nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Sensor-rich traffic info shows how far Silly Valley has to drive

This post has been deleted by its author

Silver badge

Cartel

Given what else the German cartel have recently been found doing, anyone trying to get into this business might do well to high some lawyers and go a'hunting. Looks like Germany's car industry is about to fund the whole of the EU for years to come just from the fines they'll be hit with. Yeah right... fetch the pop-corn and watch what happens.

2
11
Bronze badge

"The Audi A6 has more than 100 embedded processors in its frame"

That might seem alarming to someone that doesn't understand modern automotive networks. But it's quite reasonable.

Many of those 'processors' are microcontrollers doing mundane things such as monitoring buttons and sending a network packet to get others to turn on lights. Without these the wiring harness would be huge and unreliable. Some are doing more exciting things, like analyzing motion to decide if that last movement was a pothole or an impact, and then communicating over dedicated wires with a microcontroller that fires airbags. You certainly wouldn't want to "simplify" but putting those functions on the same processor.

But back to the main story, which I'll summarize: "Waze and others have completely changed traffic monitoring and awareness. We had every advantage, but didn't do it. So we are doing a press release telling everyone how much better we could do it, had we done it when it would have been innovative. But we are really going to get right on it, real soon now, so nobody else should even try."

18
0
Silver badge

Odd article. It was one direct quote from a press release, no link to the original, followed by some error-strewn extrapolation from AO.

2
0
Silver badge

Odd? Par for the course. For an AO article.

5
0

This post has been deleted by its author

Silver badge

"Auto makers keep the CAN bus locked down"

WHAT? No, they don't! It's easily accessible through the required OBD-II port somewhere near the steering wheel, and has absolutely no security on it. A dongle to access it and repeat it over Bluetooth is $10. I have one to scrape the range-remaining on my electric motorcycle and display it on an Android map.

12
1
Silver badge

Re: "Auto makers keep the CAN bus locked down"

DO they mean "locked down [from the stereo etc]"? Though their application seems faulty if reports of hacking through stereo/bluetooth hands free is anything to go by.

2
0

Re: "Auto makers keep the CAN bus locked down"

Big difference between access and and owner willing to violate programming. Even lackluster GM has implemented code that tracks the version and update time stamp so they can deny warranty work. Letting some software company root your car so you can void your warranty [and possibly and mfg liability] is not going to be very popular.

2
0

Re: "Auto makers keep the CAN bus locked down"

it's security by obscurity. The proprietary codes that car makers use are usually made available for a huge fee and an onerous licence.

The codes you know are the standard ones.

1
0

Re: "Auto makers keep the CAN bus locked down"

Regarding "codes": That's true. I personally work on SAE J1939 networks, but know next-to-nothing of LIN (General Motors?), FlexRay (Ford?), etc.

As for the German connection: it's not JUST automakers:

- Bosch AG: created CAN standard

- Vector: makers of popular bus analysis software (CANoe, CANalyzer) and adapters (including standalone loggers, automated test equipment, etc.)

But money can defeat obscurity. I'm sure I can buy the right "database" files (.dbc) from Vector for other bus types; they usually provide them depending on the add-on packages you buy for CANoe/CANalyzer, such as the J1939 toolkit which comes with J1939.dbc, current to the SAE spec at time of purchase.

0
0
Bronze badge
FAIL

Re: "Auto makers keep the CAN bus locked down"

"OBD-II - has absolutely no security on it"

Having developed automotive diagnostic software for Honda, JLR and Renault, I can categorically state that statement is RUBBISH.

You can access the messages on the CAN and other buses the manufactures let you or don't secure very well. But you can't access everything through the OBD2 unless you have the manufacturers proprietary diagnostic OBD2 connector and their software, that requires a certificate and access to their central servers to authenticate. There is a wealth of information only available to the OEM dealers that not even 3rd party certified dealer software can access.

I can get my cars range on my iOS app from Mercedes, but I can't see all the diagnostic codes and status of every ECU.

1
1

Re: "Auto makers keep the CAN bus locked down"

I had a car which was stolen from my driveway in less than 60 seconds (immobiliser disabled and new key programmed using induction hoop) by car thieves - using an easily available, push-button unit, all via the OBD2 port. This is an increasingly common occurrence.

So, while esoteric info like cylinder duty cycles, spark plug misfire counts or number of potholes driven over may be withheld from all except the dealer, the actually important command sets seem freely available for all to (mis)use with little or no security whatsoever.

2
0
Bronze badge

Re: "Auto makers keep the CAN bus locked down"

@JamesPond, Yes and No, being on the other side and actually having implemented the diagnostics on said components that you talk to, the level of security is only appropriate to the task, e.g. reprogramming, but many of the features that a malicious actor would be interested in are not always protected or at least sufficiently protected.

Much of the server based security setups are just more obscurity, the algorithms used are generally still primitive and easily cracked.

The databus itself is not encrypted or authenticated (currently), therefore the biggest weakness is either Spoofing or Denial Of Service.

With many modern vehicles having level 2+ autonomy this becomes even more of a risk as many of these features operate over the CAN bus.

The industry is changing and some of the next generation vehicles will have improvements, but there is still a long way to go.

0
0
Bronze badge

Car industry != Music Industry

"Knocking over the car cartels is proving to be much harder than skittling the music industry."

Cars have to pass certain standards to be released. (Unfortunately) Music does not.

23
0
Silver badge

Re: Car industry != Music Industry

...and anyone can "publish" digital music. It's a bit harder and a lot more expensive to "publish" cars :-)

0
0
Bronze badge

I fear we are overestimating the effect of one person out of 15 driving a German car on the 101 compared to a greater number of smartphones talking to centralized traffic apps using assisted GPS.

Yesterday, got stuck on the 101 towards SFO behind something with Florida plates blocking the carpool lane (only cars in front of them were cutting them off), 5 miles under the speed limit.

Brake lights were constant.

I'm not sure that's a good idea.

1
1
Silver badge
Mushroom

"behind something with Florida plates blocking the carpool lane"

Florida drivers, WORST in America. I lived in Florida for a while... [it's like they think everyone has enough time to waste, just like they do, and they don't need to get out of the way nor stay in the slow lane]

So yeah there's this thing called an ACCELERATOR that needs to be pressed to the floor if there's a large gap between you and the vehicle directly in front of you, or the light just turned green and you're driving the front car, etc.. i.e. "STEP ON IT or GET OUT OF THE DAMNED WAY!"

it's a pet peeve of mine. slowpokes and those who stop excessively long to "wave the other guy to take THEIR turn", i.e. self-righteous PRICKS, who don't give a rat's ass that they're an OBSTACLE to the rest of the world [they're too busy feeling SMUG about their "courtesy" to the people in FRONT of them], where 'taking your turn' and 'keeping up' would be the MOST courteous things to do, in reality...

(fortunately I've been able to work from a home office, most of the time. commuting drives what little sanity I have left COMPLETELY OUT OF MY HEAD)

7
11
Silver badge
FAIL

"it's a pet peeve of mine. slowpokes and those who stop excessively long to "wave the other guy to take THEIR turn", i.e. self-righteous PRICKS, who don't give a rat's ass that they're an OBSTACLE to the rest of the world"

So you don't recognize yourself as a self-righteous prick, who doesn't give a rat's ass about anyone else on the road? Everyone should get out of your way, eh? Tell another one! It's called many things: being polite. Paying it forward (but you only pay being a dickhead forward). Altruism. Your "ME FIRST SCREW YOU" attitude is what makes traffic a nightmare in the first place.

It's an interesting case study to see someone enraged because others are helping each other out. What kind of asshat thinks people being nice to strangers makes them self-righteous pricks?

1
2
Silver badge

How is this something smartphones can't do?

Phones have accelerometers that can tell if they are slowing down or stopped, and a GPS to know where they are. If they send that info home then your phone can quickly learn there's a traffic jam a few miles ahead and recommend a detour if necessary.

The only problem is that you don't want the GPS running all the time in your phone sucking down the battery, so not all the phones will be reporting it...

2
0
Anonymous Coward

Re: How is this something smartphones can't do?

A GPS receiver by itself doesn't use much power. It's the phone's constant use of its 3G/4G modem to report all that data back to Google or whoever that truly saps the phone battery. If you have several apps installed that are all doing the same thing, that makes it worse.

2
0

GPS on phones is extremely inaccurate. GPS on cars could be better, but that's not clear.

The car has a lot more information than a phone though - and much less of it is extrapolated.

Odometer - which is federally monitored to be accurate - rather than accelerometer value x time x fudge factor.

Speedometer vs. GPS change x time elapsed x fudge factor.

Cars with ultrasonic parking systems or the newer side blind spot monitors can directly detect cars close by, and likely can tell if the shadows are the same car (as opposed to a sequence of cars).

Waze works because of its 10,000 unpaid mappers constantly correcting the crap routes generated by GPS - but it isn't ever going to get better because the quality of incoming data is just not going to improve. For example, which lanes in a given road are better vs. the 'average'?

There's also things like: are you in a car pool lane or not (and whether the car in question is eligible).

New fancy cars actually can tell how many people are in them...

Only those people who don't actually deal with real world data directly think that which comes out of the cell phone sensors are accurate.

6
2
Bronze badge

"GPS on phones is extremely inaccurate. GPS on cars could be better, but that's not clear."

GPS on cars is crap, especially driving downtown in a large city.

E911 relies heavily on Qualcomm's Assisted GPS (Snaptrack) solution. Add Apple's knowledge of nearby WiFi SSID's and you've got something useful and accurate as a pedestrian.

2
0
Silver badge

GPS could be more accurate if companies wanted it to be. The main limitation is a more accurate time source. There are chip scale atomic clocks: a couple years ago when Apple bought a small California fab from Maxim used for making MEMS and similar devices, some speculated they'd use it to develop custom devices to make iPhone's positioning a lot more accurate.

An atomic clock combined with higher precision MEMS devices able to manage accurate dead reckoning travel are what would be needed. If they made a quarter billion such devices a year they could probably make them pretty cheap - maybe not quite as cheap as the MEMS they buy now (from NXP I think?) but making them themselves would give them an advantage very difficult for others to match.

Anyway, phone based GPS and MEMS may not be as accurate the sensors in a car that know its exact speed but it is more than good enough to tell whether a car has hit a traffic jam. You don't need to know where you are to the foot, and traffic jams are indicated by a prolonged slowdown, not a blip. If it senses slowing and other phones around it sense the same thing, what other conclusion could there be?

I use a GPS based app on my iPhone to track my bike, and it works quite well. Granted I'm never traveling more than about 35 mph, and averaging 15 mph, so much slower than a car, but it does a pretty good job of tracking speed and even elevation pretty well - I see pretty consistent results of similar speeds on similar hills, similar elevations indicated. WIthin 10% or so, which is plenty accurate for figuring out a car has hit a traffic jam.

2
0
Silver badge

GPS satellites transmit the time signal from their own atomic clocks, that's how it works: so why do you need an "atomic clock" in the receiver?

3
0
Silver badge

The GPS satellites transmit the time help clients set the time. If the clients have their own highly accurate time source GPS signals are much more accurate.

The satellites have the time but there's a speed of light delay for it to reach the phone. If you know exactly how far the phone is from the satellite then you can know the exact time at the phone, but that's what you're trying to figure out which makes it less accurate than it could be.

0
0
Silver badge

It's why they have several satellites, each transmitting their location and current time... a cheap "atomic clock" would be cool to own, I guess, but it isn't necessary. And they aren't transportable (if you don't count shooting them round and round the world on satellites).

I do have a primary household clock that receives radio time signals, so I never have to set it - even for daylight saving. I'm in Scotland: first I bought one from German-owned supermarket Lidl. It turned out to be tuned to radio signals from Frankfurt (the other Frankfurt). It actually sometimes worked - promised range was 1000 km and we're about that far from Frankfurt (that one). But back to the shop it went, and probably back to Germany.

Now I only have to think about Scotland's independence, if it comes.

0
0
Silver badge
Stop

Yes, car manufacturers have way more sensors they can get telemetry from, but...

1) I REALLY don't want my car beaming info back to the mothership. Especially when I don't know what the mothership is beaming back, or what others can beam back while impersonating or subverting the mothership.

2) This might not be the most politically wise time for the German auto industry to further disseminate the idea that they are colluding with eachother on hitherto unknown levels.

7
0
Anonymous Coward

Re: Cars talking to the Mothership

What you don't know is who the Mothership is selling that data to.

There you are stuck in the inevitable car park on the M25/M1/M6 whatever and suddenly a roadside billboard flashes up an advert with your name on it.

You quickly check your phone (illegal) and find that both WiFi and Data are turned off.

Then you are left with the horrible truth that now your car is slurping your life and selling it to the highest bidder.

Sorry, that is not a world I want to live in but there is sod all one person can do about it.

If I was in the USA I'd probably take my .38 from the glovebox and give the billboard a full clip.

2
0
Bronze badge

Re: Yes, car manufacturers have way more sensors they can get telemetry from, but...

"This might not be the most politically wise time for the German auto industry to further disseminate the idea that they are colluding with eachother on hitherto unknown levels."

Unknown levels? Mercedes, Audi and BMW hardly hid their $3bn investment in 2015.

Tech

AUG 3, 2015 @ 10:59 AM 3,687 12

Nokia Sells HERE To German Automakers For $3 Billion

https://www.forbes.com/sites/rexsantus/2015/08/03/nokia-sells-here-to-german-automakers-for-3-billion/#6a0b65be6c47

0
0
Silver badge

Re: Cars talking to the Mothership

"Then you are left with the horrible truth that now your car is slurping your life and selling it to the highest bidder."

With Police budget cuts, how long before the ANPR data is sold "live"? Then you don't even need your car to do the dirty on you.

0
0

That hacking graphic...

*Scratching Head* - Seems to me you'd be more concerned about that Rx line than the Tx if you wanted to stop hackers.

Not that I'd feel any particular joy about the Tx line going out to the interwebs but then, that is how you gather data for a project like this.

10
3
Bronze badge

Re: That hacking graphic...

I was thinking the same thing.

Block RX to prevent hacking - injecting malicious traffic (pun intended) - into the CANbus, block TX to prevent privacy/data leakage.

7
1
Silver badge

Re: That hacking graphic...

That doesn't mean companies have a God-Given Right to gather that data "for a project like this", and I certainly wouldn't consent to my data ever reaching them at all if I had any say in the matter.

0
0

Re: That hacking graphic...

That's a "CAN controller" chip. You put data on Tx to send it ON the CAN bus; read the CAN data with the Rx line. (Note the "CANH" and "CANL" pins: that's the CAN bus high and low lines.)

If this chip were already installed in some device in the car, you could clip Rx, but then it would lose ALL connection to the CAN bus and be useless. You could also clip Tx to block data TO the CAN bus, which would result in OTHER devices failing due to lack of data.

If this chip were part of a diagnostic tool (OBD, etc.), we'd want to use Rx to read the car's bus, but keep Tx limited to diagnostic-required messages (such as requests for special data from onboard devices). It would be up to the diagnostic tool to keep the data sandboxed and not broadcast elsewhere.

As I mentioned in another post, I don't know about automakers, but regarding SAE J1939: I'm okay if my brake swtich, wheel/vehicle speed, transmission gear, throttle percent, engine torque, fuel economy and engine run hours are broadcast. Have another car read it and "slipstream" behind me as if I'm driving a train. The real issue is when this telemetry is combined with GPS for actual location; NOT okay with that.

1
0
Bronze badge

Re: That hacking graphic...

"If this chip were part of a diagnostic tool (OBD, etc.), we'd want to use Rx to read the car's bus, but keep Tx limited to diagnostic-required messages (such as requests for special data from onboard devices). It would be up to the diagnostic tool to keep the data sandboxed and not broadcast elsewhere."

You can put a CAN gateway between the Diagnostic port and the main vehicle bus, but many don't due to cost.

0
0
Bronze badge

Publicise details of what's recorded

It's about time the public learnt just what details our cars are recording about us and our journeys.

Most (if not all) cars from ~2000 onwards are data logging details of our journeys, like an automotive black box. Accident investigators can replay details from moments before an accident occurs and ascertain what you've been up to.

It's about time it was more publicised.

I can see Waze now integrating with obd apps to gain this same brake data and enhance their own service, maybe offer extra points or graphics for enhanced output. Putting even more data in googles hands.

0
0
Bronze badge
Coat

Re: Publicise details of what's recorded

@Blotto

"It's about time the public learnt just what details our cars are recording about us and our journeys"

Really, to what purpose?

I think it is pretty well publicised that everyone's mobile phone can be tracked by whichever security agency you care to mention. But do many people care, do they turn off their wifi and bluetooth that can be sniffed/tracked/hacked, do they use a VPN when on McDonalds free wifi? Nope, there is plenty of publicity out there about these security flaws, but the majority just do not seem to care.

Others have said they don't want their car to report location etc. back to the mothership. Do you all turn off your phones or the GPS or location services when you get in the car? Bet you don't so any app could be sending your location to anywhere in the world.

0
0

SDC?

The idea that the auto industry was ripe for new entrants, based on the complacent observation that "software is eating the world", has not got the newcomers very far.

Oh, so making a software-defined car is proving to be harder than they thought? How strange.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing