How Ford has slammed the door on Silicon Valley's autonomous vehicles drive Detroit and Silicon Valley aren't just 2,000 miles apart – they're on different planets, culturally speaking. One is the home of America's automotive industry, a heavily regulated, ultra-conservative sector focusing on high-volume, low-margin sales. The other houses companies that deal in high-margin information and digital …
> If a link to the CAN bus is provided - will it be a secure read-only link ?
Yes. In fact the drivetrain-related modules run on a different frequency to the HVAC and ICE related frequencies, so a car's drivetrain modules won't even listen to its own ICE modules. Meaning: a car stereo might increase in volume when the car is travelling faster, but the engine doesn't know or care what the stereo is doing. The system has been in use in millions of vehicles for quite a few years now.
In fact the drivetrain-related modules run on a different frequency to the HVAC and ICE related frequencies, so a car's drivetrain modules won't even listen to its own ICE modules.
Except that the guys who hacked a jeep a few years ago were able to reload new firmware into the ICE module so that it acted more like an EMU and had full read/write access to some of the drivetrain modules that an EMU does.
Having software-defined differentiation of functionalities is not a replacement for a physical airgap.
Exactly. The CAN standard makes it very clear that security is not a part of the core specification. It may be added using customised protocols (typically initial controller-device authentiction), but that's it. It's not designed to protect device-device configuration and there is nothing much to stop a rogue device flooding the CAN bus network, thereby generating a local DOS attack.
So the following:
It's also data that the car makers are keeping for themselves. Apple and Google may have a place in many dashboards, but there is a Chinese wall between their smartphone platforms and that CAN bus data.
is very sensible. It's when the manufacturers cut corners and allow direct CAN to Internet connectivity that there are problems.
The same thinking that gave us the botnet internet of tat things.How unhelpful.
No. Not at all. CAN is devised as a closed system. Not a system that operates across the public Internet. It's a world of difference. In CAN if you want security don't connect it to anything insecure.
Having worked designing microcontrollers into cars for 15 years, let me tell you how it works in Detroit:
Yes, each car manufacturer will initially have their own standard, like J1850, but eventually they will all standardize, like CAN.
If you supply an embedded system to Detroit, they want your code. If Apple or Google wants to supply an app or OS to Detroit, they must give the car companies their code and that is a major sticking point. They supply the code to Ford and Ford implements it. Changes are painful, it's not like patching your phone, for any code change there is paperwork, testing, months of more testing.
And this is critical - if Google offers an app, they cannot just update it on Google Play. Ford et al MUST APPROVE the new code!!! Google HATES THAT!!!
Apple and Google get no data. Nothing. Ford/GM/Chrysler do not share any data with suppliers. Apple and Google will get no "driving data goldmine" and that is where Google and Apple are freaking out because they are either being told no data sharing or being teased so Google/Apple will share information. Toyota and GM were the first to shout a hard NO on sharing.
Also, while Apple and Google are used to being able to dictate terms Detroit does not like being told what to do.
No, of course it won't be a secure read-only link. That's too expensive.
Like every existing implementation that ties together the CAM bus and the Internet, the join will be a buggy piece of software that allows remote code execution from the Internet and has full control of your CAM bus.
Because security costs money, and sadly it's not in anyone's interests to provide security until *after* this has been used to kill people.
(Well, it's in the interests of the driver, but this isn't something they're going to think about when purchasing, or even if they do think about it they can be taken in by snake-oil claims of security. So they won't pay more for real security. Car manufacturers won't pay for security out of their profits, and the customer won't pay for it, so the customer will get free claims of security with no real security. Until the point where the cost of lawsuits exceeds the cost of fitting real security, or the point where governments mandate it).
Security costs money.
Having your car hacked and then someone or multiple people killed because of poor security? That's a lawyer's wet dream.
This is why the auto companies are not in favor of the integration. If past issues are any indication, bean counters are going to have to re-assess their risk weights and then err on the side of caution.
That said, there will be more security than you believe.
"Having your car hacked and then someone or multiple people killed because of poor security? That's a lawyer's wet dream."
That has already happened. Of course it can't be proved as there's no traces of it as the car in question burned. Very, very difficult even it hadn't.
Knowing something happening and proving it in court are two totally different things.
So happening is irrelevant as long as it can't be proved.
But hacking is already proved: It is possible and if some hobbyist can already do it, many professionals can. There's no question about that.
Brought to you from the same industry that decided to let customers burn to death rather than repair dangerous fuel tanks?
The same industry that fought seat belts and airbags and fuel efficiency improvements?
I'm sure the cost of implementing decent security will be irrelevant to them.
Access to the vehicle data is already securely available via OBDII on every car built since the mid '90's when it was made mandatory, and OBDII to Bluetooth adaptors have been available since forever to pull data out of this interface for under a tenner (and it's a readonly interface while the engine is running, if you had a competent car manufacturer) Now, if my 20 year old car can get this right then I fail to see why it can't be done by a brand new car!
Liking tech toys I use this interface to project a HUD in the corner of my windscreen with most of the information that the article says that I can't access. The only thing that's not available in my car is the fuel status, because it's not required in OBDII as it was intended for garage diagnostics in the '90's. So, declare that OBD3 has the fuel status indicator available, and job done. Does a smartphone have any business writing data to the cars internal network? No? Then just don't give them the access.
I do this too with the Android Torque app and a Bluetooth OBDII link. My (2012) car does give fuel info, including fuel flow rate and tank level. And coolant temp and oil temp and throttle position and short- and long-term fuel trim, spark advance, mass air flow, voltage, RPM, location, blah, blah. I have it set to log data points to my home server via HTTP every five seconds. The phone sits comfortably wedged in the space that typically tells me what radio station I'm tuned to, so I don't need the HUD feature and it doesn't obscure anything important.
It can clear MIL trouble codes, and I suppose it could write other stuff too. There is an aftermarket in performance enhancing firmware. I'm not worried. I keep my eyes on the road and my hands upon the wheel... mostly.
" if my 20 year old car can get this right then I fail to see why it can't be done by a brand new car!"
Offshoring to the lowest priced (not lowest cost) supplier.
It's a silly idea to offshore bleeding edge technology to the lowest priced supplier though in some niche cases it may well be sensible to outsource it to a supplier with a proven track record.
Once a technology becomes relatively commonplace, it's perfectly safe to offshore it to the lowest priced supplier, isn't it, nothing can pissobnly gr woong/.
"More impressively, at CES it also announced integration with Amazon's Alexa"
This is the sort of news that makes me want to strangle the idiot who thought it was a good idea. My experience with the security of in-car electronics leaves me feeling that the Internet of Trash is better secured and we all know how great that is. The automotive industry does not have people who are aware of the threats that voice activation and remote access introduce to a system. They don't understand encryption or the need for a key infrastructure. They just pat themselves on the back if a "feature" works reliably within the limited use cases they imagined.
"My experience with the security of in-car electronics leaves me feeling that the Internet of Trash is better secured and we all know how great that is."
Perhaps it's just a matter of priorities. So far Toyota has had uncrackable map updates, but I bet the rest of the electronics isn't nearly as well protected.
Do you realise you can already do this? We've got Ford Sync 2 (I think) on our car which can control Spotify (or presumably any other media playback device) via bluetooth from the in car controls media. It's basic next/previous track stuff rather than searching for music of course.
We had that on our old ford, it was great. New ford, I have to have a spotify app on the car that prevents the android device from being able to interact with spotify (presumably for safety reasons) while moving. I get it, but at the same time when it was just a simple bluetooth controller, someone else could sit in the passenger seat and control the playlist... feels like a step backwards but I could just be missing a daft option somewhere.
There will be a market for 'cough-cough' devices that stop your vehicle from sending back all sorts of data to the manufacturers. As this will no doubt include GPS information the TLA's (and Plod, GCHQ, local councils, dog catchers and joe who lives down the street) will be after that data in a flash.
Then there are the insurance companies who have an interest in you driving everywhere at a snails pace.
They do not take '10 laps of Brands Hatch on a Track Day' kindly even though their insurance isn't valid for that sort of thing.
No, no and thrice no.
I don't think I am alone in thinking that it is time to call a halt to this surveilance.
Yes I know that the terroists and all that but there has to be a limit.
See Icon.
"Then there are the insurance companies who have an interest in you driving everywhere at a snails pace."
I'm with Steve on this issue. If the vehlicle's driving data can be accessed via the internet, Big Brother Insurance Co. will be using the data to jack up rates.
Driving data doesn't have to be accessed via the internet. There's already devices that plug into the OBD-II port and access the CANBUS data for the insurance company. You buy the policy and plug it in yourself. If the data fits their criteria of a safe driver, you get a break in fees.
" If the vehlicle's driving data can be accessed via the internet, Big Brother Insurance Co. will be using the data to jack up rates."
Of course, that's the only real reason they desperately want it.Also full time tracking for spying, a nice byproduct.
Obviously talking about price reductions for those people 'driving carefully' is bullshit: That will never happen.
Car controls (knobs, sticks, paddles etc) can be operated by touch alone - there is no reason to take your eyes off the road. Whilst you can't select a Spotify track from a list using this method, you easily skip to the next track in a playlist - just as people have for decades skipped between FM radio stations or CD tracks.
"Car controls (knobs, sticks, paddles etc) can be operated by touch alone - there is no reason to take your eyes off the road. "
Good point. A touchscreen offers no tactile feedback, (unless haptic) so you have to take your eyes off the road and look where you're poking.
Being in the market for a replacement car, I have visited several forecourts recently. I have walked away in disgust at being offered an infotainment panel which is _wholly_ touchscreen-operated. That's Ford and Toyota off my shortlist, possibly Honda too. The VAG offerings (that I've seen so far) at least have knobs to twiddle.
How come it's illegal to fiddle with a 'phone while driving, but magically ok to faff about with a car's touchscreen?
"Yeah the guys who can't keep airbags from killing more than they save are getting into IT?"
The US statistics for 1990-2007 are:
Drivers killed by airbags - 91
Drivers saved by airbags - 19872 of which 12104 were idiots who were not using seatbelts.
Source: NCSA July report 2007
91 is still too much .... having high explosive in steering wheel isn't a bright idea by any means as it's not related to moving the car, it's just an option you can't un-choose.
As long as killing yourself isn't a crime, having a car without airbag (but with seatbelts) shouldn't be illegal.
Airbag basically exists because people are not using seatbelts so it's a belt & suspenders-situation for those who do.
"91 is still too much .... "
You claimed airbags kill more people than they save.
That was incorrect. At the level of about 19,000:91.
So now you say 91 is "still too much".
Your bright idea is to remove airbags from cars.
So you would sacrifice 19,000 people to save 91.
That's seriously messed up.
Here's a clue. Next time you get something wrong say "I made a mistake, I was wrong." Then you won't look a fool.
Not if you are in the UK (and don't have a garage) you can't:
"You MUST NOT leave a parked vehicle unattended with the engine running or leave a vehicle engine running unnecessarily while that vehicle is stationary on a public road."
http://www.highwaycode.info/rule/123
I imagine many potentially helpful (and therefor potentially dangerous) actions may have troubles somewhere in the world for somebody, so the whole approach may require "legal-region" localised APIs or the like.
"Not if you are in the UK (and don't have a garage) you can't:"
You can always fit a car with a timer controlled heater, e.g. Webasto or similar.
"You MUST NOT leave a parked vehicle unattended with the engine running or leave a vehicle engine running unnecessarily while that vehicle is stationary on a public road."
You omitted the 'for more than a couple of minutes' - in which you can scrape and brush the windows and the engine has already warmed up a bit.
"You omitted the 'for more than a couple of minutes' - in which you can scrape and brush the windows and the engine has already warmed up a bit."
No, he didn't. That's quite literally exactly what a friend of mine complained of almost getting fined for in Germany this last winter. No idea what the "officially approved" procedure is for scraping your windows, but apparently you're strictly forbidden from doing it with your engine running...
"... procedure is for scraping your windows, but apparently you're strictly forbidden from doing it with your engine running..."
Yes. And of course if you don't have your engine running, the windows will freeze/fog immediately again.
Money generating rule which makes no sense at all, once again.
Some people call this green fascism and technically it is: Forbid essential function because emissions and you can't win: Either you scape the windows and get fined or you don't scrape them and still get fined.
That, my friends, is one definition of fascism.
"It wouldn't be clever to run your engine in a garage."
Petrol engine, catalytic converter. The old suicide by car exhaust is extremely unlikely these days. If the catalytic converter is defective, if the garage is tightly sealed then it may be possible. However I can recall when working in a hospital someone being brought into A&E who had tried to kill themselves with exhaust fumes but failed. They had used 40 litres of fuel and yet still had low blood CO levels. Pre 1975 cars emitted about 100,000ppm CO, modern cars about 1,000.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
