back to article Win a free new car – just show Intel how you'd hack your existing one

Intel is getting serious – dead serious, apparently – about car hacking. And nothing says serious like a prize giveaway. If you join Chipzilla's new Automotive Security Review Board and make all the right noises, you can win a free new ride. The chip-baking giant revealed the review board on Monday, and is inviting seasoned …

  1. 45RPM Silver badge

    My existing cars are 51 and 48 years old. To hack them I'd need to use an axe. Not gonna though. It might scratch the paint.

  2. JetSetJim
    Holmes

    Simples

    An air gap between all vehicular control systems and any communications devices/entertainment systems, with no shared backplane and other daftness.

    Now where's my car?

    1. Mark 85

      Re: Simples

      That's obvious but they don' t want the fix... Insecurity is built in and like certain OS's will stay that way. I am wondering if this insecurity is actually by design and the influence of some agency... It has certain potential uses by them.

    2. G.Y.

      Re: Simples

      Exception: over-the-air updates APPROVED BY DRIVER (preferably using a hardware switch)

      1. JetSetJim

        Re: Simples

        No, integrate a USB stick in with the car key if you must admit to this practice. Owner downloads at home, plugs it in *with the key also*, and that enables an update - although I'd prefer manufacturers to do this at dealerships as the only real reason to do an update is to correct shoddy/faulty code.

  3. RedneckMother

    oh my $diety...

    What the FUCK?

    It's a goddamn CAR! Who the gives a shit about anything other than driving it from Point A to Point B?

    Forget all the bells and whistles, shut the fuck up, and DRIVE!

  4. drunk.smile

    This sounds like the basis for an El Reg Special Projects Bureau competition...

    Reg readers must submit their proposals (ideally with diagrams or working demonstrations) on how they would 'hack' their car & take control of the systems... the best examples win... a mug.

    Car in question must not be a new model variety, but given that this is the Reg forum it's likely cars will be older than 1995 anyway.

    Bonus points for use of Paris Hilton in 'hack'.

  5. Ru'

    "Essentially, bringing the soaraway success of PC security to the dashboard and gas pedal."

    Nice!

  6. toughluck

    Where do I start?

    1. By default: if the car does not have a key inserted, prevent any and all communication with world+dog. When overridden at the request of the owner, the only communication is with the external module, and absolutely no messing on CAN bus takes place, period.

    2. Ability for the user to turn off physical communication at any time.

    3. Since an air gap is not possible (it would require two separate alternators, two separate batteries and you may want the satnav to actually provide output on a car display), any communication to the car from the connected box must be approved by the user.

    4. No OTA updates. A firmware upgrade must by done by one of the following:

    - Downloading a digitally signed copy for your car, identified by the VIN, and loaded to a USB stick. There's no excuse for providing generic and unsigned firmware that can be reverse-engineered and made to work on any car.

    - Mailing the new firmware version on a USB stick to your home address or having it ready for pick-up at your local dealership.

    - Putting the USB stick to a clearly marked USB slot usable only for the purposes of a firmware upgrade. The slot must accept only this file and must reject anything that is not proper digitally-signed firmware. The car must signal that it's ready to load new firmware and ask you to accept it.

    5. Nuke CarPlay from orbit. It's the only way to be sure. There's absolutely no viable usage scenario for CarPlay for any driver, it offers absolutely no benefit to anyone. Mirroring the phone screen, who the fuck thought that would be a good idea, FFS? Oh, Apple. Got it now.

    Just the basics, really. With the number of cars on the road ever increasing, the last thing anybody needs it to be entertained by the car.

    1. annodomini2
      Boffin

      Re: Where do I start?

      1. Most cars now have keyless entry, nowhere to insert a key. CAN comms occurs post shutdown for various tasks, although generally not for very long.

      2. Actually a serious idea, but many manufacturers will be reluctant to implement:

      a: They would have to add another switch somewhere = cost, Automotive OEMs if they can

      save 2p on a car they will.

      b: Dealers won't like the 5 calls a day when some muppet's Sat nav won't work.

      3. Total airgap will never be possible, but there are mitigations.

      4. USB is a bad idea, they are better reprogrammed directly via the CANbus in the Diagnostic port.

      5. Marketing will throw the teddies out of the pram.

      The primary weakness is the quality (or lack there of) of encryption used.

  7. Gerry 3

    Bring on the Disconnected Car !

    I just want a totally disconnected car: the only connection with the outside world being a traditional one-way car radio. No spyware, no malware, no inbuilt microphones / cameras, no OnStar, no E-Call, no phoning home to GCHQ/NSA.

    We all know how software is inherently insecure. To prevent your PC crashing twice a day you need antivirus software, Windows Update, Windows Defender, umpteen other things... and then you cross your fingers. The only way to be sure your car won't have a real crash is not to have any connectivity in the first place.

    Call me a Luddite, but there must be quite a big market waiting to be tapped.

  8. toughluck

    I'd add a software code branch to cheat on MOT tests

    Oh, prior art, you say. Sorry.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like