetry with ODB3. This is more common on cars manufactured after 2018. For now I am sticking with used older vehicles.
Not mine, because I'm not willing to be part of the cohort of people who find out how bad of a problem insecure tech in connected cars can be for us. We are going to make mistakes before people learn, and I'll be driving an older unconnected car.
Car related issues are never “someone else” ’s problem though.
Cars getting hacked when running around you won’t be a risk you can ignore. Your town’s critical services car systems getting compromised won’t be something you turn a blind eye to either.
As usual, apart from engaging in local committees there is little we can do from the outside, but we’ll definitely be the ones paying the price at the end.
The biggest threat to you in your car is a crash, and driving an older car from an era with lower crash standards is a far bigger risk than connectivity.
Good thing you're the only person driving on the road isn't it?
I've been driving for almost 15 years, and never had an accident, but in that time there are many occasions where someone else on the road has done something _incredibly_ stupid. All it would have taken in any of those scenarios is for me to be opening a window/changing the radio station/looking in the rear view mirror and I'd have hit them.
about half the crashes are single vehicle accidents, and pileup drive the statistic for multicrash vehicle count, it's quite less likely being collected by a bad driver than flat stat would imply.
multicar crash happens 1/cars times, duh, they account for the same fatalities but you are far less likely to be in one, because they are tied to exceptional events (i.e. snow) and non uniform across the population.
I mean a physical crash, not a code crash. Car physical crash safety standards have been shooting up for the last 20 years or so. A car from 10 years ago isn't built to withstand the same crashes - you can see this in how the builds have changed.
once you correct for dui, speeding, driving tired and filter by vehicle types driving a car is pretty safe, that is, if one is not in the problem cohort one can have a pretty low risk of crashing.
> Number of people killed on the roads every year due to cyber attack: 0
How do you know this? The beauty of a cyber attack is that it can be made elusive. And the number of people killed on the roads by failing software is certainly not 0.
I think it's a super-reasonable guess that it's approximately zero. Maybe it's a thousand if you're super imaginative? I think you'd really struggle to make a serious argument that it was a bigger risk.
First of all, that wasn't my claim. Second, the amount of circulating car that might be a vector for a cyberattack is so small that the 0 in the statistic could very well fall in the range of expected deaths when corrected for other factors.
I.e. if there's one vulnerable car every million 0 is what you'd expect deaths to be, not an astounding result.
Yes! If we can some how access the debug interface like JTAG or UART, then it is possible to add backdoors to the firmware. Even if the debug interface is protected, there are methods like side channel attacks or fault injection attacks that can set a certain bit to enable the debug interface. If a hacker could access the car's Over-the-air software updates server, then its pretty much over for the car company.
What is the last car year without built-in radio transcievers? Did some manufacturers hold out longer than others? Will these cars eventually go up in value?
will be interesting when the first lawsuits appear over nonfunctioning, yet perfectly functional heavy equipment that ceases function because it can't phone home or the software/associated support/backend infra/service/security patches are eol'd.
maybe we can crush the still totally usable cars, paint them white and use them as filler for the melted ice caps?
Yes. Some cars offer web app that you can access to see some details about the car, such as fuel usage, location, set warnings for speed or leaving a certain location. In some cases you can even unlock or start your AC remotely.
There's the fundamental problem right there. Over the air software updates means malware can always be installed.
One day, security engineers may remember (or reinvent) critical technology from the 1970s. This was when, to write to the ROMs, there was a physical electrical switch called "write enable".
Now, if the car's embedded systems have a physical write-enable switch, then malware won't survive a reboot.
Next, have the system reboot every time the car is started.