The cost of adding a networked computer to something is now low and getting lower, but the cost of making the software the runs on it secure or reliable has stayed high. With engineer salaries having grown like they have, it may actually be getting more expensive. In the long term, businesses are going to wake up to liability and customer satisfaction concerns and stop selling insecure, unreliable “internet of things” devices. But I think we’re in for a few years of zero-days on refrigerators, big invasions of privacy, and maybe some injuries and deaths before this happens.
There’s a reason they call it the Internet of Things Targets. We’ve already felt this with consumer routers.
Interestingly enough, around here we have progressed to the point where you don’t buy your home router….. You get a “FREE ROUTER” with your fibre connection.
Actually, the reason it’s free, is if you watch carefully, every now and then it quietly updates itself and reboots….
ie. The ISP’s have worked out it’s cheaper to bundle a router they can control and update, than to handle the service complaints due to hacked routers.
Alas, what worries me more about this story is the implications of it when put together with Snowden’s information.
ie. The spooks can easily move one very large step beyond just listening….
Another reason for that shift is that ISPs have started realizing it might be valuable in its own right to own & control a distributed network of access points. For example all newer Comcast routers are dual-SSID routers. One of the SSIDs is configurable by the customer as their usual home wifi network, and the other one is locked to SSID ‘xfinity’, serving as part of Comcast’s national wifi network.
I’d like to see entertainment systems standardized and shared between car manufacturers. Why can’t I just get a double/triple/quad din entertainment drop in replacement at my local electronics shop and have it control exactly the same things the previous one did?
In my 1999 car I replaced the single din tape player with a 3rd party one, but had to give up volume buttons. It was worth it.
In my 2003 car I replaced the double din stereo with a 3rd party one, but kept all functionality by getting Pioneer -> ISO -> ISO -> Holden.
Newer cars than that seem to have an all in one “iDrive” style system that controls entertainment and gps (Which is fine) but also air conditioning, electric seats, car internetting, performance mode/suspension, lap timing. I can do without some of those things, but not being able to control the air conditioning at a minimum is an absolute deal breaker. If you can live with the lose of the other things it is still going to cripple your resale value. Why do they have to tie everything in together? My friend has a Z4M. The stereo isn’t great, but there is no way he is going to throw out this sort of functionality for a better one.
I just want them to either use standards so a replacement 3rd party unit doesn’t downgrade functionality (I know car companies aren’t going to do this) or at least split up system so that I could just replace the “entertainment system” (Which would basically be the screen + stereo tuner) and the air conditioning could still be controlled through it because the “entertainment system” and the air conditioner talk to each other over a standard interface (USB/ethernet/wifi with a standard open source “car communications” protocol).
Part of the problems with replacements (in the UK at least) is that they’re easy to steal. One of the large drops in the UK crime rate is because car stereos are now integrated and difficult / impossible to casually take.
A nice(?) side effect is that when considering which car to buy next, you’re more likely to go to the same manufacturer so you don’t have to re-learn a new system for changing radio stations.
I always imagined it was because an average $100 3rd party stereo is fine for most people and will only resale for say $30, so it is only worth stealing a $1000+ 3rd party stereo. If you are stealing an original stereo it is only worth stealing it if is actually good, is usable in your car and you have/can crack the code that locks it to the car/ecu.
Depending on how you look at it, a problem on top of this is that technologies keep on removing the ability to control which version of software they run. On my Android phone, if it decides to upgrade a piece of software and I say yes, I cannot downgrade it even if there is a huge security hole in it. I expect to see IoT being even worse about this.
One of the reasons I loved OS X so much was because it had a user friendly interface that was pretty good but I could dive below it and be a power user. The mobile platforms are not catering to this at all. The counter argument is that it is better because a centralized authority is making sure everyone is up to date. IMO, there is no reason to believe that is true.
engineer salaries having grown like they have
Could you cite? I find maybe a 10% increase (relative to inflation) since 1985.
I hope not connecting stuff that shouldn’t be connected to the net will help in the meantime. Unless they carry their own gsm modules…
Why would Chrysler think its a good idea to connect your car to the Internet?
Finding out where the car was parked/stolen
Performance data, lap times
Friends locations, “Hey, Jeff is at that petrol station!” (Might actually be cool, but prone to abuse/creepiness)
I’m not saying they’re good reasons, just some things customers might want :)
I guess anything you would use your phone/devices for + car spin offs of those things.
I think a better question is, “Why would any car company think it is a good idea to directly connect the vehicle control network to the entertainment system?”. As with the previous Toyota and BMW issues, air gap, people!
“I lost my keys. Can you let me in?”
“Someone stole my car. Can you turn it off?”
Is this responsible disclosure?
It sounds like they worked with Chrysler, who now have a patch available, so I would say yeah.
Demonstrating on an actively-used public road, maybe not so much, though.
In general, I can’t say I expect vehicle entertainment systems to be especially secure. There’s too much complicated stuff going on in there, especially with the shiny new features people expect, and especially with WAN connectivity, to expect otherwise. What is absolutely indefensible is allowing the entertainment system to communicate with critical vehicle management systems; those two systems have absolutely no business being able to talk to each other.
Since the majority of vehicles probably never get a single firmware update (nb. I know the auto industry has been working on this, and it’s possible they’ve made progress that I’m unaware of)… The existence of the patch is nice and all, but it’s not nearly so clear-cut as to what they should have done here.
Certainly the only alternative to what they’re doing would be to never disclose it, which would be considerably less responsible since it’s very doubtful they’re the only ones doing this research, but of course the patch itself necessarily tells sufficiently determined people how to exploit unpatched systems.
Demonstrating on the highway sounds like it was absurdly dangerous. The journalist should have known better even if the researchers didn’t. Also, I don’t personally believe that stunts like this are going to make auto manufacturers more responsible; in fact, I don’t think anything will, in the short term. But I understand that it makes sense to try anyway, since the impact is so large.
I’m sure the whole architecture could be substantially hardened, but it doesn’t sound as though that was ever a design consideration. :(
The primary design decision was almost certainly “we need to ship this on the 2015s or Ford will eat our lunch”. Security is one of many areas where competition emphatically does not improve quality.
Just so. :(
Competition could improve security if customers cared about security. But obviously most of them don’t :) See also Facebook popularity.
Another angle could be that regulators and the legal system cares, who aren’t precisely customers, but sometimes act as kind of proxies for some interests customers have. I think how security bugs that impact automobile safety will play out remains to be seen, but imo there is a good chance manufacturers will end up with strong financial incentives, via class-action suits and so on, to at least avoid the kinds of bugs that cause a safety problem.
In most of tech, companies have managed to mostly avoid traditional product-liability law (which may or may not be a good thing, but is the current state). But in areas with strong traditional liability law, that’s harder. If a software bug causes a chemical plant explosion, almost certainly someone is going to pay a lot of money as a result. I think probably also with the case where what we might call “faulty software” causes an automobile safety issue.
edit: Oh, a big open question is whether companies will be able to dodge liability by blaming “hackers”, though. In the case of faulty engine software or the like, I think there’s very little chance they’ll be able to avoid liability. But if it takes active malfeasance by an “attacker”, they might try to analogize this to a dangerous situation caused by someone puncturing your tires, which the manufacturer has no duty to protect against. Then it gets into what precisely constitutes negligence.
Oh, a big open question is whether companies will be able to dodge liability by blaming “hackers”, though. In the case of faulty engine software or the like, I think there’s very little chance they’ll be able to avoid liability. But if it takes active malfeasance by an “attacker”, they might try to analogize this to a dangerous situation caused by someone puncturing your tires, which the manufacturer has no duty to protect against. Then it gets into what precisely constitutes negligence.
This. The tired old “guns don’t kill people” line comes to mind.
What is absolutely indefensible is allowing the entertainment system to communicate with critical vehicle management systems; those two systems have absolutely no business being able to talk to each other.
Agreed. I’ve noticed recently that my car stereo scales audio volume based on the driving speed. (Or some approximation thereof.) It’s very subtle and very nicely done. I only really noticed because the bass is more noticeable at high speeds. After thinking about it realised I don’t need to turn up the volume when I’m turning onto the motorway, yet the music is not drowned out by road noise. I suppose the entertainment system could use an independent system for this, for example by measuring the noise in the cabin. However I don’t think that’s what my car does because opening the windows does not appear to have the same effect as putting on my lead boots.
Wait… https://xkcd.com/103/ is literally true?
It makes sense - you wouldn’t want to make noise in residential areas - but it’s still surprising.
Well “more noticable” != “better” but close enough for an upvote ;-)
The irresponsible party here is the manufacturer for exposing to the network the machine that controls the brakes and engine imho.
It doesn’t have to be one or the other. There’s plenty of irresponsibility to go around.
Yes, absolutely. They disclosed the bug to Chrysler in October.
Is there a duty of care to sell secure devices? The day a court says yes as a consumer protection action will be the day things change in approach because the liability would be just too damn high otherwise.
Maybe, but I think it’s complicated. Consider everything else in your house that may have some liability, from a blender to a chain saw. If you’re using the device and accidentally chop off your hand because the manufacturer failed to add safety guards, they’re in trouble. If your psycho neighbor forcibly sticks your hand in the blender, though, we blame the neighbor and not the manufacturer.
Insecure software, for the most part, requires a malicious attacker to cause you harm. Our laws aren’t really configured to place blame on the software. I’d be wary of doing so. At least personally, if I thought I had financial (or worse, criminal) liability for my software, id immediately stop writing it.
Note that negligent software that causes harm without malicious intent (therac 25) is probably already covered.
Meat world analogy: ax murderer picks the lock to your house. Chops you up good. Can you sue the lock maker?
If the lock maker were advertising the lock as a secure lock, you may have a case - notwithstanding your condition of being in pieces.
I sincerely believe that we have let software alone for far too long. We are just starting to get development methodologies that may resemble appropriate engineering practices, but we let software companies just disclaim liability away for problems almost regardless of what they are.
I want to see a concerted effort to improve the economics and practicality of producing secure software, and I think it will happen eventually. Might need an unfortunate disaster to shake things up a bit. Insurance will be no doubt useful - that is one way to get industries to change.
After hearing about Tesla’s OTA updates, I was wondering how long it would be before the technology is exploited.
Can we avoid posting wired articles here?
This is sort of coverage belongs over at HN or whatever–they don’t really talk about the meat of the exploit, and instead it’s basically just popcorn techno-gonzo journalism.
They’re generally unpleasantly sensational, yeah. This was an exclusive though, the other coverage of this story is just quoting Wired about it. It does appear that people on lobste.rs are fairly good at seeing through it; the thread is mostly about the issues that there is enough information to talk about, not about the less substantiated claims.